Cyber Underwriting Analyst

Job Description

Purpose of the Job:

To provide planning, project management and consulting services (internal and external) to Brit’s Cyber underwriting team, internal stakeholders, external distributions partners, 3rd party service providers and its client base.
To report into the In-House Cyber Underwriting Consultant, and support Head of Cyber and FinPro Managing Director on a range of strategic initiatives including but not limited to:

Pre bind technical underwriting analysis for major clients and Brit led programs, this includes:
• Lead and participate on cyber underwriting market calls in order to support the cyber underwriting team.
• Provide a review of submissions for the underwriting team factoring in most likely areas of compromise and taking into consideration sector and revenue banding. This may involve giving commentary on the state of the risk or identifying areas of follow up.
• Be able to provide a holistic view of the risk, for example where a deficiency has been identified in a particular control, are there any other mitigating controls that can be leaned on to give comfort.

Wider Brit Activities that the candidate will be involved in
• Participation in bi-weekly peer review sessions with the cyber underwriting team
• Participation in bi-weekly team meetings giving updates on the current threat landscape and notable cyber incidents that have occurred that week
• Supporting in the facilitation of the Cyber Centre of Excellence (Brit Cyber Governance forum)
• Coordination of vendors that support on the BCAP (Brit Cyber Attack Plus) product AND First50, this includes the QA of reports that are produced.
• Support in the creation of cyber marketing content and ideas for the monthly cyber newsletter
• Ensure we continue to build the most effective framework for exposure data capture and ongoing monitoring

Other initiatives that the candidate may be asked to support on occasion:
• Expert resource for analysis and response to existing and emerging cyber threats (for example CrowdStrike outage, MOVEit event)
• Oversight and analysis of third-party tools, applications and vendors
• Presenting to partners on the core elements of cyber controls and why they are important to Brit.
• A point of contact for the wider Brit business for any cyber related queries that may occur as part of transformation activities or through other classes of business
• Technical input to Cyber Exposure Management and modelling
• Design and distribute technical and detailed risk management insights for our major clients and customers

Principal Accountabilities:

Provide technical IT security insight to underwriting team
Ensure regular liaison with Cyber Claims and Operations
Assist in creation of roadmaps to deliver change in the Cyber class of business when strategic change or direction is required
Identify and adapt best communication practices and techniques for the delivery of awareness and education to our brokers and corporate client base.
Represent the business at appropriate industry committees and conferences
To lead manage, coach and mentor certain team members to ensure high levels of Cyber comprehension.
Support as the central point of contact for all major industry Cyber incidents - develop and deploy appropriate incident handling procedures and strategy.
Work with third parties to review and assess appropriate levels of security infrastructure that our clients should maintain.
Perform security risk assessments.
Technical input to help inform Cyber exposure management and modelling.

Regulatory Conduct Rules

1. Act with integrity.
2. Act with due skill, care and diligence.
3. Be open and co-operative with Lloyd’s, the FCA, the PRA, and other regulators.
4. Pay due regard to the interests of customers and treat them fairly.
5. Observe proper standards of market conduct.
6. Act to deliver good outcomes for retail customers.

Education, Qualifications, Knowledge, Skills and Experience:

• Experience of Financial Services and specifically Lloyd’s preferred
• Cyber Consultancy experience
• Technical knowledge of IT including networks, operating systems, databases, firewalls, anti-virus, and patch management.
• Awareness of the Data Protection Act (and GDPR), NIST and PRA initiatives and the Governments Cyber Essentials programme
• Knowledge and experience of the security products available including intrusion detection, SIEM vulnerability assessment and encryption tools.
• Strong interpersonal, communication skills and experience of working with off-shore / outsourced IT (including Security) teams.
• An understanding of UK insurance is desirable.
• Self-motivated and resilient and able to operate independently
• Excellent communication skills, both written and oral
• Well organised, realistic and reliable
• Able to coach and mentor more and less senior colleagues
• Team player with excellent communication skills.