Cyber Security Specialist
Location: Norwich/Bristol (Hybrid)
Contract Duration: 9 Months Initially
Inside IR35:
This is a contract opportunity for someone who has strong hands-on information security experience and can quickly integrate into a complex enterprise environment. This role would suit an experienced security professional who is comfortable providing pragmatic security guidance, working autonomously, and partnering with both technical and business stakeholders to manage security risks across operational IT services.
The successful contractor will be able to hit the ground running, supporting security operations, risk management activities, security assurance, and continuous improvement initiatives across a range of platforms and services. They will be confident operating at pace, influencing stakeholders, and delivering outcomes in a dynamic environment.
Key Responsibilities
- Act as the primary security liaison between IT operational teams, platform teams, service owners, and other key stakeholders.
- Provide timely, practical, and risk-based security guidance to support operational, change, and release activities.
- Identify security gaps, vulnerabilities, issues, and risks across IT platforms and services.
- Recommend appropriate risk treatment and remediation actions and track delivery through to completion.
- Support security assurance activities, including penetration testing, compliance assessments, and control effectiveness reviews.
- Participate in regular security governance activities such as log reviews, access reviews, and security monitoring processes.
- Review and challenge security considerations within architectural and technical designs.
- Drive continual improvement in security processes, standards, and operational practices.
- Produce clear security reporting, documentation, and recommendations for both technical and non-technical audiences.
Skills and Experience
- Significant information security experience, ideally 5+ years within complex enterprise environments.
- Strong understanding of modern IT infrastructure and security technologies, including Microsoft Azure and cloud platforms.
- Experience with security technologies such as firewalls, web application firewalls (WAF), and web-based technologies.
- Sound knowledge of secure development principles and industry security standards, including ISO 27001, Cyber Essentials, and related frameworks.
- Experience identifying, assessing, and managing information security risks.
- Ability to assess and critique the security aspects of technical and architectural designs.
- Excellent stakeholder management, communication, and reporting skills.
- Ability to work independently, prioritise effectively, and deliver high-quality outcomes in a fast-paced environment.
- Professional security certifications such as CISSP, CISM, or equivalent practical experience are desirable.
Please ensure that you attach an up-to-date CV to your application.
We flex locations, hours and working patterns to suit our customers, the business and you. Most of our people smart‑work, spending at least 50% of their time in an Aviva office each week.
We’d love you to apply online. If you need a different way to apply, or have questions, please contact me at Katyayani.pathak@aviva.com