Job Title: Information Security Consultant Location: Carlisle/1 day onsite every 2 weeks Salary: £65,000 - £70,000 + benefits Are you an experienced Information Security Consultant looking for your next challenge? If so this could be the ideal opportunity for you. My client, a specialist financial services business with an excellent reputation, is currently investing within their Information/Cyber Security team. As part of this investment, they are looking to hire an Information Security Consultant to join the team. You will assist the Information Security Assurance Manager in the overseeing and control of all aspects of the Information Security Management System, ensuring controls and assurance audits are in place to prevent/minimise threats such as security breaches, computer viruses or attacks by cyber criminals. As well as carrying out audits in line with the assurance calendar. You will also play a pivotal role in providing subject matter expertise to projects to ensure projects have security controls included by design. You will have depth of knowledge in information security, with an excellent understanding of the technical side, having very good experience of compliance such as ISO27001, NIST, CBEST & CQUEST requirements. Key responsibilities Engagement with projects to provide advice, guidance and non-functional requirements to ensure security is being built in by design. Support and execute all group-wide Assurance tasks, initiatives and assignments, including monitoring the assurance inbox and responding to queries. Assist in the ongoing program of information security assurance covering all aspects of ISO27001 and the controls set out. Support the management of the Information Security Management System and ensure compliance with its components. Assist in updating assurance owned documentation such as procedures and policies. Support the Information Security Assurance Manager in working with information security operations to maintain acceptable levels of control and risk throughout the business. Carry out assurance reviews in line with the schedules calendar, producing reports, feedback and managing actions/non-conformities through to satisfactory conclusion. To assist in the maintenance of the Information Security (COO) Risks and Controls register and work closely with other information security colleagues and carry out actions to mitigate the risks identified. To keep up to date with security trends, threats and control measures and recommend new solutions and initiatives that will enhance the protection of the business's assets and data. Support in phishing campaigns and the management the outcomes and necessary training. Identify risks and ensure these are presented in accordance with procedures and are given the appropriate level of attention. Conducting third party supplier reviews. Skills and Experience required Proven previous experience of working within a similar GRC focused Information Security Consultant/Officer/Manager position. A formal qualification in an Information Security discipline eg, CISM. Where significant experience can be demonstrated, this will be considered. Experience of ISO27001 audits, NIST audits or similar, ideally being a Certified ISMS Lead Auditor (CIS LA) A strong technical understanding and background Excellent written and verbal communications skills as appropriate for the needs of the audience. Experience gained within financial services or another highly regulated environment. For more information or to apply please send a copy of your CV to (see below)
18/06/2024
Full time
Job Title: Information Security Consultant Location: Carlisle/1 day onsite every 2 weeks Salary: £65,000 - £70,000 + benefits Are you an experienced Information Security Consultant looking for your next challenge? If so this could be the ideal opportunity for you. My client, a specialist financial services business with an excellent reputation, is currently investing within their Information/Cyber Security team. As part of this investment, they are looking to hire an Information Security Consultant to join the team. You will assist the Information Security Assurance Manager in the overseeing and control of all aspects of the Information Security Management System, ensuring controls and assurance audits are in place to prevent/minimise threats such as security breaches, computer viruses or attacks by cyber criminals. As well as carrying out audits in line with the assurance calendar. You will also play a pivotal role in providing subject matter expertise to projects to ensure projects have security controls included by design. You will have depth of knowledge in information security, with an excellent understanding of the technical side, having very good experience of compliance such as ISO27001, NIST, CBEST & CQUEST requirements. Key responsibilities Engagement with projects to provide advice, guidance and non-functional requirements to ensure security is being built in by design. Support and execute all group-wide Assurance tasks, initiatives and assignments, including monitoring the assurance inbox and responding to queries. Assist in the ongoing program of information security assurance covering all aspects of ISO27001 and the controls set out. Support the management of the Information Security Management System and ensure compliance with its components. Assist in updating assurance owned documentation such as procedures and policies. Support the Information Security Assurance Manager in working with information security operations to maintain acceptable levels of control and risk throughout the business. Carry out assurance reviews in line with the schedules calendar, producing reports, feedback and managing actions/non-conformities through to satisfactory conclusion. To assist in the maintenance of the Information Security (COO) Risks and Controls register and work closely with other information security colleagues and carry out actions to mitigate the risks identified. To keep up to date with security trends, threats and control measures and recommend new solutions and initiatives that will enhance the protection of the business's assets and data. Support in phishing campaigns and the management the outcomes and necessary training. Identify risks and ensure these are presented in accordance with procedures and are given the appropriate level of attention. Conducting third party supplier reviews. Skills and Experience required Proven previous experience of working within a similar GRC focused Information Security Consultant/Officer/Manager position. A formal qualification in an Information Security discipline eg, CISM. Where significant experience can be demonstrated, this will be considered. Experience of ISO27001 audits, NIST audits or similar, ideally being a Certified ISMS Lead Auditor (CIS LA) A strong technical understanding and background Excellent written and verbal communications skills as appropriate for the needs of the audience. Experience gained within financial services or another highly regulated environment. For more information or to apply please send a copy of your CV to (see below)
SOC Engineer (with Elastic Experience) - On-site 5 days per week. Contract Type: Inside IR35 - £635 Security Clearance: Active SC is a must-have Methods has a leading cybersecurity function dedicated to safeguarding businesses from evolving digital threats. We are seeking a talented and motivated Security Operations Center (SOC) Engineer with essential experience in Elastic to join our team. If you're passionate about protecting critical data and infrastructure while leveraging cutting-edge technologies, we want to hear from you. Key Responsibilities: SIEM Management : Utilize your expertise in Security Information and Event Management (SIEM) systems, especially Elastic, to configure, monitor, and manage security alerts and incidents. Leverage Elastic's capabilities to analyze and correlate security data for rapid threat detection and response. Elastic Stack Proficiency: Demonstrate deep knowledge and hands-on experience with the Elastic Stack (Elasticsearch, Logstash, Kibana) for security data analysis and threat intelligence. KQL Query Development: Create advanced Kusto Query Language (KQL) queries to proactively identify potential security threats within Azure environments. Harness the power of data analytics to enhance our security posture and provide Real Time threat intelligence. Networking Security: Implement and maintain network security controls and protocols to protect against unauthorized access, data breaches, and network anomalies. Collaborate with network teams to ensure the security of critical infrastructure. Syslog Management: Configure and maintain syslog Servers to collect and analyze logs from various systems and devices. Identify and investigate security incidents leveraging syslog data to enhance threat detection and incident response capabilities. Azure Security Expertise: Work closely with Azure security tools and services to enhance cloud security, including Identity and Access Management (IAM), Network Security Groups (NSG), and Azure Firewall. Continuously improve security policies and practices in line with Azure best practices. Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field. Proven experience in a SOC role, demonstrating strong analytical and problem-solving skills. Deep knowledge of SIEM solutions, with a focus on Elastic and KQL. Familiarity with Azure security and networking principles. Understanding of syslog and log management. Relevant certifications such as CompTIA Security+, CISSP, or Microsoft Certified: Azure Security Engineer Associate are a bonus.
18/06/2024
Project-based
SOC Engineer (with Elastic Experience) - On-site 5 days per week. Contract Type: Inside IR35 - £635 Security Clearance: Active SC is a must-have Methods has a leading cybersecurity function dedicated to safeguarding businesses from evolving digital threats. We are seeking a talented and motivated Security Operations Center (SOC) Engineer with essential experience in Elastic to join our team. If you're passionate about protecting critical data and infrastructure while leveraging cutting-edge technologies, we want to hear from you. Key Responsibilities: SIEM Management : Utilize your expertise in Security Information and Event Management (SIEM) systems, especially Elastic, to configure, monitor, and manage security alerts and incidents. Leverage Elastic's capabilities to analyze and correlate security data for rapid threat detection and response. Elastic Stack Proficiency: Demonstrate deep knowledge and hands-on experience with the Elastic Stack (Elasticsearch, Logstash, Kibana) for security data analysis and threat intelligence. KQL Query Development: Create advanced Kusto Query Language (KQL) queries to proactively identify potential security threats within Azure environments. Harness the power of data analytics to enhance our security posture and provide Real Time threat intelligence. Networking Security: Implement and maintain network security controls and protocols to protect against unauthorized access, data breaches, and network anomalies. Collaborate with network teams to ensure the security of critical infrastructure. Syslog Management: Configure and maintain syslog Servers to collect and analyze logs from various systems and devices. Identify and investigate security incidents leveraging syslog data to enhance threat detection and incident response capabilities. Azure Security Expertise: Work closely with Azure security tools and services to enhance cloud security, including Identity and Access Management (IAM), Network Security Groups (NSG), and Azure Firewall. Continuously improve security policies and practices in line with Azure best practices. Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field. Proven experience in a SOC role, demonstrating strong analytical and problem-solving skills. Deep knowledge of SIEM solutions, with a focus on Elastic and KQL. Familiarity with Azure security and networking principles. Understanding of syslog and log management. Relevant certifications such as CompTIA Security+, CISSP, or Microsoft Certified: Azure Security Engineer Associate are a bonus.
