Make a Home at Taylor Wimpey
At Taylor Wimpey, we don’t just build houses; we build futures. Not just for the people who live in our homes, but for our own people too. When we bring our collective skills together, we make amazing things happen – for ourselves, for each other and for our customers. There are incredible opportunities on your doorstep, and we want you to discover them all.
With 22 regional offices across the UK and operations in Spain, we bring our vision to life locally. Here, you’ll be given the tools to develop your skills and the freedom to explore new avenues.
Every single one of us plays a vital role in bringing to life incredible places and spaces, where anyone can thrive. We believe in making a positive difference to our planet, as well as to people.
Job Summary
* Hybrid role of security assurance on key IT systems, identifying any security weaknesses or gaps.
* Managing, supporting and developing a team to undertake technical assurance on new and existing IT systems.
* Being the integral connection point for audit investigations into Security and IT controls, running our risk management service, and ensuring actions are undertaken in a timely manner.
* Preparing and presenting reports on the security (risk) environment status within Taylor Wimpey, ensuring compliance with Taylor Wimpey security standards.
* Providing oversight on the quality of submissions from your team addressing many of the responsibilities below.
* Managing competing demands for priorities and resources within Taylor Wimpey.
* Accounting for an experienced role within Taylor Wimpey IT, responsible for ensuring that security controls, measures, and practices are effectively designed, implemented, and operating as intended.
* Collating and assessing evidence of security control effectiveness across Taylor Wimpey projects and live services, recommending security control improvement.
* Leading cyber security control testing activities, including scoping, facilitation of testing, and reporting of findings.
* Risk assessing and ensuring the security of all new IT projects and services delivered onto the Taylor Wimpey infrastructure and the regular risk assessment and assurance of existing services on a suitable timescale.
* Ensuring the annual external financial audit of IT systems is undertaken successfully, all required information is received, and any findings are promptly investigated and actioned.
Primary Responsibilities
Audit Controls Management
Managing any internal or external IT controls audits, ensuring the required information is available, collected and presented in a suitable manner.
Risk Profile Communication
Preparing and presenting papers and presentations explaining the risk profile either of Taylor Wimpey overall, or of individual projects.
Presenting risk statements for consideration by senior stakeholders (technical and non‑technical) which contain all the information required to make an informed decision on whether to risk accept or not.
Cyber Security Assurance
Delivering independent, risk‑based reviews and assessments of system records and activities to check the adequacy and effectiveness of security controls applied to specific projects and systems. Identifying security deficiencies and ensuring compliance with security policies and procedures. Activities may include – but are not limited to:
* Planning, organising, and conducting regular risk and security assessment programmes.
* Ensuring new projects and services are assessed against current Taylor Wimpey security controls.
* Reviewing new and existing contracts against TW security requirements.
* Definition and validation of scope and objectives of regular risk, audit and security assessment activities ensuring alignment with Taylor Wimpey objectives and compliance standards.
* Determining appropriate methods of investigation to achieve the regular risk and security assessment objectives.
* Developing and maintaining metrics to track and report on key security indicators related to control implementation in projects and existing services.
* Examining configuration settings of systems, networks, and applications in line with security best practices.
* Assessing the security practices and policies of third‑party vendors and partners within the Taylor Wimpey ecosystem.
* Performing technical assessment and evaluation to determine control effectiveness.
* Ensuring all security standards and policies are followed, tracking them to detect and prevent cyberattacks.
* Ensuring security architectures are implemented fully, and deliver all the security requirements defined within the Taylor Wimpey ISMS and best practices.
* Tracking and reporting on the performance and progress of IT security initiatives, using metrics, dashboards, scorecards, etc.
* Ensuring proper procedures are in place for defining and reviewing security access rights and privileges.
* Managing the risk identification and tracking process.
* Monitoring internal and external policy compliance.
* Monitoring regulation compliance, especially if dealing with sensitive data or digital information.
* Managing risks assessment: identifying and classifying security risks in networks, systems and applications and mitigating or eliminating their impact.
* Cataloguing and classifying digital information and technology resources (assets and capabilities) to support vulnerability assessment.
* Assigning quantifiable value, ranking order and importance to information and technology resources.
* Identifying and analysing the vulnerabilities of each resource—manually or using automated tools and information sources.
* Prioritising, scoring and ranking the risk associated with vulnerabilities.
* Executing business impact assessments to determine the risk exposure within the organisation.
Experience, Qualifications, Technical Requirements
* Demonstrable experience of working in a cybersecurity management role.
* Proven track record in leading and managing security assurance programs within complex organisational environments.
* Deep technical understanding of security architecture.
* Proficiency in security assessment tools and methodologies.
* In‑depth knowledge of security frameworks, standards and regulations.
* Familiarity with deploying and operating in a 3LOD model, ability to recommend how this needs to be adhered to and improved upon to adapt to changing environmental needs.
* Extensive experience with security testing tools and automated technologies; familiarity with cloud security concepts and solutions.
* Experience in developing and implementing security policies and procedures.
* Ability to assess complex security issues, develop metrics and provide effective solutions.
* Understanding of key business and IT trends which may influence future strategies.
What We Offer At Taylor Wimpey
We enjoy many benefits as standard, including excellent retail discounts, company‑funded life insurance and private healthcare, and access to a quality pension scheme with company contributions. We also offer a discounted house purchase scheme, car leasing scheme and share plans, and the opportunity to tailor your benefit package to suit your needs (such as buying extra annual leave or adding dependants to your benefit cover). Our total reward offer works perfectly with our culture – we are a welcoming community where everyone can feel at home.
We create a home to your future by providing opportunities for growth and development. We offer industry‑leading professional training and development, which supports you to unlock your potential and fulfil your career and personal goals in a variety of opportunities and environments. We look to develop our people in the skills and areas they are most interested in, leveraging your qualities and appreciating your unique competencies, skills and expertise that, when we come together, make this a great place to work.
Inclusivity Statement
As a proud Disability Confident Employer, Taylor Wimpey is committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long‑term health conditions that affect their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare we have a disability and meet the minimum requirements for the role.
Internal Applicants
Please inform your line manager if you wish to apply for this role.
Position Details
* Seniority level: Mid‑Senior level
* Employment type: Full‑time
* Job function: Accounting/Auditing and Finance
#J-18808-Ljbffr