Senior ML Security Engineer developing security tools and frameworks for ML workflows. Ensuring proactive vulnerability detection and compliance with ML security standards at NXP.
About the role
- Cybersecurity Governance Analyst supporting Aviva's Cybersecurity program. Leading compliance activities and stakeholder collaboration in a fast-paced environment.
Responsibilities
- Be the subject matter expert at a high level and respond to client/regulatory requests regarding Aviva’s Cybersecurity program.
- Develop and enhance Key Risk Indicators and Key Performance Indicators in support of cybersecurity risk management initiatives and executive reporting.
- Perform annual cybersecurity controls reviews and manage issues and actions for the Cybersecurity department.
- Perform periodic NIST CSF self-assessments and support the development and implementation of remediation activities to resolve control deficiencies.
- Support compliance with industry frameworks and standards such as PCI-DSS and ISO27001.
- Work with the security education team to facilitate the execution and reporting for the phishing program and manage security awareness training assignments for our colleagues.
- Generate and review content regularly for our Security Education and Awareness program.
- Coordinate and lead cybersecurity awareness campaigns.
- Review and update Security Policies annually, as well as draft new policies and standards where required.
- Manage Aviva’s GRC solution overall and implement enhancements for Cybersecurity Governance workflow.
- Ensure timely completion of assigned tasks and reporting schedules.
- Promote effective security practices, technologies, and processes with stakeholder groups.
- Address requests from IT and business users on security related matters and take ownership of the same to conclusion and satisfaction.
Requirements
- 3-5 years of experience in cybersecurity governance programs and processes, risk management and reporting.
- Good knowledge of cybersecurity and technology concepts.
- Knowledge and practical experience in applying security standards and frameworks (e.g. NIST, ISF, ISO, PCI DSS).
- Strong written and verbal communication skills; ability to communicate cybersecurity and risk-related concepts to technical and non-technical audiences at various levels.
- Demonstrated ability to establish effective working relationships and collaborative work approaches with both internal and external contacts.
- Strong attention to detail and problem-solving skills.
- Experience with using GRC platforms and data platforms (e.g. Archer, IBM OpenPages, Qlik).
- Good understanding of the insurance or banking industries.
- University degree or college diploma in Computer Science, Information Security Management, Cybersecurity Risk Management, or equivalent professional experience within Cybersecurity.
- Professional designation relating to cybersecurity or IT risk (e.g. CISSP, CISA, CISM, CCSP/CCSK, GIAC, CompTIA Security+) is an asset.
Benefits
- Compelling rewards package including base compensation, eligibility for annual bonus, retirement savings, share plan, health benefits, personal wellness, and volunteer opportunities.
- Outstanding Career Development opportunities.
- We’ll support your professional development education.
- Competitive vacation package with the option to purchase 5 extra days off per year.
- Employee driven programs focused on gender, LGBTQ+, origins, diversity, and inclusion.
- Corporate wellness programs to support our employees’ physical and mental health.
- Hybrid flexible work model.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Lead a multidisciplinary team at NXP focused on the proactive identification and analysis of security vulnerabilities in semiconductor products. Drive innovative approaches to security testing and team management.
Security Architect designing security architectures for embedded products at NXP. Collaborating with teams on threat assessments and managing security requirements in IoT/Automotive domains.
Security Software Engineer at Pinterest developing IAM infrastructure and tools for identity and authorization. Collaborating on mission - critical features in a team - focused environment.
Senior Network and Security Information Analyst defining and implementing network and information security at Airbus. Managing security assets and compliance across the organization while documenting and reporting vulnerabilities.
Associate Consultant for Microsoft Security focused on supporting the delivery of security solutions. Collaborate with experienced consultants and learn in a remote - first environment with occasional onsite work.
Software Engineering Intern at Red Hat working on the security of software production pipelines. Contributing to projects involving AI tools and secure development practices in Brno, Czech Republic.
Technical support intern assisting clients and monitoring backup systems. Involves client interaction, system maintenance, and adherence to legal standards.
GRC Lead managing security compliance and risk governance in Egypt. Driving initiatives for ISO 27001 alignment and overseeing security audits and policies.
Cybersecurity Engineer responsible for safeguarding information systems and developing cyber security capabilities. Involves project management and collaboration through all phases of software development lifecycle.