HR/Sourcing/Organisational Development Contractor - Banking Client - Brussels Duration: 6 months Rate: flexible Hybrid working: On-site for team meeting and workshops Job Description As part of the CISO Organisational Development team, it will be your responsibility to ensure the delivery of a number of initiatives related to CISO people strategy and to sustain and support the workforce management processes that are defined. You assist with the implementation of a long-term vision for sourcing mix and skills (technical, business, soft skills), and the related topics (Recruitment, up/re/self-skilling, mobility, etc.), in collaboration with Business and Corporate HR. You handle the execution of the initiatives and their related action plans, support the CISO Office Head and the team lead in decision-making. You ensure the accurate implementation of the strategy defined in synch with TMS and continuously improve during the roll-out thereof You safeguard and strengthen workforce management and learning expertise for strategic projects You make sure that what is proposed and implemented is in line with the different strategies, from a CISO, corporate, Technology and IT people as well as a social point of view You contribute to different projects with regards to goal setting, career evolution, skills improvement, talent management Qualifications: HR/Sourcing/Organisational Development Contractor - Banking Client - Brussels Show strong, demonstrable experience on the topic of workforce planning, people development, specifically covering sourcing mix evolution, strong confirmed understanding of skills related to (IT technical, soft and business skills) and sound understanding of transformation. Have a sound understanding of meaningful HR topics (including Recruitment, Training, mobility, up/re/self-skilling, etc.). Strong organisational change skills Analytical skills Experience with and knowledge of cyber security domains and profiling as a baseline for creating and enhancing learning paths for security professionals and experts Professional presentation skills Ability to quickly understand the Tech's organization and activities Strong communication skills to acquire sponsorship from diverse collaborators Proficiency in Microsoft Office (Word, Excel, PowerPoint, Outlook). Adapt and evolve in an international context, and understand and fit with the culture and core values. Pragmatic approach and at ease (and loves to work) in a VUCA environment. Excellent professional English skills required (verbal and written) Please do send across to me the most up to date CV to (see below)
18/06/2024
Project-based
HR/Sourcing/Organisational Development Contractor - Banking Client - Brussels Duration: 6 months Rate: flexible Hybrid working: On-site for team meeting and workshops Job Description As part of the CISO Organisational Development team, it will be your responsibility to ensure the delivery of a number of initiatives related to CISO people strategy and to sustain and support the workforce management processes that are defined. You assist with the implementation of a long-term vision for sourcing mix and skills (technical, business, soft skills), and the related topics (Recruitment, up/re/self-skilling, mobility, etc.), in collaboration with Business and Corporate HR. You handle the execution of the initiatives and their related action plans, support the CISO Office Head and the team lead in decision-making. You ensure the accurate implementation of the strategy defined in synch with TMS and continuously improve during the roll-out thereof You safeguard and strengthen workforce management and learning expertise for strategic projects You make sure that what is proposed and implemented is in line with the different strategies, from a CISO, corporate, Technology and IT people as well as a social point of view You contribute to different projects with regards to goal setting, career evolution, skills improvement, talent management Qualifications: HR/Sourcing/Organisational Development Contractor - Banking Client - Brussels Show strong, demonstrable experience on the topic of workforce planning, people development, specifically covering sourcing mix evolution, strong confirmed understanding of skills related to (IT technical, soft and business skills) and sound understanding of transformation. Have a sound understanding of meaningful HR topics (including Recruitment, Training, mobility, up/re/self-skilling, etc.). Strong organisational change skills Analytical skills Experience with and knowledge of cyber security domains and profiling as a baseline for creating and enhancing learning paths for security professionals and experts Professional presentation skills Ability to quickly understand the Tech's organization and activities Strong communication skills to acquire sponsorship from diverse collaborators Proficiency in Microsoft Office (Word, Excel, PowerPoint, Outlook). Adapt and evolve in an international context, and understand and fit with the culture and core values. Pragmatic approach and at ease (and loves to work) in a VUCA environment. Excellent professional English skills required (verbal and written) Please do send across to me the most up to date CV to (see below)
Title: Cloud Platform Engineer - Leading Financial Services Firm (Perm) Salary: 100k + Bonus & Pension Are you a talented Cloud Platform Engineer looking for an exciting opportunity to drive innovation and transformation in a leading financial services firm? Join our dynamic team and play a crucial role in our Cloud-First, Cloud-Native architectural model. Key Responsibilities: - Engineer and secure core platform services across our global footprint - Optimize compute infrastructure to match business demands - Design and operate storage strategy for optimal data storage based on latency, redundancy, and cost - Collaborate with Cloud Security Engineering to automate vulnerability patching processes - Optimize global network for latency and performance to meet business expectations - Automate operational aspects of the infrastructure and systems life cycle - Maintain Azure tagging/naming taxonomies across all Cloud assets - Respond to incidents and ensure availability across the global infrastructure - Build infrastructure with automation tools like PowerShell, Ansible, Terraform, Azure DevOps CI/CD, and Kubernetes - Document actions to turn findings into repeatable and automated processes - Design, build, and maintain core infrastructure to enable scaling and support business growth - Debug production issues across services and levels of the stack Qualifications: - Strong knowledge of virtualization and containerization technologies on Azure - Proficiency in object-oriented programming and developing automated solutions through code - Passion for secure network design and protecting organizations from evolving cyber threats - Continual learning and advancement of Microsoft Azure technologies like Compute, Storage, and Networking - Interest in Open-Source development and industry innovation - Knowledge of configuration management systems like Ansible If you are a passionate Cloud Platform Engineer who thrives in a fast-paced, innovative environment, we'd love to hear from you. Apply now and join us in shaping the future of financial services technology. To apply, please submit your updated CV
18/06/2024
Full time
Title: Cloud Platform Engineer - Leading Financial Services Firm (Perm) Salary: 100k + Bonus & Pension Are you a talented Cloud Platform Engineer looking for an exciting opportunity to drive innovation and transformation in a leading financial services firm? Join our dynamic team and play a crucial role in our Cloud-First, Cloud-Native architectural model. Key Responsibilities: - Engineer and secure core platform services across our global footprint - Optimize compute infrastructure to match business demands - Design and operate storage strategy for optimal data storage based on latency, redundancy, and cost - Collaborate with Cloud Security Engineering to automate vulnerability patching processes - Optimize global network for latency and performance to meet business expectations - Automate operational aspects of the infrastructure and systems life cycle - Maintain Azure tagging/naming taxonomies across all Cloud assets - Respond to incidents and ensure availability across the global infrastructure - Build infrastructure with automation tools like PowerShell, Ansible, Terraform, Azure DevOps CI/CD, and Kubernetes - Document actions to turn findings into repeatable and automated processes - Design, build, and maintain core infrastructure to enable scaling and support business growth - Debug production issues across services and levels of the stack Qualifications: - Strong knowledge of virtualization and containerization technologies on Azure - Proficiency in object-oriented programming and developing automated solutions through code - Passion for secure network design and protecting organizations from evolving cyber threats - Continual learning and advancement of Microsoft Azure technologies like Compute, Storage, and Networking - Interest in Open-Source development and industry innovation - Knowledge of configuration management systems like Ansible If you are a passionate Cloud Platform Engineer who thrives in a fast-paced, innovative environment, we'd love to hear from you. Apply now and join us in shaping the future of financial services technology. To apply, please submit your updated CV
Title: Senior Cloud Security Engineer (Perm) Salary: 100k + Salary + Bonus Are you a passionate and experienced Cloud Security Engineer looking to make a significant impact in a leading Financial firm? Join a dynamic team and play a crucial role in securing their cloud-based assets as we transform our enterprise technology to a Cloud-First, Cloud-Native architectural model. Key Responsibilities: - Design, implement, and maintain secure cloud architectures across our Azure cloud platform - Develop and enforce cloud security policies, procedures, and best practices - Conduct regular security assessments, audits, and penetration testing to identify and mitigate vulnerabilities - Implement and manage cloud security tools and services, such as SIEM, IAM, and DLP - Collaborate with cross-functional teams to ensure the integration of security throughout the IT life cycle - Investigate and respond to security incidents, and develop incident response and disaster recovery plans - Ensure compliance with industry standards and global regulatory frameworks - Provide guidance and training to team members on cloud security best practices - Stay up-to-date with the latest cloud security threats, technologies, and countermeasures Qualifications: - Extensive experience with cloud security architectures and best practices across Azure cloud platform - Deep understanding of cloud security controls, including IAM, network security, data protection, and security logging/monitoring - Knowledge of common security frameworks and compliance standards, such as NIST, ISO 27001, and SOC 2 - Familiarity with security testing methodologies, such as penetration testing and vulnerability assessments - Experience with SIEM tools, such as Splunk, ELK stack, or Azure Sentinel - Understanding of secure coding practices and experience with static code analysis tools - Incident response and forensics skills - Relevant security certifications, such as CISSP, CCSP, or cloud platform-specific certifications - Proficiency in at least one object-oriented programming language - Strong passion for cybersecurity and protecting cloud-based assets in a Financial Services environment If you have a proactive mindset, keen attention to detail, and a desire to continuously learn and adapt to the ever-evolving cloud security landscape, we'd love to hear from you. To apply, please submit your CV
18/06/2024
Full time
Title: Senior Cloud Security Engineer (Perm) Salary: 100k + Salary + Bonus Are you a passionate and experienced Cloud Security Engineer looking to make a significant impact in a leading Financial firm? Join a dynamic team and play a crucial role in securing their cloud-based assets as we transform our enterprise technology to a Cloud-First, Cloud-Native architectural model. Key Responsibilities: - Design, implement, and maintain secure cloud architectures across our Azure cloud platform - Develop and enforce cloud security policies, procedures, and best practices - Conduct regular security assessments, audits, and penetration testing to identify and mitigate vulnerabilities - Implement and manage cloud security tools and services, such as SIEM, IAM, and DLP - Collaborate with cross-functional teams to ensure the integration of security throughout the IT life cycle - Investigate and respond to security incidents, and develop incident response and disaster recovery plans - Ensure compliance with industry standards and global regulatory frameworks - Provide guidance and training to team members on cloud security best practices - Stay up-to-date with the latest cloud security threats, technologies, and countermeasures Qualifications: - Extensive experience with cloud security architectures and best practices across Azure cloud platform - Deep understanding of cloud security controls, including IAM, network security, data protection, and security logging/monitoring - Knowledge of common security frameworks and compliance standards, such as NIST, ISO 27001, and SOC 2 - Familiarity with security testing methodologies, such as penetration testing and vulnerability assessments - Experience with SIEM tools, such as Splunk, ELK stack, or Azure Sentinel - Understanding of secure coding practices and experience with static code analysis tools - Incident response and forensics skills - Relevant security certifications, such as CISSP, CCSP, or cloud platform-specific certifications - Proficiency in at least one object-oriented programming language - Strong passion for cybersecurity and protecting cloud-based assets in a Financial Services environment If you have a proactive mindset, keen attention to detail, and a desire to continuously learn and adapt to the ever-evolving cloud security landscape, we'd love to hear from you. To apply, please submit your CV
