Information Security Officer

Job Description: Information Security Officer Location: UK Full-Time - Remote Velonetic – Who are we? Velonetic represents the joint ventures between DXC Technology, the International Underwriting Association (IUA), and Lloyd’s of London. Previously referred to as the London Market Joint Ventures, we have been operating for over 20 years in the London Market (Lloyd's and Company), in both insurance and reinsurance business. Processing over £117 billion worth of premium and claims transactions today, we are building a new digital platform and services that will enable our customers to move transactions and money through the processing lifecycle with greater efficiency and speed, releasing time to drive innovation and focus on higher value activities. As the Information Security Officer, you will be the Security point of contact for IT operations, responsible for the supporting and communicating the importance of compliance and governance of the security strategy, roadmap and policies that are in alignment with the organization’s overall security objectives. Responsibilities Identify, assess, and prioritize security vulnerabilities, ensuring effective remediation plans are in place and executed. Lead investigations into information security breaches, ensuring proper reporting and communication with senior management during incidents. Work with the Security Incident Response Coordination Centre (SIRCC) to address and mitigate security incidents, ensuring proportionate remediation of information breaches. Work closely with the CISO to ensure the security strategy aligns with broader organisational objectives, whilst also meeting information privacy and protection regulations (e.g., GDPR). Monitor and review security policies, standards, and procedures focused on protecting information across all environments, ensuring alignment with business and IT priorities. Own and manage all information security risks, performing risk assessments specific to storage, processing, and transfer. Conduct periodic audits of information security controls to ensure compliance with internal policies and external regulations. Ensure that information security requirements are incorporated into all phases of technology systems, from design through deployment. Coordinate with third-party security vendors to conduct vulnerability assessments, penetration tests, and security audits focused on information protection. Stay current on emerging information security trends, threats, and technologies, recommending updates to security measures as needed. Establish and maintain a strong information security posture, continuously monitoring the effectiveness of controls and processes. Regularly evaluate the organization’s information security safeguards, ensuring they provide robust protection against evolving threats and information-related risks. Monitor software development teams to ensure secure information handling throughout the software development lifecycle (SDLC), ensuring security is embedded processing systems and applications Qualifications & Experience Ideally, a degree in computer science, Information Systems, Engineering, or a related field. Holding any of the following qualifications would be an added advantage: CISSP, CCSP, GIAC Cloud security certifications. Proven experience in a security management capacity, particularly in information-rich industries (e.g., Software, Financial Services). Proven track record of securing cloud-based services, ensuring scalability, performance, and reliability. Expertise in a wide range of security domains: access controls, network security, cloud security, application security, secure software design, security testing, and vulnerability remediation, and incident management. Experience in cloud computing architectures, common technologies (e.g., AWS security tools). Good understanding of NIST security controls frameworks, risk assessment, and risk management. Familiarity with service control frameworks such as SOC 1 and 2. Knowledge of threat modelling and risk management practices. Strong project management skills with experience leading cross-functional teams in large, complex security projects. Investment In Training and Development We offer a comprehensive range of training and career development opportunities, a structured induction programme, tailored job training as well as mentoring and support for relevant sponsored professional qualifications. We’re developing an environment where people can grow and harness their careers and skills to be the best that they can be to focus on the long term. Our Culture Here at Velonetic we support with care and compassion. We are constantly evolving our initiatives around equality, diversity, and inclusion to ensure that everyone feels equally involved and supported in the workplace no matter of who they are or what they do. We are proud of the culture we are creating to ensure that our commitment is ongoing and have a diverse mix of employees working within an inclusive environment and culture to create a high performing workforce led by talented leaders. We aspire to be recognised for our innovative and modern thinking approach. Employee Benefits As part of our competitive remuneration package, flexible benefits are available. There isan option to “flex up and down” on specific benefits, for example buy or sell annual leave, Private Medical Benefit, Dental and Travel Insurance. You will also have access to ‘Perks at Work’, a discount store to purchase gift cards at reduced rates and get discounts on holidays, restaurants, activities, groceries and more. DXC Recruitment Team will be engaging with all candidate applications on behalf of Velonetic. DXC will be managing the recruitment throughout the onboarding process. At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive. Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here. #J-18808-Ljbffr