Security Assurance Manager

Make a Home at Taylor Wimpey

At Taylor Wimpey, we don’t just build houses; we build futures. Not just for the people who live in our homes, but for our own people too. When we bring our collective skills together, we make amazing things happen - for ourselves, for each other and for our customers. There are incredible opportunities on your doorstep, and we want you to discover them all. 

With 22 regional offices across the UK and operations in Spain, we bring our vision to life locally. Here, you’ll be given the tools to develop your skills and the freedom to explore new avenues. Share your ideas, experience a no-blame culture, and shape your work around your life.

Every single one of us plays a vital role in bringing to life incredible places and spaces, where anyone can thrive. We believe in making a positive difference to our planet, as well as to people. 

Home to work that matters, and you can be a part of it.

Job Summary

• This role is a hybrid role of
  • Undertaking security assurance on key IT systems, identifying any security weaknesses or gaps
  • Managing, supporting and developing a team to undertake this technical assurance on new and existing IT systems
  • Being the integral connection point for audit investigations into Security and IT controls
    Running our risk management service, and ensuring actions are undertaken in a timely manner
  • Preparing and presenting reports on the security (risk ) environment status within Taylor Wimpey.
    Ensuring compliance with Taylor Wimpey security standards
  • Providing oversight on the quality of submissions from your team addressing many of the responsibilities below
  • Managing competing demands for priorities and resources within Taylor Wimpey
• The Security Assurance Manager is an experienced role within Taylor Wimpey IT, responsible for ensuring that security controls, measures, and practices are effectively designed, implemented, and operating as intended.
• This role will be accountable for collating and assessing evidence of security control effectiveness across Taylor Wimpey projects and live services and recommending security control improvement.
• This role will lead cyber security control testing activities, including scoping, facilitation of testing, and reporting of findings.
• This role will be responsible for risk assessing and ensuring the security of all new IT projects and services delivered onto the Taylor Wimpey infrastructure and the regular risk assessment and assurance of existing services on a timescale commensurate with the importance of the service to the Taylor Wimpey organisation.
• Ensuring the annual external financial audit of IT Systems is undertaken successfully by the appointed auditors, all required information is received, and any findings are promptly investigated and actioned.

Primary Responsibilities

Audit Controls Management: Managing any internal or external IT controls audits, ensuring the required information is available, collected and presented in a suitable manner.

Risk Profile Communication: Preparing and presenting papers and presentations explaining the risk profile either of Taylor Wimpey overall, or of individual projects

• Presenting risk statements for consideration by senior stakeholders (technical and non technical) which contain all the information required to make an informed decision on whether to risk accept or not

Cyber Security Assurance: Delivering independent, risk-based reviews and assessments of system records and activities to check the adequacy and effectiveness of security controls applied to specific projects and systems. Identifying security deficiencies and ensuring compliance with security policies and procedures. Activities may include — but are not limited to:

• Planning, organising, and conducting regular risk, and security assessment programmes.
• Ensuring new projects and services are assessed against current Taylor Wimpey security controls.
• Reviewing new and existing contracts against TW security requirements
• Definition and validation of scope and objectives of regular risk, audit and security assessment activities ensuring alignment with Taylor Wimpey objectives and compliance standards.
• Determining appropriate methods of investigation to achieve the regular risk and security assessment objectives.
• Developing and maintaining metrics to track and report on key security indicators related to control implementation in projects and existing services.
• Examining the configuration settings of systems, networks, and applications in line with security best practices
• Assessing the security practices and policies of third-party vendors and partners within the Taylor Wimpey ecosystem
• Performing technical assessment and evaluation to determine control effectiveness
• Ensuring all security standards and policies are followed, tracking them to detect and prevent cyberattacks.
• Ensuring security architectures implemented fully, and deliver all the security requirements defined within the Taylor Wimpey ISMS and best practices.
• Tracking and reporting on the performance and progress of IT security initiatives, using metrics, dashboards, scorecards, etc.
• Ensuring proper procedures are in place for defining and reviewing security access rights and privileges.
• Manage the risk identification and tracking process.
• Monitoring internal and external policy compliance
• Monitoring regulation compliance, especially if dealing with sensitive data or digital information.
• Monitoring internal and external policy compliance, ensuring that both vendors and employees follow the cybersecurity risk management policies.

• Risks Assessment: Identifying and classifying security risks in networks, systems and applications and mitigating or eliminating their impact. Activities may include — but are not limited to:

• Cataloguing and classifying digital information and technology resources (assets and capabilities) to support vulnerability assessment.
• Assigning quantifiable value, ranking order and importance to information and technology resources
• Identifying and analysing the vulnerabilities of each resource — manually or using automated tools and information sources
• Prioritising, scoring and ranking the risk associated with vulnerabilities.
• Executing Business impact assessments to determine the risk exposure within the organisation.

Experience, Qualifications, Technical Requirements

• Demonstrable experience of working in a cybersecurity management role
• Proven track record in leading and managing security assurance programs within complex organisational environments
• Deep technical understanding of security architecture
• Proficiency in security assessment tools and methodologies
• In-depth knowledge of security frameworks, standards, and regulations
• Familiarity with deploying and operating in a 3LOD model, ability to recommend how this needs to be adhered to and improved upon to adapt to changing environmental needs
• Extensive experience with security testing tools and including automated technologies
  Familiarity with cloud security concepts and solutions
  Experience in developing and implementing security policies and procedures
• Ability to assess complex security issues, developing metrics and providing effective solutions
• Understanding of key business and IT trends which may influence future strategies

What we offer at Taylor Wimpey

At Taylor Wimpey, we are committed to enabling you to make a home with us. Our work is not just about building homes; it's about doing work that matters, making a positive impact on the lives of our customers and the communities we serve.

We enjoy many benefits as standard, including excellent retail discounts, company funded life insurance and private healthcare, and access to a quality pension scheme with company contributions.  We also offer our discounted house purchase scheme, car leasing scheme and share plans, as well as the opportunity to tailor your benefit package to suit your needs with options such as buying extra annual leave or adding dependants to your benefit cover.  Our total reward offer works perfectly with our culture, we are a welcoming community where everyone can feel at home.    

We create a home to your future by providing opportunities for growth and development. We offer industry leading professional training and development, which supports you to unlock your potential and fulfil your career and personal goals in a variety of opportunities and environments. We look to develop our people in the skills and areas they are most interested in, leveraging your qualities and appreciating your unique competencies, skills and expertise that, when we come together, make this a great place to work.

If you want to do work that matters and build a career that lasts, make a home at Taylor Wimpey. 

Inclusivity Statement

As a proud Disability Confident Employer, Taylor Wimpey is committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us during the application process that they have a disability and meet the minimum requirements for the role. Join us in building a truly diverse and empowered team.

Internal Applicants:

Please inform your line manager if you wish to apply for this role.