Lead Application Security Manager

Location: York, England, United Kingdom


Job Number: 958

External Description:

Our Applications Security team in Aviva is growing – and we’re now looking for a Lead Application Security Manager to run a team. This position has global scope and is accountable for directing a team of information security experts and delivering a range of relevant services, across all Aviva markets. We see it as an outstanding and interesting role in this field due to the wide scope of Aviva’s products and the amount of influence the role holder will have – a position where you can really make it your own.

This opportunity will be based in our York office, but we are open-minded regarding flexible home-working.

We are committed to providing enhanced security, with ongoing investment to maintain secure and resilient control over our information assets against the new cyber threats of the digital era. Ultimately, we ensure our employee and customer data is rigorously protected from attack and theft, but also securing how Aviva is special, our frameworks and models are unique and highly valuable, so we also need to protect ‘what makes Aviva, Aviva”.


Key Responsibilities include:

  • Leading adoption of Secure Coding Principles and the Secure Development Lifecycle across Aviva markets
  • Governing and overseeing application security assessments against web and mobile applications
  • Driving the adoption of best practice and code scanning tools within various development environments
  • Year-on-year reduction of vulnerabilities and code issues - due to improved training, published patterns and frameworks and integration with development teams
  • Adoption of security tools such as SAST and DAST
  • Year-on-year improvement in employee engagement with Application Security and our teams


What skills & experiences are required?

  • Professional qualification in Information Security and/or Penetration Testing
  • Experience in working within application security, ideally in the Financial Services sector
  • In-depth knowledge of information security governance processes and practices, including ISMS monitoring and control frameworks such as, ISO, ISF and COBIT, their relationships to other frameworks and applications
  • Good understanding of Secure Development Lifecycles and their application in an agile environment
  • Robust understanding of security architecture principles and processes
  • Experience in the use of penetration testing tools and one or more of the development technologies


What will you get for this role?

  • A salary up to £80,000 depending on skills, experience and qualifications
  • Generous defined contribution pension scheme
  • Annual performance related bonus and pay review
  • Holiday allowance of 29 days plus bank holidays and the option to buy/sell up to 5 additional days
  • Up to 40% discount for some Aviva products through “My Aviva Extras” plus discounts for Friends and Family (some exclusions apply)
  • Excellent range of flexible benefits to include a matching share save scheme


We care about the well-being of our employees!

How you feel at home, work and all aspects of your life are important to us. Our programme – ‘Be Healthy’, ‘Be Mindful’, ‘Be Secure’ and ‘Be Awesome’ supports your physical, mental, financial and social well-being.

Here are just a few highlights:

  • You’ll be able to download Aviva Digital GP - a 24/7 personal GP service that allows you to get a video consultation with a GP and pharmacy service at the touch of a button
  • We offer all UK employees subscriptions to Headspace for FREE!
  • We have subsidised 70% off the normal gym membership prices, meaning for a reduced monthly fee you will have access to a wide range of fitness venues


Additional Information and Equal Opportunity

One of Aviva’s core values is Care More, and this is brought to life through the flexible ways we love to work. This may include working from home some of the time, or flexible work schedules to accommodate parent and carer responsibilities, further studies and hobbies.

Our diversity and inclusion policies and initiatives are crafting an environment where everyone feels welcome regardless of age, disability, race, ethnicity, gender, gender identity, religion, culture, sexual orientation, national origin, marital status, pregnancy, maternity or those with other caring responsibilities. Our approach helps to ensure that Aviva is a place which values difference and provides equal opportunities for all.

As a disability confident employer, we guarantee to interview anyone with a disability (as defined in The Equality Act 2010) whose application meets the minimum criteria for the post. (By ‘minimum criteria’ we mean that you should provide us with evidence which demonstrates that you generally meet the level of competence required, as well as meeting any of the qualifications, skills or experience defined as essential). Please apply through the website and then email the contact listed in the advert to notify us that you meet the conditions for the guaranteed interview scheme.

We prefer all applications to be submitted online, however if you require an alternative method of applying please contact Daniel Hopchet in the Resourcing team on 0121 234 7625 or Daniel.Hopchet@Aviva.com.

Job Number: R-85408

Community / Marketing Title: Lead Application Security Manager

Location: York, England, United Kingdom