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
18/06/2024
Full time
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
Job Description As part of the CISO Organisational Development team, it will be your responsibility to ensure the delivery of a number of initiatives related to CISO people strategy and to sustain and support the workforce management processes that are defined. You assist with the implementation of a long-term vision for sourcing mix and skills (technical, business, soft skills), and the related topics (Recruitment, up/re/self-skilling, mobility, etc.), in collaboration with Business and Corporate HR. You handle the execution of the initiatives and their related action plans, support the CISO Office Head and the team lead in decision-making. You ensure the accurate implementation of the strategy defined in synch with TMS and continuously improve during the roll-out thereof You safeguard and strengthen workforce management and learning expertise for strategic projects You make sure that what is proposed and implemented is in line with the different strategies, from a CISO, corporate, technology and IT people as well as a social point of view You contribute to different projects with regards to goal setting, career evolution, skills improvement, talent management Qualifications Show strong, demonstrable experience on the topic of workforce planning, people development, specifically covering sourcing mix evolution, strong confirmed understanding of skills related to (IT technical, soft and business skills) and sound understanding of transformation. Have a sound understanding of meaningful HR topics (including Recruitment, Training, mobility, up/re/self-skilling, etc.) Experience with and knowledge of cyber security domains and profiling as a baseline for creating and enhancing learning paths for security professionals and experts Strong organisational change skills Analytical skills Professional presentation skills Ability to quickly understand our Tech's organization and activities Strong communication skills to acquire sponsorship from diverse collaborators Proficiency in Microsoft Office (Word, Excel, PowerPoint, Outlook). Adapt and evolve in an international context, and understand and fit with the company's culture and core values. Pragmatic approach and at ease (and loves to work) in a VUCA environment. Excellent professional English skills required (verbal and written)
18/06/2024
Project-based
Job Description As part of the CISO Organisational Development team, it will be your responsibility to ensure the delivery of a number of initiatives related to CISO people strategy and to sustain and support the workforce management processes that are defined. You assist with the implementation of a long-term vision for sourcing mix and skills (technical, business, soft skills), and the related topics (Recruitment, up/re/self-skilling, mobility, etc.), in collaboration with Business and Corporate HR. You handle the execution of the initiatives and their related action plans, support the CISO Office Head and the team lead in decision-making. You ensure the accurate implementation of the strategy defined in synch with TMS and continuously improve during the roll-out thereof You safeguard and strengthen workforce management and learning expertise for strategic projects You make sure that what is proposed and implemented is in line with the different strategies, from a CISO, corporate, technology and IT people as well as a social point of view You contribute to different projects with regards to goal setting, career evolution, skills improvement, talent management Qualifications Show strong, demonstrable experience on the topic of workforce planning, people development, specifically covering sourcing mix evolution, strong confirmed understanding of skills related to (IT technical, soft and business skills) and sound understanding of transformation. Have a sound understanding of meaningful HR topics (including Recruitment, Training, mobility, up/re/self-skilling, etc.) Experience with and knowledge of cyber security domains and profiling as a baseline for creating and enhancing learning paths for security professionals and experts Strong organisational change skills Analytical skills Professional presentation skills Ability to quickly understand our Tech's organization and activities Strong communication skills to acquire sponsorship from diverse collaborators Proficiency in Microsoft Office (Word, Excel, PowerPoint, Outlook). Adapt and evolve in an international context, and understand and fit with the company's culture and core values. Pragmatic approach and at ease (and loves to work) in a VUCA environment. Excellent professional English skills required (verbal and written)
Senior Cyber Security Architect Salary upto £80,000 Description: Since our establishment in 1990, Methods has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Our mission is to improve and safeguard public-facing services. We apply digital thinking to ensure the future of our public services is centred around our citizens. Our human touch sets us apart from other consultancies, system integrators and software houses - we have a customer-centric value system whereby we focus on delivering what is right for our clients. We passionately support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them. Methods are experts in delivering secure, resilient cyber and information services - keeping systems and data safe. We help reduce risk and vulnerabilities from cyber-attacks by developing a security road-map tailored to your unique needs. We help organisations improve processes such as threat management by building an identity management programme, and establishing prevention, detection and response capabilities to cyber-attacks. Requirements Ability to research, articulate, pitch complex and innovative security advice, at both business and technical levels, for new or existing problems, with the objective to justify and communicate decisions directly to key customer stakeholders including senior management. Able to understand and comprehend the impact of decisions, balancing requirements and deciding between approaches Develop vision, principles and strategy for security for multiple projects or technologies; working in a particular field as subject matter expert, to support a team in delivering engagements at scale, which may require subtle security needs and requirements, contributing to development of information security policy, standards, procedures and guidelines. Effective business acumen and an understanding of the cyber security challenges faced by client, with the objective to develop our cyber assurance practice, by supporting business development and practice management. Experience of identifying and applying security risk and familiarity with common control frameworks, with the ability investigating major breaches of security and recommending appropriate control improvements. Maintaining awareness of key business and industry trends and understanding how they impact responses to cyber risk, with the contribution of the development of our team through training and coaching. Managing, delivering, leading cyber security and cyber risk assignments, with the management of portfolio of clients, across a variety of sectors and locations, including producing documentation, presentation, reports, recommendations and quality assuring, for the work produced by team members and being the point of escalation for lower grade roles. Providing our clients with trusted advice, rooted in a pragmatic and agnostic understanding of their business situation and objectives, to help them navigate complex, risk-driven cyber decisions. Working as a subject matter expert in your particular field, owning and delivering initiatives to embed quality through learning and other activity, working seamlessly and collaboratively with colleagues and clients from other service lines, supporting a team or colleagues to deliver engagements at scale, with the appropriate reach and influence across the teams and communities. Managing diverse teams within an inclusive team culture where people are recognised and encouraged for their contribution. Essential Skills and Experience: An experienced consultant with a background in Cyber Security Minimum 5-7 years of experience in Information Security related positions Minimum 3-5 years of experience in security architecture Cyber Security Certification eg ISC2 CISSP, ISC2 CCSP, ISACA CISM or similar Certification in AWS or Azure for Architecture and Security or similar IASME/Cyber Essentials Plus Certified Expert knowledge of secure network architecture and technical design Experience in creating secure architecture in either AWS and/or Azure Experience providing expert strategy, risk and technical advice, guidance and support on cyber security, both in business-as-usual and for live and planned projects within our clients' business. Expected to be the point of escalation for architects in lower grade roles and lead technical design of systems and services Broad range of cyber and information security skills, knowledge and experience such as security threats and vulnerabilities that impact/and/or emanate from system hardware, software and other infrastructure components, and relevant strategies, controls and activities to prevent, mitigate, detect and resolve security incidents affecting system hardware, software and other infrastructure components. Experience in gap analysis for specific domains, identify gaps in existing capabilities, service maturity. Identify missing cybersecurity and cyber-resiliency capabilities in alignment with changing business needs, threat land scape and technical requirements to increase the quality of the selected solutions also including topics such as products' convergence over time and products decommissioning. Expert knowledge of identifying, developing and communicating threat modelling and understanding the impact of decisions, balancing requirements and deciding between approaches Research and apply innovative security architecture solutions to new or existing problems and be able to justify and communicate subtle design decisions Able to develop vision, principles and strategy for security architects for projects or technologies Demonstrably experienced in working as an effective member of a multi-disciplinary team and reach & influence a wide range of people across larger teams and communities. Excellent stakeholder management, presentation and communication skills, with the ability to interact with senior stakeholders across department and clients Pro-active approach to personal and professional development. Work closely with your peers in the security architecture group, service and solution architects, engineers, project teams. Must hold, or be able to hold, an HMG Security Check (SC) clearance. Ability to apply standards, practices, codes and assessment of certification programmes relevant to the IT industry and the specific organisation or business domain. Experience in writing and creating Cyber Security documents ie Risk Assessments, ESRM, DPIA etc and produce particular patterns and support quality assurance Knowledge of the IT/IS infrastructure (eg databases and LANs) and the IT applications and service processes used within own organisation, including those associated with sustainability and efficiency. Ability to use any tool or system which provides security access control (eg Active Directory) Showing proficiency in the principles and application of cloud/virtualisation (including ownership responsibilities and security implications) and be able to use tools and systems to manage virtualised environments eg Server/desktop virtualisation and SDDC (Software Defined Data Centre). Benefits Holiday: 25 days a year, plus bank holidays, with the option to buy 5 extra days each year Pension: 4% employer contribution and 5% employee contribution Discretionary bonus: based on company and individual performance Life assurance: 4 times base salary Private medical insurance: non-contributory (spouse and dependants included) Worldwide travel insurance: non-contributory (spouse and dependants included) Enhanced maternity and paternity leave after 18 months service Wellness: 24/7 confidential employee assistance programme, including counselling Social: Parties and social events, and commitment to charitable causes Professional development: access to LinkedIn Learning, and discretionary training budget Travel: season ticket loan, cycle to work scheme Development access to LinkedIn Learning, a management development programme and training Wellness 24/7 Confidential employee assistance programme
18/06/2024
Full time
