Our client is looking for a skilled and enthusiastic network engineer to join their team based around Glasgow. The ideal candidate will have a strong grasp of the requirements below. If you feel that you are capable, I would love to hear from you and discuss the position in full. Duties and Responsibilities Design, implement, configure and manage the organisation's network infrastructure, including LANs, WANs, VPNs, Routers, Switches, Firewalls, and wireless access points. Identify and address issues to ensure high availability, reliability, and optimal performance. Deploy and maintain the systems' infrastructure, including Servers, storage solutions, operating systems, virtualisation platforms and cloud services. Manage network and systems capacity planning to accommodate growth and changing computing requirements. Collaborate with IT teams worldwide to develop integrated network and systems solutions aligned with business objectives and technology standards. Perform regular security assessments and audits to identify vulnerabilities and implement necessary patches, updates, and security protocols. Design, implement and maintain disaster recovery and business continuity plans. Provide technical support to end-users and other IT teams, addressing network and systems-related incidents and challenges. Document network and systems configurations, procedures, and troubleshooting guides to facilitate knowledge sharing and training. Stay informed about emerging technologies, industry trends, and best practices in networking and systems engineering. Automate network and systems tasks using Scripting languages and configuration management tools. Work with vendors and service providers for procurement, maintenance, and support of network and systems equipment and software. Install hardware for systems and users, as required. Packaging and deployment of applications and software updates. Identify, propose, contribute and manage IT projects for continuous improvement. Qualifications, Knowledge & Skills Bachelor's degree in Computer Science, Information Technology, or related field; or relevant work experience for a minimum of five years. Proven experience as a Network Engineer/Administrator, Systems Engineer/Administrator, or similar role, demonstrating proficiency in both networking and systems administration. Strong understanding of network protocols, routing, switching, and network security practices. Familiarity with various operating systems, including Windows and VMWare ESXi and experience in system administration. Proficiency in configuring and managing virtualisation platforms such as VMware. Scripting skills (eg, PowerShell) for network and systems automation and optimisation. Knowledge of hardware components, server architecture, and storage systems (SANs). Familiarity with security tools, encryption, certificates, PKI, authentication, and patch management for both networks and systems. Excellent communication skills to collaborate effectively with technical and non-technical teams. Strong problem-solving abilities for diagnosing and resolving complex network and systems issues. Ability to manage multiple tasks, projects, and priorities while adhering to deadlines. Main benefits: Salary Life Assurance x 4 times annual salary Critical Illness x 2 times annual salary Westfield Health Cover - CashPlan and Hospital Plan Personal Private Pension (currently Scottish Widows). Salary Exchange. 5% company contribution 34 day holiday (includes public holidays) Contribution to fitness club or classes Please send a copy of your CV for more information and to discuss your suitability. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
17/05/2024
Full time
Our client is looking for a skilled and enthusiastic network engineer to join their team based around Glasgow. The ideal candidate will have a strong grasp of the requirements below. If you feel that you are capable, I would love to hear from you and discuss the position in full. Duties and Responsibilities Design, implement, configure and manage the organisation's network infrastructure, including LANs, WANs, VPNs, Routers, Switches, Firewalls, and wireless access points. Identify and address issues to ensure high availability, reliability, and optimal performance. Deploy and maintain the systems' infrastructure, including Servers, storage solutions, operating systems, virtualisation platforms and cloud services. Manage network and systems capacity planning to accommodate growth and changing computing requirements. Collaborate with IT teams worldwide to develop integrated network and systems solutions aligned with business objectives and technology standards. Perform regular security assessments and audits to identify vulnerabilities and implement necessary patches, updates, and security protocols. Design, implement and maintain disaster recovery and business continuity plans. Provide technical support to end-users and other IT teams, addressing network and systems-related incidents and challenges. Document network and systems configurations, procedures, and troubleshooting guides to facilitate knowledge sharing and training. Stay informed about emerging technologies, industry trends, and best practices in networking and systems engineering. Automate network and systems tasks using Scripting languages and configuration management tools. Work with vendors and service providers for procurement, maintenance, and support of network and systems equipment and software. Install hardware for systems and users, as required. Packaging and deployment of applications and software updates. Identify, propose, contribute and manage IT projects for continuous improvement. Qualifications, Knowledge & Skills Bachelor's degree in Computer Science, Information Technology, or related field; or relevant work experience for a minimum of five years. Proven experience as a Network Engineer/Administrator, Systems Engineer/Administrator, or similar role, demonstrating proficiency in both networking and systems administration. Strong understanding of network protocols, routing, switching, and network security practices. Familiarity with various operating systems, including Windows and VMWare ESXi and experience in system administration. Proficiency in configuring and managing virtualisation platforms such as VMware. Scripting skills (eg, PowerShell) for network and systems automation and optimisation. Knowledge of hardware components, server architecture, and storage systems (SANs). Familiarity with security tools, encryption, certificates, PKI, authentication, and patch management for both networks and systems. Excellent communication skills to collaborate effectively with technical and non-technical teams. Strong problem-solving abilities for diagnosing and resolving complex network and systems issues. Ability to manage multiple tasks, projects, and priorities while adhering to deadlines. Main benefits: Salary Life Assurance x 4 times annual salary Critical Illness x 2 times annual salary Westfield Health Cover - CashPlan and Hospital Plan Personal Private Pension (currently Scottish Widows). Salary Exchange. 5% company contribution 34 day holiday (includes public holidays) Contribution to fitness club or classes Please send a copy of your CV for more information and to discuss your suitability. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
