Manager, Security Control Assessment

At IAG, we live and work by our purpose to make your world a safer place. We are motivated by a unique culture that celebrates honesty, creativity, empathy, equity and collaboration. We call it the IAG way, and it means we all share a 'ready for anything' mindset that sets the tone for positive actions and positive outcomes. We put heart into everything we do which guides us to create amazing things for our customers, our people and our communities.

As the largest general insurance group in Australia and New Zealand, we own some of the region's most trusted brands, including NRMA Insurance, CGU, SGIO, SGIC and WFI. We are ready for anything.

• Permanent Opportunity
• Sydney or Melbourne CBD
• Manager, Security Control Assessment (Group Risk - Cyber & Protective Services)
• The Role

Help protect IAG's digital and information assets by managing a program of work to continuously assess the control effectiveness of our systems and third-party business and technology service providers.

• Key Responsibilities
• Design, manage and operate control assurance processes that test the design and operating effectiveness of controls operated by IAG and its third parties.
• Oversee a program of work to continuously check that IAG is meeting its PCI-DSS obligations, including the management of the annual report on compliance assessment by an external Qualified Security Assessor.
• Manage and operate IAG's third party security assessment program, that is designed to ensure that IAG's supply chain partners have adequate security controls in place to protect IAG's information assets.
• Produce reports and provide analytics on the outcomes of control assurance activities to demonstrate how control testing positively affects IAG's overall risk profile as well as to identify patterns indicating significant controls gaps or weaknesses.
• Identify practical improvements to processes that would improve agility and allow greater utilisation of self-service capabilities within the Security Control Assessment team.
• Skills & Experience
• Proven ability to develop and deliver programs of work to continuously execute security control testing on IT systems and third parties.
• Proven ability to create security reports and communicate results to executive management.
• Proven experience managing a PCI DSS compliance program.
• Proven experience in leading and / or influencing information security professionals.
• Cross-cultural skills with strong influencing and negotiation experience.
• Thorough understanding of security frameworks such as NIST CSF, NIST SP 800-53, CSA CCM, ISO 27001 and PCI-DSS.
• Relevant professional memberships and certifications desirable :
• CISA, CISSP, CGEIT and CRISC qualifications
• ITIL and COBIT
• Ready for anything? Let's talk.

IAG rewards and recognises its people with generous benefits, career development opportunities and real work-life balance. Employees also enjoy 13% superannuation, up to 50% insurance discounts, flexible work and leave options, generous parental leave and return to work programs, various corporate partner discounts and a people-focused culture that celebrates achievements big and small.

IAG has committed to the reconciliation movement in Australia for First Nations people and focus on providing a safe and supportive work environment for all our employees. More information on our Reconciliation Action Plan can be found on our company website.

SYDN1 #MELB1