Senior Cyber Security Architect Salary upto £80,000 Description: Since our establishment in 1990, Methods has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Our mission is to improve and safeguard public-facing services. We apply digital thinking to ensure the future of our public services is centred around our citizens. Our human touch sets us apart from other consultancies, system integrators and software houses - we have a customer-centric value system whereby we focus on delivering what is right for our clients. We passionately support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them. Methods are experts in delivering secure, resilient cyber and information services - keeping systems and data safe. We help reduce risk and vulnerabilities from cyber-attacks by developing a security road-map tailored to your unique needs. We help organisations improve processes such as threat management by building an identity management programme, and establishing prevention, detection and response capabilities to cyber-attacks. Requirements Ability to research, articulate, pitch complex and innovative security advice, at both business and technical levels, for new or existing problems, with the objective to justify and communicate decisions directly to key customer stakeholders including senior management. Able to understand and comprehend the impact of decisions, balancing requirements and deciding between approaches Develop vision, principles and strategy for security for multiple projects or technologies; working in a particular field as subject matter expert, to support a team in delivering engagements at scale, which may require subtle security needs and requirements, contributing to development of information security policy, standards, procedures and guidelines. Effective business acumen and an understanding of the cyber security challenges faced by client, with the objective to develop our cyber assurance practice, by supporting business development and practice management. Experience of identifying and applying security risk and familiarity with common control frameworks, with the ability investigating major breaches of security and recommending appropriate control improvements. Maintaining awareness of key business and industry trends and understanding how they impact responses to cyber risk, with the contribution of the development of our team through training and coaching. Managing, delivering, leading cyber security and cyber risk assignments, with the management of portfolio of clients, across a variety of sectors and locations, including producing documentation, presentation, reports, recommendations and quality assuring, for the work produced by team members and being the point of escalation for lower grade roles. Providing our clients with trusted advice, rooted in a pragmatic and agnostic understanding of their business situation and objectives, to help them navigate complex, risk-driven cyber decisions. Working as a subject matter expert in your particular field, owning and delivering initiatives to embed quality through learning and other activity, working seamlessly and collaboratively with colleagues and clients from other service lines, supporting a team or colleagues to deliver engagements at scale, with the appropriate reach and influence across the teams and communities. Managing diverse teams within an inclusive team culture where people are recognised and encouraged for their contribution. Essential Skills and Experience: An experienced consultant with a background in Cyber Security Minimum 5-7 years of experience in Information Security related positions Minimum 3-5 years of experience in security architecture Cyber Security Certification eg ISC2 CISSP, ISC2 CCSP, ISACA CISM or similar Certification in AWS or Azure for Architecture and Security or similar IASME/Cyber Essentials Plus Certified Expert knowledge of secure network architecture and technical design Experience in creating secure architecture in either AWS and/or Azure Experience providing expert strategy, risk and technical advice, guidance and support on cyber security, both in business-as-usual and for live and planned projects within our clients' business. Expected to be the point of escalation for architects in lower grade roles and lead technical design of systems and services Broad range of cyber and information security skills, knowledge and experience such as security threats and vulnerabilities that impact/and/or emanate from system hardware, software and other infrastructure components, and relevant strategies, controls and activities to prevent, mitigate, detect and resolve security incidents affecting system hardware, software and other infrastructure components. Experience in gap analysis for specific domains, identify gaps in existing capabilities, service maturity. Identify missing cybersecurity and cyber-resiliency capabilities in alignment with changing business needs, threat land scape and technical requirements to increase the quality of the selected solutions also including topics such as products' convergence over time and products decommissioning. Expert knowledge of identifying, developing and communicating threat modelling and understanding the impact of decisions, balancing requirements and deciding between approaches Research and apply innovative security architecture solutions to new or existing problems and be able to justify and communicate subtle design decisions Able to develop vision, principles and strategy for security architects for projects or technologies Demonstrably experienced in working as an effective member of a multi-disciplinary team and reach & influence a wide range of people across larger teams and communities. Excellent stakeholder management, presentation and communication skills, with the ability to interact with senior stakeholders across department and clients Pro-active approach to personal and professional development. Work closely with your peers in the security architecture group, service and solution architects, engineers, project teams. Must hold, or be able to hold, an HMG Security Check (SC) clearance. Ability to apply standards, practices, codes and assessment of certification programmes relevant to the IT industry and the specific organisation or business domain. Experience in writing and creating Cyber Security documents ie Risk Assessments, ESRM, DPIA etc and produce particular patterns and support quality assurance Knowledge of the IT/IS infrastructure (eg databases and LANs) and the IT applications and service processes used within own organisation, including those associated with sustainability and efficiency. Ability to use any tool or system which provides security access control (eg Active Directory) Showing proficiency in the principles and application of cloud/virtualisation (including ownership responsibilities and security implications) and be able to use tools and systems to manage virtualised environments eg Server/desktop virtualisation and SDDC (Software Defined Data Centre). Benefits Holiday: 25 days a year, plus bank holidays, with the option to buy 5 extra days each year Pension: 4% employer contribution and 5% employee contribution Discretionary bonus: based on company and individual performance Life assurance: 4 times base salary Private medical insurance: non-contributory (spouse and dependants included) Worldwide travel insurance: non-contributory (spouse and dependants included) Enhanced maternity and paternity leave after 18 months service Wellness: 24/7 confidential employee assistance programme, including counselling Social: Parties and social events, and commitment to charitable causes Professional development: access to LinkedIn Learning, and discretionary training budget Travel: season ticket loan, cycle to work scheme Development access to LinkedIn Learning, a management development programme and training Wellness 24/7 Confidential employee assistance programme
Methods Business and Digital Technology Limited Methods is a £100M+ IT Services Consultancy who has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Established over 30 years ago and UK-based, we apply our skills in transformation, delivery, and collaboration from across the Methods Group, to create end-to-end business and technical solutions that are people-centred, safe, and designed for the future. Our human touch sets us apart from other consultancies, system integrators and software houses - with people, technology, and data at the heart of who we are, we believe in creating value and sustainability through everything we do for our clients, staff, communities, and the planet. We support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them. Predominantly focused on the public-sector, Methods is now building a significant private sector client portfolio. Methods was acquired by the Alten Group in early 2022. Methods is currently recruiting for a DevSecOps Engineer (Cyber) Consultant to join our team on a permanent basis. This role will be based on-site Requirements Specialised in cloud management of platforms, applications, data and supporting infrastructure in the capacity of a system administrator of either the AWS or Azure platform Developing automation to support continuous delivery of changes using technologies on the Azure platform. Developing infrastructure as a service configuration to automate the creation of infrastructure and platforms to host test and production systems Building and setting up new development tools and infrastructure Understanding the needs of stakeholders and conveying this to developers Working on ways to automate and improve development and release processes Testing and examining code written by others and analysing results Ensuring that systems are safe and secure against cybersecurity threats Familiar with the NCSC secure design principles Familiar with managing security of cloud platforms, including administration of secrets, tokens and certificates. Working with Architects, Data and Software Engineers to ensure that development follows established processes and works as intended Planning out projects and being involved in project management decisions Responsible for the design, security, and maintenance of cloud infrastructure Making and guiding effective decisions, explaining clearly how the decision has been reached with the ability to understand and resolve technical disputes across varying levels of complexity and risk. Communicating effectively across organisational, technical and political boundaries to understand the context and how to make complex and technical information and language simple and accessible for non-technical audiences. Understanding of how to expose data from systems (for example, through APIs), link data from multiple systems and deliver streaming services. Ensuring that risks associated with deployment are adequately understood and documented. Ideal Candidates will demonstrate: Experience working across cyber security teams would be beneficial Solid infrastructure design experience for both on-prem and cloud, to implement or migrate applications and databases to Azure. Solid experience in a range of technologies and be able to make assessments as to what is best to be used for the projects and the organisation. As well as suggest and develop innovative approaches within constrained projects and environments. Strong experience in software development, change/release management processes, and technical governance to fully understand the typical life cycle and maintenance of live systems. Ability to work with containerization platforms such as Kubernetes, PKS, Docker; cloud provisioning software, including Ansible, Terraform, Azure blueprints, ARM templates; and application performance analysis and monitoring Experience of functional and non-functional testing including automated deployment experience of applications and databases. Understanding of the government digital service manual and standards across Discovery/Alpha/Beta/Live phases. Understanding of SaaS, PaaS, IaaS technologies and the implications of their use compared with bespoke development. Being able to provide training, support and mentoring to the wider business Knowledge of how to ensure that risks associated with deployment are adequately understood and documented. Desirable Skills & Experience: Worked as part of a system support team, managing live systems and triaging & resolving incidents to resolution including management of known defects and issues. Worked as part of multi-disciplinary project team. Experience with Terraform to deploy cloud infrastructure in Azure Experience with Azure DevOps and GitHub Actions to automate the build and deploy of containerised applications Experience implementing effective instrumentation to monitor applications Experience implementing SAST and DAST tooling in deployment pipelines like Trivvy and SonarQube Experience of both AWS and Azure Dev Ops tooling. This role will require you to have or be willing to go through Security Clearance. As part of the onboarding process candidates will be asked to complete a Baseline Personnel Security Standard; details of the evidence required to apply may be found on the government website Gov.UK. If you are unable to meet this and any associated criteria, then your employment may be delayed, or rejected . Details of this will be discussed with you at interview. Benefits Methods is passionate about its people; we want our colleagues to develop the things they are good at and enjoy. By joining us you can expect Autonomy to develop and grow your skills and experience Be part of exciting project work that is making a difference in society Strong, inspiring and thought-provoking leadership A supportive and collaborative environment Development - access to LinkedIn Learning, a management development programme, and training Wellness - 24/7 confidential employee assistance programme Flexible Working - including home working and part time Social - office parties, breakfast Tuesdays, monthly pizza Thursdays, Thirsty Thursdays, and commitment to charitable causes Time Off - 25 days of annual leave a year, plus bank holidays, with the option to buy 5 extra days each year Volunteering - 2 paid days per year to volunteer in our local communities or within a charity organisation Pension - Salary Exchange Scheme with 4% employer contribution and 5% employee contribution Discretionary Company Bonus - based on company and individual performance Life Assurance - of 4 times base salary Private Medical Insurance - which is non-contributory (spouse and dependants included) Worldwide Travel Insurance - which is non-contributory (spouse and dependants included) Enhanced Maternity and Paternity Pay Travel - season ticket loan, cycle to work scheme For a full list of benefits please visit our website
18/06/2024
Full time