Your new role We are looking for a Database Administrator to develop, implement, and maintain the 24/7 corporate database infrastructure for the organisation. The role also involves supporting the enterprise-wide server and storage infrastructure, computer information systems, applications software, and web-based service delivery. Design, implement, maintain and support the database and associated infrastructure to ensure a robust, reliable, efficient and secure operation of the systems and services. Undertake a key responsibility and/or provide backup cover across the team, such as for selected server and storage infrastructure, operating systems, application software, and web-based service delivery, including effective liaison with contracted external suppliers and ensuring alignment with agreed technology and enterprise systems strategy, service requirements, security arrangements, and data exchange and inter-operability requirements. Installation, configuration, and upgrades to database systems and applications software as required, including server virtualisation where applicable. Maintain data standards, including adherence to the Data Protection Act. Monitor and manage systems performance and usage, taking baselines, recording trends and initiation prompt and appropriate action to resolve faults and problems, maintain services and increase capacity when required. Implementation, monitoring and maintenance of agreed standards, services, access arrangements, and security measures Comply with agreed change management procedures and 'at risk' times for the implementation of changes, including taking account of organisation's requirements and providing adequate notice and information for users Test and implement new technologies and services in accordance with agreed strategic development priorities and service requirements, and in conjunction with other substantive and project teams. Plan and test systems business continuity and disaster recovery arrangements, including associated documentation, risk registers, diagrams, and action scripts Assist the Head of IT Operations with the analysis, evaluation, and procurement of hardware and software solutions required for the development and maintenance of the provision. What you'll need to succeed Substantial proven practical expertise and experience in supporting large corporate systems and applications in a large enterprise networked environment at an appropriate level of responsibility Proven knowledge of server operating systems and virtualisation techniques Proven specialist understanding, expertise and experience appropriate to a designated key responsibility A good understanding of the systems and services required to support learning, teaching, research, and university business and administration requirements. A good understanding of information security principles and best practice. Experience in: Windows and SQL server systems, Active Directory Novell Netware systems, Zenworks, e-Directory Linux (SUSE) systems Sun Solaris Unix systems, NIS+ Lotus Domino MS Exchange and mail services Web Servers, Apache, Tomcat Experience across the Oracle suite Data warehouse infrastructure, data archive solutions Storage area networks, volume management Anti-virus software Technical architectures and development environments inc JAVA, .NET and Visual C++ What you'll get in return A permanent role paying up to £53,000pa + benefits. The role is based in Hertfordshire and hybrid working is on offer. What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. Hays EA is a trading division of Hays Specialist Recruitment Limited and acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
17/05/2024
Full time
Your new role We are looking for a Database Administrator to develop, implement, and maintain the 24/7 corporate database infrastructure for the organisation. The role also involves supporting the enterprise-wide server and storage infrastructure, computer information systems, applications software, and web-based service delivery. Design, implement, maintain and support the database and associated infrastructure to ensure a robust, reliable, efficient and secure operation of the systems and services. Undertake a key responsibility and/or provide backup cover across the team, such as for selected server and storage infrastructure, operating systems, application software, and web-based service delivery, including effective liaison with contracted external suppliers and ensuring alignment with agreed technology and enterprise systems strategy, service requirements, security arrangements, and data exchange and inter-operability requirements. Installation, configuration, and upgrades to database systems and applications software as required, including server virtualisation where applicable. Maintain data standards, including adherence to the Data Protection Act. Monitor and manage systems performance and usage, taking baselines, recording trends and initiation prompt and appropriate action to resolve faults and problems, maintain services and increase capacity when required. Implementation, monitoring and maintenance of agreed standards, services, access arrangements, and security measures Comply with agreed change management procedures and 'at risk' times for the implementation of changes, including taking account of organisation's requirements and providing adequate notice and information for users Test and implement new technologies and services in accordance with agreed strategic development priorities and service requirements, and in conjunction with other substantive and project teams. Plan and test systems business continuity and disaster recovery arrangements, including associated documentation, risk registers, diagrams, and action scripts Assist the Head of IT Operations with the analysis, evaluation, and procurement of hardware and software solutions required for the development and maintenance of the provision. What you'll need to succeed Substantial proven practical expertise and experience in supporting large corporate