Cloud Security Lead

Job Title: Cloud Security Lead

Reporting to: BISO

Position Type: Permanent

Hybrid working: 3 days a week onsite

Why Tokio Marine HCC?

Standing still is not an option in the current world of Insurance. TMHCC are one of the world's leading Specialty Insurers. With deep expertise in our chosen lines of business, our unparalleled track record and a solid balance sheet, TMHCC evaluates and manages risk like no one else in the industry. Looking beyond profit, empowering our people and delivering on our commitments are at the core of our customer values, and so is a desire to grow and provide creative and innovative solutions to our clients.

Job Purpose:

TMHCC International has recently completed an exciting IT transformation and is the process of recruiting a broad range of suitably qualified, skilled and experienced people. Reporting into the Business Information Security Officer (BISO) for TMHCC International, the Cloud Security Lead is part of the BISO function established within in the CIO organisation of the International division. You'll join the team as someone who is passionate about Cloud Security and Cyber Risk management.

The Cloud Security Lead is responsible for maintaining secure cloud architectures, policies, and practices to protect critical business data and operations. This role requires in-depth knowledge of cloud service providers, security frameworks, and threat landscapes to ensure enterprise-grade protection across cloud platforms.

You will work closely with TMHCC International IT teams and Group Security teams to prioritise and coordinate vulnerability remediation across the cloud estate. You will be experienced in cyber vulnerability detection, remediation, and reporting processes. You will be responsible for triaging and prioritising detected vulnerabilities as well as coordinating and driving remediation activity to reduce our cyber risk profile.

Key to your role will be maturing MI reporting for onward communication to the board and executive.

Key Responsibilities

• Develop and enforce security best practices, policies, and procedures for cloud environments (AWS, Azure).
• Conduct security risk assessments and audits of cloud infrastructure and applications.
• Respond to security incidents and vulnerabilities in the cloud.
• Collaborate with DevOps and IT teams to integrate security controls into CI/CD pipelines and cloud deployments.
• Manage output from cloud-native security tools (e.g., AWS GuardDuty, Azure Defender).
• Ensure compliance with industry regulations and standards (e.g., ISO 27001, NIST, GDPR, HIPAA).
• Provide security guidance on architecture, design reviews, and cloud migrations.
• Create and maintain cloud security documentation, training materials, and incident response playbooks.
• Stay current on emerging cloud security trends, tools, and technologies.
• Support the BISO in the providing metrics to the Divisional IT Risk Reporting and Dashboards.
• Escalate significant cyber risks and issues as they emerge, to the BISO and IT Leadership for action or information.

Skills and Experience Specification

Essential:

• 5-10 years of experience in a technical cyber role (e.g., threat and vulnerability analyst, security engineer, SOC analyst).
• Minimum 3-5 years of hands-on experience in cloud environments.
• Proven experience with at least one major cloud provider (AWS, Azure).
• Proven experience with Microsoft Azure (multi-cloud knowledge, especially AWS, is a plus).
• Experience with security operations, incident response, and cloud compliance.
• Working knowledge of vulnerability scanning and detection technologies.
• Practical experience in triage and remediation of vulnerabilities.
• Deep understanding of and ability to articulate the risk associated with security vulnerabilities.
• Ability to coordinate and chair regular meetings and workshops with multiple stakeholders to provide guidance, collaboration and oversight of vulnerability remediation initiatives.
• Excellent understanding of MITRE ATT&CK framework, adversary tactics and techniques.
• Confidence in presenting information and acting as a source of SME knowledge and guidance.
• Analytical, conceptual thinking, planning and execution skills.
• Ability to drive improvements and take charge of initiatives, backed with excellent coordination strength as well as assertiveness.
• Result orientated and able to manage to measurable targets and desired outcomes.
• A passion to champion a cyber security culture and continuous learning of latest cyber threat trends.
• Strong understanding of cloud architectures and shared responsibility models.
• Strong communication skills with the ability to explain complex security issues to non-technical stakeholders.

Desirable:

• Knowledge of Zero Trust architecture and security frameworks (e.g., MITRE ATT&CK).
• Experience in red/blue team exercises.
• Familiarity with cloud-native security tools and infrastructure-as-code (e.g., Azure Policy, ARM/Bicep, Terraform).
• Experience of the Specialty and Lloyd's/Companies market insurance industry
• Experience in regulated industries.

Qualifications

Education & Certifications:

• Bachelor's degree in computer science, Information Security, or a related field.
• Relevant certifications such as:

• Certified Cloud Security Professional (CCSP)
• AWS Certified Security - Specialty
• Microsoft Certified: Azure Security Engineer Associate
• CISSP, CISM, or equivalent

What We Offer

The Tokio Marine HCC Group of Companies offers a competitive salary and employee benefit package. We are a successful, dynamic organization experiencing rapid growth and are seeking energetic and confident individuals to join our team of professionals. The Tokio Marine HCC Group of companies is an equal opportunity employer. Please visit www.tmhcc.com for more information about our companies.

The Tokio Marine HCC Group of companies is an equal opportunity employer. Please visit www.tmhcc.com for more information about our companies.

#LI-LH1