Methods Business and Digital Technology Limited Methods is a £100M+ IT Services Consultancy who has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Established over 30 years ago and UK-based, we apply our skills in transformation, delivery, and collaboration from across the Methods Group, to create end-to-end business and technical solutions that are people-centred, safe, and designed for the future. Our human touch sets us apart from other consultancies, system integrators and software houses - with people, technology, and data at the heart of who we are, we believe in creating value and sustainability through everything we do for our clients, staff, communities, and the planet. We support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them. Predominantly focused on the public-sector, Methods is now building a significant private sector client portfolio. Methods was acquired by the Alten Group in early 2022. Methods is currently recruiting for a DevSecOps Engineer (Cyber) Consultant to join our team on a permanent basis. This role will be based on-site Requirements Specialised in cloud management of platforms, applications, data and supporting infrastructure in the capacity of a system administrator of either the AWS or Azure platform Developing automation to support continuous delivery of changes using technologies on the Azure platform. Developing infrastructure as a service configuration to automate the creation of infrastructure and platforms to host test and production systems Building and setting up new development tools and infrastructure Understanding the needs of stakeholders and conveying this to developers Working on ways to automate and improve development and release processes Testing and examining code written by others and analysing results Ensuring that systems are safe and secure against cybersecurity threats Familiar with the NCSC secure design principles Familiar with managing security of cloud platforms, including administration of secrets, tokens and certificates. Working with Architects, Data and Software Engineers to ensure that development follows established processes and works as intended Planning out projects and being involved in project management decisions Responsible for the design, security, and maintenance of cloud infrastructure Making and guiding effective decisions, explaining clearly how the decision has been reached with the ability to understand and resolve technical disputes across varying levels of complexity and risk. Communicating effectively across organisational, technical and political boundaries to understand the context and how to make complex and technical information and language simple and accessible for non-technical audiences. Understanding of how to expose data from systems (for example, through APIs), link data from multiple systems and deliver streaming services. Ensuring that risks associated with deployment are adequately understood and documented. Ideal Candidates will demonstrate: Experience working across cyber security teams would be beneficial Solid infrastructure design experience for both on-prem and cloud, to implement or migrate applications and databases to Azure. Solid experience in a range of technologies and be able to make assessments as to what is best to be used for the projects and the organisation. As well as suggest and develop innovative approaches within constrained projects and environments. Strong experience in software development, change/release management processes, and technical governance to fully understand the typical life cycle and maintenance of live systems. Ability to work with containerization platforms such as Kubernetes, PKS, Docker; cloud provisioning software, including Ansible, Terraform, Azure blueprints, ARM templates; and application performance analysis and monitoring Experience of functional and non-functional testing including automated deployment experience of applications and databases. Understanding of the government digital service manual and standards across Discovery/Alpha/Beta/Live phases. Understanding of SaaS, PaaS, IaaS technologies and the implications of their use compared with bespoke development. Being able to provide training, support and mentoring to the wider business Knowledge of how to ensure that risks associated with deployment are adequately understood and documented. Desirable Skills & Experience: Worked as part of a system support team, managing live systems and triaging & resolving incidents to resolution including management of known defects and issues. Worked as part of multi-disciplinary project team. Experience with Terraform to deploy cloud infrastructure in Azure Experience with Azure DevOps and GitHub Actions to automate the build and deploy of containerised applications Experience implementing effective instrumentation to monitor applications Experience implementing SAST and DAST tooling in deployment pipelines like Trivvy and SonarQube Experience of both AWS and Azure Dev Ops tooling. This role will require you to have or be willing to go through Security Clearance. As part of the onboarding process candidates will be asked to complete a Baseline Personnel Security Standard; details of the evidence required to apply may be found on the government website Gov.UK. If you are unable to meet this and any associated criteria, then your employment may be delayed, or rejected . Details of this will be discussed with you at interview. Benefits Methods is passionate about its people; we want our colleagues to develop the things they are good at and enjoy. By joining us you can expect Autonomy to develop and grow your skills and experience Be part of exciting project work that is making a difference in society Strong, inspiring and thought-provoking leadership A supportive and collaborative environment Development - access to LinkedIn Learning, a management development programme, and training Wellness - 24/7 confidential employee assistance programme Flexible Working - including home working and part time Social - office parties, breakfast Tuesdays, monthly pizza Thursdays, Thirsty Thursdays, and commitment to charitable causes Time Off - 25 days of annual leave a year, plus bank holidays, with the option to buy 5 extra days each year Volunteering - 2 paid days per year to volunteer in our local communities or within a charity organisation Pension - Salary Exchange Scheme with 4% employer contribution and 5% employee contribution Discretionary Company Bonus - based on company and individual performance Life Assurance - of 4 times base salary Private Medical Insurance - which is non-contributory (spouse and dependants included) Worldwide Travel Insurance - which is non-contributory (spouse and dependants included) Enhanced Maternity and Paternity Pay Travel - season ticket loan, cycle to work scheme For a full list of benefits please visit our website
Intuition IT Solutions Ltd
Hereford, Herefordshire
SC Cleared SIEM Engineer (SOC and Elasticsearch) - Inside IR35 - Hereford Intuition IT are currently working with a leading consultancy within the Public sector who are look for a SIEM engineer who has Elasticsearch experience. Responsibilities: Threat Detection and Analysis: Utilize your expertise in Elastic to monitor, detect, and analyze potential security threats and incidents. Incident Response: Lead or assist in the response to security incidents, conducting investigations to identify the root cause and implementing mitigation strategies. Log Analysis and Monitoring: Analyze and correlate log data from various sources to identify potential security incidents, anomalies, and trends. Elasticsearch Expertise: Leverage your proficiency in Elastic tools and technologies to optimize search queries, build dashboards, and develop custom alerts for proactive threat detection. Collaboration: Work closely with other members of the SOC team, as well as cross-functional teams, to share insights, collaborate on incident response, and improve overall security posture. Continuous Improvement: Stay abreast of the latest cybersecurity trends, vulnerabilities, and threat intelligence to contribute to the continuous improvement of security processes and procedures.
17/06/2024
Project-based
SC Cleared SIEM Engineer (SOC and Elasticsearch) - Inside IR35 - Hereford Intuition IT are currently working with a leading consultancy within the Public sector who are look for a SIEM engineer who has Elasticsearch experience. Responsibilities: Threat Detection and Analysis: Utilize your expertise in Elastic to monitor, detect, and analyze potential security threats and incidents. Incident Response: Lead or assist in the response to security incidents, conducting investigations to identify the root cause and implementing mitigation strategies. Log Analysis and Monitoring: Analyze and correlate log data from various sources to identify potential security incidents, anomalies, and trends. Elasticsearch Expertise: Leverage your proficiency in Elastic tools and technologies to optimize search queries, build dashboards, and develop custom alerts for proactive threat detection. Collaboration: Work closely with other members of the SOC team, as well as cross-functional teams, to share insights, collaborate on incident response, and improve overall security posture. Continuous Improvement: Stay abreast of the latest cybersecurity trends, vulnerabilities, and threat intelligence to contribute to the continuous improvement of security processes and procedures.
This is an amazing opportunity for a Senior Security Consultant or a Cyber Security Manager to join a really fantastic business that offers an incredible amount of learning and development working with a fantastic IT Director to deliver the company's Cyber Security strategy . Interested? If so please read on. Client Details A fantastic business that operates within UK and EU. Description You will be overseeing a Security Analyst assisting with their learning and development as well as your own, whilst developing the growth of the team with future requirements. You will be working within a company that really invests in their team in terms of training and development long term. In this role you will be rewarded with a competitive salary of up to £60,000 per annum depending on experience with a host of further benefits including a generous pension, Life Assurance and 28 days annual leave plus much more! If this sounds interesting to you, please read on What you will bring to the role: You will be delivering ISO 27001 compliance in relation to Cyber Security. Exposure to compliance standards such as NIST, GDPR or ISO 27001. Working closely with the IT Director to deliver the Cyber Security strategy for the company. Developing the team, and future growth of the team as the Cyber Security team grows. Developing and maintaining the Cyber Security policies and procedures. Continuously monitoring Network traffic for any "out of the ordinary" activity and responding to security breaches accordingly. Maintaining and developing the incident response plan. Implementing new security technologies and solutions. Relevant certifications such as CISM, CISSP or CEH would be desirable. Profile The Successful Applicant: This would be a fantastic opportunity for someone looking to take their career to the next level. It would be ideal for someone who has exceptional leadership, abilities who is a real analytical thinker. Job Offer What's on offer: Salary up to £60,000 per annum. 28 days annual leave. Lots of on-the-job learning. Life Assurance. PLUS MUCH MORE! If this opportunity sounds exciting to you hit APPLY NOW before it's too late and this role is snapped up. We are looking to fill this quickly, so it will not be around for too long.
17/06/2024
Full time
This is an amazing opportunity for a Senior Security Consultant or a Cyber Security Manager to join a really fantastic business that offers an incredible amount of learning and development working with a fantastic IT Director to deliver the company's Cyber Security strategy . Interested? If so please read on. Client Details A fantastic business that operates within UK and EU. Description You will be overseeing a Security Analyst assisting with their learning and development as well as your own, whilst developing the growth of the team with future requirements. You will be working within a company that really invests in their team in terms of training and development long term. In this role you will be rewarded with a competitive salary of up to £60,000 per annum depending on experience with a host of further benefits including a generous pension, Life Assurance and 28 days annual leave plus much more! If this sounds interesting to you, please read on What you will bring to the role: You will be delivering ISO 27001 compliance in relation to Cyber Security. Exposure to compliance standards such as NIST, GDPR or ISO 27001. Working closely with the IT Director to deliver the Cyber Security strategy for the company. Developing the team, and future growth of the team as the Cyber Security team grows. Developing and maintaining the Cyber Security policies and procedures. Continuously monitoring Network traffic for any "out of the ordinary" activity and responding to security breaches accordingly. Maintaining and developing the incident response plan. Implementing new security technologies and solutions. Relevant certifications such as CISM, CISSP or CEH would be desirable. Profile The Successful Applicant: This would be a fantastic opportunity for someone looking to take their career to the next level. It would be ideal for someone who has exceptional leadership, abilities who is a real analytical thinker. Job Offer What's on offer: Salary up to £60,000 per annum. 28 days annual leave. Lots of on-the-job learning. Life Assurance. PLUS MUCH MORE! If this opportunity sounds exciting to you hit APPLY NOW before it's too late and this role is snapped up. We are looking to fill this quickly, so it will not be around for too long.