systems and applications in a large enterprise networked environment at an appropriate level of responsibility Proven knowledge of server operating systems and virtualisation techniques Proven specialist understanding, expertise and experience appropriate to a designated key responsibility A good understanding of the systems and services required to support learning, teaching, research, and university business and administration requirements. A good understanding of information security principles and best practice. Experience in: Windows and SQL server systems, Active Directory Novell Netware systems, Zenworks, e-Directory Linux (SUSE) systems Sun Solaris Unix systems, NIS+ Lotus Domino MS Exchange and mail services Web Servers, Apache, Tomcat Experience across the Oracle suite Data warehouse infrastructure, data archive solutions Storage area networks, volume management Anti-virus software Technical architectures and development environments inc JAVA, .NET and Visual C++ What you'll get in return A permanent role paying up to £53,000pa + benefits. The role is based in Hertfordshire and hybrid working is on offer. What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. Hays EA is a trading division of Hays Specialist Recruitment Limited and acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
Global Technology Solutions Ltd
Edinburgh, Midlothian
Job Title: Infrastructure Support Engineer III Contract length: 3-months Day rate: £340 inside ir35 through umbrella Location: Edinburgh *Must be holding SC Clearance* Site hours are: 07:00 - 16:30 Mon-Thurs and 07:00 - 13:30 Fri - hours to be agreed ROLE OVERVIEW: We are looking for customer-focused and enthusiastic 3rd line infrastructure Support Engineer with a genuine interest in solving peoples IT issues to backfill our Business As Usual services while some of our key staff support a critical project. The applicant should be technically competent, possess good written and verbal communication skills and be willing to collaborate with the wider IT support teams. The 3rd line team members are expected to be specialists at solving a variety of software issues, while minimizing disruption to our users. A successful candidate will be someone who can blend first rate customer service with first rate technical skills. Previous experience resolving 2nd and 3rd line issues in an enterprise environment is essential. DETAILED JOB DESCRIPTION: * To manage a range of technologies such as Domain Central Services (Active Directory), SCCM - to include optimisation, interoperability, and availability * Hands on experience of day to day administration of Microsoft Active Directory including creation of users, security groups, GPO's and roaming profiles * Able to identify, define and resolve complex issues with Microsoft Windows and Office applications * Coach and educate the 2nd Line Engineers, in developing their skills to improve first time fix and overall team performance * Demonstrate resilience and the resourcefulness to work effectively under pressure and to tight deadlines * Ability to author documents such as reports, policies, procedures and workflows ESSENTIALS SKILLS/QUALIFICATIONS: * Active Directory * SCCM management & operation (or similar network management system) * Microsoft WSUS (Windows Server Update Services) * Ivanti Security Controls * Ivanti Device and Application Control * Avecto Defendpoint DESIRABLE SKILLS/QUALIFICATIONS: * Citrix based VDI Infrastructure * Administering Licence Servers * Administering Managed Print Servers * ITIL Foundation * MCP/MCSE If you have the skills required, please "In applying for this position, you consent to your personal data being shared with the specified employer and for your details to remain with GTS for as long as is necessary to process your application. See our Privacy Notice for full information Global Technology Solutions is acting as an Employment Business in relation to this vacancy.
16/05/2024
Project-based
Job Title: Infrastructure Support Engineer III Contract length: 3-months Day rate: £340 inside ir35 through umbrella Location: Edinburgh *Must be holding SC Clearance* Site hours are: 07:00 - 16:30 Mon-Thurs and 07:00 - 13:30 Fri - hours to be agreed ROLE OVERVIEW: We are looking for customer-focused and enthusiastic 3rd line infrastructure Support Engineer with a genuine interest in solving peoples IT issues to backfill our Business As Usual services while some of our key staff support a critical project. The applicant should be technically competent, possess good written and verbal communication skills and be willing to collaborate with the wider IT support teams. The 3rd line team members are expected to be specialists at solving a variety of software issues, while minimizing disruption to our users. A successful candidate will be someone who can blend first rate customer service with first rate technical skills. Previous experience resolving 2nd and 3rd line issues in an enterprise environment is essential. DETAILED JOB DESCRIPTION: * To manage a range of technologies such as Domain Central Services (Active Directory), SCCM - to include optimisation, interoperability, and availability * Hands on experience of day to day administration of Microsoft Active Directory including creation of users, security groups, GPO's and roaming profiles * Able to identify, define and resolve complex issues with Microsoft Windows and Office applications * Coach and educate the 2nd Line Engineers, in developing their skills to improve first time fix and overall team performance * Demonstrate resilience and the resourcefulness to work effectively under pressure and to tight deadlines * Ability to author documents such as reports, policies, procedures and workflows ESSENTIALS SKILLS/QUALIFICATIONS: * Active Directory * SCCM management & operation (or similar network management system) * Microsoft WSUS (Windows Server Update Services) * Ivanti Security Controls * Ivanti Device and Application Control * Avecto Defendpoint DESIRABLE SKILLS/QUALIFICATIONS: * Citrix based VDI Infrastructure * Administering Licence Servers * Administering Managed Print Servers * ITIL Foundation * MCP/MCSE If you have the skills required, please "In applying for this position, you consent to your personal data being shared with the specified employer and for your details to remain with GTS for as long as is necessary to process your application. See our Privacy Notice for full information Global Technology Solutions is acting as an Employment Business in relation to this vacancy.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
16/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
16/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.