Robert Half have partnered on a retained basis with CMS Cepcor to recruit an ERP Manager on a permanent contract, to be based in Coalville, Leicestershire. The Organisation: The CMS Group is the leading aftermarket manufacturer and supplier of crusher spare parts. Trading for over 30 years this family owned business supplies customers in over 140 different countries with current revenues of £80m with ambitious export growth plans. It recently received the Kings award for International Trade. Their headquarters and manufacturing facilities are based in North Leicestershire and there are two further locations in the US plus plans to extend physical presence in other key geographies. They operate a heavily customised ERP system to manage stock, manufacturing, multiple currencies, multiple locations and intercompany trading. The UK operation is currently implementing Blue Yonder WMS which will complement its current ERP system. Role overview: The role holder will report to the Group Commercial Director and have significant input from the CFO and will business partner multiple stakeholders. Previous people management skills are required as the ERP Manage will manage one direct report, who has extensive experience with the current ERP system. Additional ad hoc support is also provided by the ERP provider. The ERP Manager would be responsible for making timely, effective decisions at a high level, effectively communicating those decisions with key stakeholders, therefore the ability to work under pressure, prioritise and work towards deadlines is essential within this role. The ERP Manager would have overall responsibility for the integration and maintenance of ERP applications and software within the CMS Cepcor Group. Key Responsibilities: Overseeing the planning, development, and integration of ERP systems Key stakeholder management, including senior management and external contractors, partnering closely with our finance function. Managing the functionality of ERP systems, as well as upgrades and modifications to current systems Responsible for overall ERP system cyber security Strategic responsibility to plan to meet the system needs for business growth, assessing risk and system capability Direct line Management of one report Optimise and improve current ERP System Tracking, analysing and resolving issues with ERP systems including, performing diagnostic tests. Communicating with key stakeholders on schedules, delays and work changes for ERP projects and system upgrades Designing and training users on new and upgraded systems Managing change across the organisation to ensure a gradual adoption of new systems Implement efficient ways of working within the current ERP system to create a streamlined approach to each process creating resilience throughout the systems. Consulting with business units to determine ERP requirements Design and implement simplified reporting structures for key business requirements Installing and integrating ERP software/apps Designing user-friendly interfaces and functionalities Key Skills, Qualifications and Experience Required: Previous experience in managing ERP Systems is essential. Proven experience partnering with users across various sites to solve business challenges and improve processes through ERP solutions. Background in gathering and translating business needs into functional specifications, test plans, and standard operating procedures. Expert knowledge creating and maintaining Business Intelligence reports using ERP tools such as Crystal Reports, Excel, and Power BI. Extensive background advocating for process simplification, standardization, and innovation. Demonstrable experience managing ERP system security, ensuring profiles and access controls are up to date. Demonstrable experience administering SQL databases, managing jobs, backups, and updates. Staying informed about the ERP solution roadmap to maximise future developments and business return on investment. Experience implementing system Extensive experience in SQL Extensive systems experience Finance background/Financial understanding, potentially have experience working across multicurrency systems. Previous project management experience and effective time management skills Strong influencing skills and ability to work at a high level, including collaborating directly with the board of directors Strong people management skills and experience Ability to analyse and manipulate data. Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to equal opportunity and diversity. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data: Security alert: scammers are currently targeting jobseekers. Robert Half do not ask candidates for a fee or request candidates to send applications through instant messaging services such as WhatsApp or Telegram. Learn how to protect yourself by visiting our website:
17/06/2024
Full time
Robert Half have partnered on a retained basis with CMS Cepcor to recruit an ERP Manager on a permanent contract, to be based in Coalville, Leicestershire. The Organisation: The CMS Group is the leading aftermarket manufacturer and supplier of crusher spare parts. Trading for over 30 years this family owned business supplies customers in over 140 different countries with current revenues of £80m with ambitious export growth plans. It recently received the Kings award for International Trade. Their headquarters and manufacturing facilities are based in North Leicestershire and there are two further locations in the US plus plans to extend physical presence in other key geographies. They operate a heavily customised ERP system to manage stock, manufacturing, multiple currencies, multiple locations and intercompany trading. The UK operation is currently implementing Blue Yonder WMS which will complement its current ERP system. Role overview: The role holder will report to the Group Commercial Director and have significant input from the CFO and will business partner multiple stakeholders. Previous people management skills are required as the ERP Manage will manage one direct report, who has extensive experience with the current ERP system. Additional ad hoc support is also provided by the ERP provider. The ERP Manager would be responsible for making timely, effective decisions at a high level, effectively communicating those decisions with key stakeholders, therefore the ability to work under pressure, prioritise and work towards deadlines is essential within this role. The ERP Manager would have overall responsibility for the integration and maintenance of ERP applications and software within the CMS Cepcor Group. Key Responsibilities: Overseeing the planning, development, and integration of ERP systems Key stakeholder management, including senior management and external contractors, partnering closely with our finance function. Managing the functionality of ERP systems, as well as upgrades and modifications to current systems Responsible for overall ERP system cyber security Strategic responsibility to plan to meet the system needs for business growth, assessing risk and system capability Direct line Management of one report Optimise and improve current ERP System Tracking, analysing and resolving issues with ERP systems including, performing diagnostic tests. Communicating with key stakeholders on schedules, delays and work changes for ERP projects and system upgrades Designing and training users on new and upgraded systems Managing change across the organisation to ensure a gradual adoption of new systems Implement efficient ways of working within the current ERP system to create a streamlined approach to each process creating resilience throughout the systems. Consulting with business units to determine ERP requirements Design and implement simplified reporting structures for key business requirements Installing and integrating ERP software/apps Designing user-friendly interfaces and functionalities Key Skills, Qualifications and Experience Required: Previous experience in managing ERP Systems is essential. Proven experience partnering with users across various sites to solve business challenges and improve processes through ERP solutions. Background in gathering and translating business needs into functional specifications, test plans, and standard operating procedures. Expert knowledge creating and maintaining Business Intelligence reports using ERP tools such as Crystal Reports, Excel, and Power BI. Extensive background advocating for process simplification, standardization, and innovation. Demonstrable experience managing ERP system security, ensuring profiles and access controls are up to date. Demonstrable experience administering SQL databases, managing jobs, backups, and updates. Staying informed about the ERP solution roadmap to maximise future developments and business return on investment. Experience implementing system Extensive experience in SQL Extensive systems experience Finance background/Financial understanding, potentially have experience working across multicurrency systems. Previous project management experience and effective time management skills Strong influencing skills and ability to work at a high level, including collaborating directly with the board of directors Strong people management skills and experience Ability to analyse and manipulate data. Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to equal opportunity and diversity. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data: Security alert: scammers are currently targeting jobseekers. Robert Half do not ask candidates for a fee or request candidates to send applications through instant messaging services such as WhatsApp or Telegram. Learn how to protect yourself by visiting our website:
About the Role Our client is currently seeking a Cyber Issues Manager to join their team. As a Cyber Issues Manager, you will have the unique opportunity to work on and support groundbreaking cyber security and networking technologies on a national and international scale. Your role will involve working on research and development projects to secure telecommunications networks, making the UK the safest place to live and do business online. You will play a vital role in managing security-related issues across the telecommunications projects. This includes triaging these issues, communicating the results to relevant parties, and working with equipment vendors and others to resolve them. Your knowledge, experience, and networks will be crucial to ensure its relevance and representation. About You Significant experience in telecoms network environment, ideally in identifying and communicating security-related issues. Strong understanding of relevant legislation, such as the Telecommunications (Security) Act 2021. Technical leadership in telecoms security or equivalent cyber security. In-depth knowledge of network protocols, software workings, and security vulnerabilities. Experience working with telecoms infrastructure equipment vendors and UK Communications Service Providers. Understanding of hardware and software development life cycles. Applied knowledge of cryptographic algorithms/standards, data structures, and distributed systems. DV clearance with no restrictions or the ability to obtain DV clearance. About Us Our client aims to provide cutting-edge technology to secure telecommunications networks, accelerate the rollout of 5G, and diversify the supply chain market. As part of this initiative, our client, plays a crucial role in providing measurement science, engineering, and technology to ensure the highest standards of cyber security. If you want to be part of an innovative team and contribute to securing the UK's telecommunications networks, apply now!
17/06/2024
Full time
About the Role Our client is currently seeking a Cyber Issues Manager to join their team. As a Cyber Issues Manager, you will have the unique opportunity to work on and support groundbreaking cyber security and networking technologies on a national and international scale. Your role will involve working on research and development projects to secure telecommunications networks, making the UK the safest place to live and do business online. You will play a vital role in managing security-related issues across the telecommunications projects. This includes triaging these issues, communicating the results to relevant parties, and working with equipment vendors and others to resolve them. Your knowledge, experience, and networks will be crucial to ensure its relevance and representation. About You Significant experience in telecoms network environment, ideally in identifying and communicating security-related issues. Strong understanding of relevant legislation, such as the Telecommunications (Security) Act 2021. Technical leadership in telecoms security or equivalent cyber security. In-depth knowledge of network protocols, software workings, and security vulnerabilities. Experience working with telecoms infrastructure equipment vendors and UK Communications Service Providers. Understanding of hardware and software development life cycles. Applied knowledge of cryptographic algorithms/standards, data structures, and distributed systems. DV clearance with no restrictions or the ability to obtain DV clearance. About Us Our client aims to provide cutting-edge technology to secure telecommunications networks, accelerate the rollout of 5G, and diversify the supply chain market. As part of this initiative, our client, plays a crucial role in providing measurement science, engineering, and technology to ensure the highest standards of cyber security. If you want to be part of an innovative team and contribute to securing the UK's telecommunications networks, apply now!
Conexus has partnered with a Global Pharmaceutical Company to source an Information Security Risk Manager who will be responsible for assessing, reporting, and managing information security risks identified in our systems and data, business processes, and third-party service providers. You will work closely with IT colleagues and business stakeholders based at multiple locations in Europe, USA, and Japan. As this is a remote role, we are seeking a candidate with exceptional time management skills and the ability to work independently. The Team: You will be delivering your services supporting a recently created Information Security, Risk and Compliance Management (ISRM) Team. This team is accountable for the design and implementation of our information security, risk management, and compliance strategy and program globally. Responsibilities: Support the design and improvement of the information security framework (ISF): policies, controls, and procedures using the NIST Cyber Security Framework, including third-party risk management. Assess new and existing systems, data flows, business processes, and third-party provider engagements to implement and verify compliance with the ISF, reporting identified risks and issues. Perform information security risk assessments, including security business impact analysis (BIA), business dependency analysis, security controls plan, controls maturity assessments, and third-party provider risk profiling, assessments, and audits. Maintain the information security risks and issues registers, deliver high-quality reports, and run information security committee meetings with business and IT management to manage risks. Support the design and improvement of third-party information risk management policies, controls, and procedures. Assist or lead assessment of information security risks arising from engagements with third-party providers and drive remediation efforts. Drive the design and implementation of a GRC platform, including functional requirements, reviewing process designs, rolling out new processes to the business and IT teams, and supporting the administration and maintenance of the GRC tool. Design, improve, and periodically report security key risk indicators and metrics to IT and business management to support continuous improvements and increase security maturity. Design and deliver the security education training awareness program (SETA) across all business functions. Manage external resources supporting the security awareness activities. Desirable Experience: Implementing controls and managing compliance risks regarding GXP regulated systems, data protection regulations such as EU and UK GDPR, CCPA, and cybersecurity regulations such as the EU NIS2 and USA SEC Disclosure Requirements. Education, Certifications, and Skills Required: Minimum of 10 years of professional experience in information technology, with at least 3 years as an information security risk manager, preferably in pharmaceutical, biotechnology, or other manufacturing organizations. Bachelor's or master's degree in information security or Information Technology. Relevant information security professional certifications, eg, CISSP, CISM, CRISC, CISA, GSEC-GIAC, ISO 27001 auditor/practitioner. Desirable: Training and/or certifications in GRC platforms such as ServiceNow GRC, Archer, Metricstream; and the NIST Cyber Security Framework. If this position is of interest, apply here or contact me directly for more details.
17/06/2024
Full time
Conexus has partnered with a Global Pharmaceutical Company to source an Information Security Risk Manager who will be responsible for assessing, reporting, and managing information security risks identified in our systems and data, business processes, and third-party service providers. You will work closely with IT colleagues and business stakeholders based at multiple locations in Europe, USA, and Japan. As this is a remote role, we are seeking a candidate with exceptional time management skills and the ability to work independently. The Team: You will be delivering your services supporting a recently created Information Security, Risk and Compliance Management (ISRM) Team. This team is accountable for the design and implementation of our information security, risk management, and compliance strategy and program globally. Responsibilities: Support the design and improvement of the information security framework (ISF): policies, controls, and procedures using the NIST Cyber Security Framework, including third-party risk management. Assess new and existing systems, data flows, business processes, and third-party provider engagements to implement and verify compliance with the ISF, reporting identified risks and issues. Perform information security risk assessments, including security business impact analysis (BIA), business dependency analysis, security controls plan, controls maturity assessments, and third-party provider risk profiling, assessments, and audits. Maintain the information security risks and issues registers, deliver high-quality reports, and run information security committee meetings with business and IT management to manage risks. Support the design and improvement of third-party information risk management policies, controls, and procedures. Assist or lead assessment of information security risks arising from engagements with third-party providers and drive remediation efforts. Drive the design and implementation of a GRC platform, including functional requirements, reviewing process designs, rolling out new processes to the business and IT teams, and supporting the administration and maintenance of the GRC tool. Design, improve, and periodically report security key risk indicators and metrics to IT and business management to support continuous improvements and increase security maturity. Design and deliver the security education training awareness program (SETA) across all business functions. Manage external resources supporting the security awareness activities. Desirable Experience: Implementing controls and managing compliance risks regarding GXP regulated systems, data protection regulations such as EU and UK GDPR, CCPA, and cybersecurity regulations such as the EU NIS2 and USA SEC Disclosure Requirements. Education, Certifications, and Skills Required: Minimum of 10 years of professional experience in information technology, with at least 3 years as an information security risk manager, preferably in pharmaceutical, biotechnology, or other manufacturing organizations. Bachelor's or master's degree in information security or Information Technology. Relevant information security professional certifications, eg, CISSP, CISM, CRISC, CISA, GSEC-GIAC, ISO 27001 auditor/practitioner. Desirable: Training and/or certifications in GRC platforms such as ServiceNow GRC, Archer, Metricstream; and the NIST Cyber Security Framework. If this position is of interest, apply here or contact me directly for more details.
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
14/06/2024
Full time
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Technology Services Security Manager Security Operations, Cybersecurity, CISSP, Azure Certified, Agile, ITIL, CSIRT, Incident Management, Continuous Service Improvement, Risk Management, IT/OT Technologies, Infrastructure Development, Operations, Third-Party Contracts, MSP, APMP, SAFE Leadership, Scrum, Kanban Warrington - 3 days per week Competitive salary We are looking for a Technology Services Security Manager to lead the Security Operations function within our client's IT department. This role involves managing both internal and external specialist 3rd party support to deliver security operations activities across our digital estate. The successful candidate will oversee the security of our enterprise/IT and OT estate, ensuring continuous service improvement and risk reduction. Day to Day of the role: Improve performance and security of the digital estate through proactive continuous service improvement. Manage the security operations of the Technology estates, ensuring 24/7/365 availability where applicable. Collaborate with the wider Technology Services and Information Security teams, providing SME capability to align development activity with operational and strategic requirements. Own the Incident Management process for cyber-related incidents, working closely with the Information Security team. Plan and deliver resources (people, tools, and technology) to create an effective Security Operations function that addresses risk and aligns with business plans. Contribute security insights to infrastructure technology maintenance and change plans. Offer technical security/cyber information to ensure optimal commercial arrangements. Identify security trends, assess risks and opportunities, and prioritize activities to minimize risks and add value. Manage day-to-day third-party contracts underpinning the security operations function, ensuring alignment with business requirements. Required Skills & Qualifications: CISSP (or equivalent) qualification and Azure Certified. SAFE leadership or other Agile qualification (such as Kanban or Scrum). Considerable experience operating ITIL and CSIRT processes and standards. Detailed understanding of IT/OT technologies, market trends, products, and services. Extensive working knowledge of technologies and defining strategies for efficient and effective solutions and services. Considerable experience in an IT managerial position with responsibilities for operations, planning, people, and relationship management. Broad IT Management/Contracts experience, including infrastructure development, delivery, and operational management. Managing Successful Programmes (MSP)/APMP qualification. Benefits: 20% Bonus - 80% company performance 20% individual Pension - double the amount that individual puts in up to 7%. So if they contribute 7% - total is 21% 5k Car allowance Edenred package EV Car Scheme In the first instance, please submit your CV.
14/06/2024
Full time
Technology Services Security Manager Security Operations, Cybersecurity, CISSP, Azure Certified, Agile, ITIL, CSIRT, Incident Management, Continuous Service Improvement, Risk Management, IT/OT Technologies, Infrastructure Development, Operations, Third-Party Contracts, MSP, APMP, SAFE Leadership, Scrum, Kanban Warrington - 3 days per week Competitive salary We are looking for a Technology Services Security Manager to lead the Security Operations function within our client's IT department. This role involves managing both internal and external specialist 3rd party support to deliver security operations activities across our digital estate. The successful candidate will oversee the security of our enterprise/IT and OT estate, ensuring continuous service improvement and risk reduction. Day to Day of the role: Improve performance and security of the digital estate through proactive continuous service improvement. Manage the security operations of the Technology estates, ensuring 24/7/365 availability where applicable. Collaborate with the wider Technology Services and Information Security teams, providing SME capability to align development activity with operational and strategic requirements. Own the Incident Management process for cyber-related incidents, working closely with the Information Security team. Plan and deliver resources (people, tools, and technology) to create an effective Security Operations function that addresses risk and aligns with business plans. Contribute security insights to infrastructure technology maintenance and change plans. Offer technical security/cyber information to ensure optimal commercial arrangements. Identify security trends, assess risks and opportunities, and prioritize activities to minimize risks and add value. Manage day-to-day third-party contracts underpinning the security operations function, ensuring alignment with business requirements. Required Skills & Qualifications: CISSP (or equivalent) qualification and Azure Certified. SAFE leadership or other Agile qualification (such as Kanban or Scrum). Considerable experience operating ITIL and CSIRT processes and standards. Detailed understanding of IT/OT technologies, market trends, products, and services. Extensive working knowledge of technologies and defining strategies for efficient and effective solutions and services. Considerable experience in an IT managerial position with responsibilities for operations, planning, people, and relationship management. Broad IT Management/Contracts experience, including infrastructure development, delivery, and operational management. Managing Successful Programmes (MSP)/APMP qualification. Benefits: 20% Bonus - 80% company performance 20% individual Pension - double the amount that individual puts in up to 7%. So if they contribute 7% - total is 21% 5k Car allowance Edenred package EV Car Scheme In the first instance, please submit your CV.
- Head of Infrastructure/Site Reliability - Glasgow/Hybrid - Excellent Salary & Benefits Package - Immediate Start Fantastic new opportunity to the market to join our Glasgow-based Fintech client, specialising in managed Cloud provision. The business is entering a growth phase and now recruiting for a seasoned Head of Site Reliability with an infrastructure background, as they continue to grow their tech team from their newly opened, state-of-the-art tech hub in Glasgow. This is a key hire and the first in this space, as the business begins to build out their new Site Reliability team. The successful candidate will be responsible for building out the function, providing true leadership and co-ordination, whilst having a breadth of technical know-how. This opportunity is truly greenfield in nature and offers a blank canvas to implement plans and procedures with the aim of improving the infrastructure reliability, security and functionality with automation at the forefront. Reporting into the COO, you will be a natural leader of people and teams, with the goal of collaborating on the design, deployment, and maintenance of the global infrastructure and to provide system support for the Security, Network Operations and Development teams. The role would ideally suit an experienced automation-focused individual with comprehensive working infrastructure knowledge of Windows and Linux environments (RHEL, Ubuntu), as well as network operating systems experience. Commercial use of Infrastructure-As-Code (IAC) tooling such as Terraform and Ansible is also beneficial. Candidates who are proactive and dedicated are preferred, as this role is highly visible. You will also be a significant contributor to the team's IT success, supporting and delivering infrastructure and solutions and working directly with data centre, network, software development and project teams alike. Key Skills & Experience Proven experience in a site reliability engineering, DevOps, or similar role, with multiple years in a leadership position. Extensive background in cloud computing services (AWS, Google Cloud or Azure) Container orchestration technology exposure (eg Kubernetes). Proficiency in automation Knowledge of Scripting languages (Python, Shell or Go). Knowledge of Cyber Security principles and best practices. Knowledge of regulatory environments and compliance standards Exceptional problem-solving skills Ability to work under pressure in a fast-paced environment. Excellent communication and leadership abilities Strong track-record of building and motivating high-performing teams. Bachelor's or master's degree in Computer Science, Engineering, or a related field.The above is not exhaustive. Please forward your CV to discuss this requirement in more detail to (see below) The above is not exhaustive. Please forward your CV to discuss this requirement in more detail to (see below)
14/06/2024
Full time
- Head of Infrastructure/Site Reliability - Glasgow/Hybrid - Excellent Salary & Benefits Package - Immediate Start Fantastic new opportunity to the market to join our Glasgow-based Fintech client, specialising in managed Cloud provision. The business is entering a growth phase and now recruiting for a seasoned Head of Site Reliability with an infrastructure background, as they continue to grow their tech team from their newly opened, state-of-the-art tech hub in Glasgow. This is a key hire and the first in this space, as the business begins to build out their new Site Reliability team. The successful candidate will be responsible for building out the function, providing true leadership and co-ordination, whilst having a breadth of technical know-how. This opportunity is truly greenfield in nature and offers a blank canvas to implement plans and procedures with the aim of improving the infrastructure reliability, security and functionality with automation at the forefront. Reporting into the COO, you will be a natural leader of people and teams, with the goal of collaborating on the design, deployment, and maintenance of the global infrastructure and to provide system support for the Security, Network Operations and Development teams. The role would ideally suit an experienced automation-focused individual with comprehensive working infrastructure knowledge of Windows and Linux environments (RHEL, Ubuntu), as well as network operating systems experience. Commercial use of Infrastructure-As-Code (IAC) tooling such as Terraform and Ansible is also beneficial. Candidates who are proactive and dedicated are preferred, as this role is highly visible. You will also be a significant contributor to the team's IT success, supporting and delivering infrastructure and solutions and working directly with data centre, network, software development and project teams alike. Key Skills & Experience Proven experience in a site reliability engineering, DevOps, or similar role, with multiple years in a leadership position. Extensive background in cloud computing services (AWS, Google Cloud or Azure) Container orchestration technology exposure (eg Kubernetes). Proficiency in automation Knowledge of Scripting languages (Python, Shell or Go). Knowledge of Cyber Security principles and best practices. Knowledge of regulatory environments and compliance standards Exceptional problem-solving skills Ability to work under pressure in a fast-paced environment. Excellent communication and leadership abilities Strong track-record of building and motivating high-performing teams. Bachelor's or master's degree in Computer Science, Engineering, or a related field.The above is not exhaustive. Please forward your CV to discuss this requirement in more detail to (see below) The above is not exhaustive. Please forward your CV to discuss this requirement in more detail to (see below)
Robert Walters is working in partnership with a Global Investment bank, they are considered to be market leaders operating expert services across Asset Management, Corporate, Investment and Private Banking. Due to continued growth and investment across their Birmingham offices, they are keen to appoint an experienced IT Principal Auditor paying up to £70,000 plus bonus and benefits. The Group Audit function takes a proactive, risk-based and independent approach to assist the banks business and infrastructure functions to identify key control weaknesses. As an experienced IT Principal Auditor, you will join the Investment Banking Application & Innovation Technology team. Covering the Bank's Technology and Information Security risks and controls across Investment Banking and the Bank's Innovation activities covering emerging technologies such as artificial intelligence, robotic process automation and cloud computing. IT Principal Auditor: Duties * Evaluate effectiveness of internal IT controls supporting Investment Banking areas * Conduct technology assessments/continuous monitoring and complete assignments * Complete audits, finding validations and ad-hoc projects * Coordinate/Execute audit assignments * Attend meetings with internal stakeholders, draft exceptions/audit findings for review * Stay abreast of business/industry changes and their effect on team's audit plan IT Principal Auditor: Experience * Auditing or practical working experience in software development, application life cycle, vendor management and cyber security including IT general and automated application controls * Strong analytical and communication skills with the ability to clearly articulate control deficiencies and related risks * Undergraduate or equivalent degree in information technology, computer science or a related discipline; and relevant professional certifications (eg CISA, CISSP, CCAK, CCSP, ITIL, COBIT) preferred The permanent opportunity for an IT Principal Auditor will pay a salary range of £60,000 to £70,000 plus bonus, benefits and offer a hybrid working model from the central Birmingham offices. For further information, please apply with an updated CV and contact Ajay Hayre (see below) Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates
14/06/2024
Full time
Robert Walters is working in partnership with a Global Investment bank, they are considered to be market leaders operating expert services across Asset Management, Corporate, Investment and Private Banking. Due to continued growth and investment across their Birmingham offices, they are keen to appoint an experienced IT Principal Auditor paying up to £70,000 plus bonus and benefits. The Group Audit function takes a proactive, risk-based and independent approach to assist the banks business and infrastructure functions to identify key control weaknesses. As an experienced IT Principal Auditor, you will join the Investment Banking Application & Innovation Technology team. Covering the Bank's Technology and Information Security risks and controls across Investment Banking and the Bank's Innovation activities covering emerging technologies such as artificial intelligence, robotic process automation and cloud computing. IT Principal Auditor: Duties * Evaluate effectiveness of internal IT controls supporting Investment Banking areas * Conduct technology assessments/continuous monitoring and complete assignments * Complete audits, finding validations and ad-hoc projects * Coordinate/Execute audit assignments * Attend meetings with internal stakeholders, draft exceptions/audit findings for review * Stay abreast of business/industry changes and their effect on team's audit plan IT Principal Auditor: Experience * Auditing or practical working experience in software development, application life cycle, vendor management and cyber security including IT general and automated application controls * Strong analytical and communication skills with the ability to clearly articulate control deficiencies and related risks * Undergraduate or equivalent degree in information technology, computer science or a related discipline; and relevant professional certifications (eg CISA, CISSP, CCAK, CCSP, ITIL, COBIT) preferred The permanent opportunity for an IT Principal Auditor will pay a salary range of £60,000 to £70,000 plus bonus, benefits and offer a hybrid working model from the central Birmingham offices. For further information, please apply with an updated CV and contact Ajay Hayre (see below) Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates
We are currently looking on behalf of one of our important clients for an IAM Product Owner. This role is permanent position based in Zürich Canton & comes with good home office allowance. Your Role: Work closely with customers, lead a development team & prioritize & manage a product backlog. Create & communicate the long-term strategy & further development of the product. Collect, analyze & prioritize the requirements of customers & stakeholders & combine them into a comprehensive product backlog. Monitor product quality & commission troubleshooting measures. Evaluate existing & new technologies & tools regarding the selection of an IAM service offering. Plan & coordinate product releases & ensure the smooth introduction of new features. Your Skills: At least 3 years of professional experience as a Product Owner or Team Leader in IAM environments. Strong experience in Agile Development Methods including Scrum. A very good knowledge of IAM Concepts, Architectures & Technologies. A good understanding in the field of Identity Management (SSO, identity encouragement, role-based access control, etc.). Your Profile: Completed University Degree in the area of Computer Science or similar, ideally with focus on Cyber Security/IAM. High self-motivated, analytical, methodical, structured & quality, solution & goal-oriented. Fluent in English & very good German language skills (to at least B2 Level) are mandatory requirements.
14/06/2024
Full time
We are currently looking on behalf of one of our important clients for an IAM Product Owner. This role is permanent position based in Zürich Canton & comes with good home office allowance. Your Role: Work closely with customers, lead a development team & prioritize & manage a product backlog. Create & communicate the long-term strategy & further development of the product. Collect, analyze & prioritize the requirements of customers & stakeholders & combine them into a comprehensive product backlog. Monitor product quality & commission troubleshooting measures. Evaluate existing & new technologies & tools regarding the selection of an IAM service offering. Plan & coordinate product releases & ensure the smooth introduction of new features. Your Skills: At least 3 years of professional experience as a Product Owner or Team Leader in IAM environments. Strong experience in Agile Development Methods including Scrum. A very good knowledge of IAM Concepts, Architectures & Technologies. A good understanding in the field of Identity Management (SSO, identity encouragement, role-based access control, etc.). Your Profile: Completed University Degree in the area of Computer Science or similar, ideally with focus on Cyber Security/IAM. High self-motivated, analytical, methodical, structured & quality, solution & goal-oriented. Fluent in English & very good German language skills (to at least B2 Level) are mandatory requirements.
Lynx Recruitment are working with a successful Managed Security Services Provider who are seeking a Sales Development Representative to identify and pursue prospective clients to book and attend meetings for the Business Development Manager. Upon being a success in this Sales Development Representative role, the position has a clear path to further your career progression in the business. Below are the essential skills and experience: Minimum of 1 year experience in a cyber security sales Experienced making outbound calls Lead Generation experience Excellent communication skills If this Sales Development Representative position is of interest, please apply ASAP.
14/06/2024
Full time
Lynx Recruitment are working with a successful Managed Security Services Provider who are seeking a Sales Development Representative to identify and pursue prospective clients to book and attend meetings for the Business Development Manager. Upon being a success in this Sales Development Representative role, the position has a clear path to further your career progression in the business. Below are the essential skills and experience: Minimum of 1 year experience in a cyber security sales Experienced making outbound calls Lead Generation experience Excellent communication skills If this Sales Development Representative position is of interest, please apply ASAP.