Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
17/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
17/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
We are Global IT Recruitment specialist that provides support to the clients across UK, Europe and Australia. We have an excellent job opportunity for you. Role Title: SIEM/Incident SME (Need Active DV Clearance) Location: Hybrid onsite in one of the following locations 2/3 days per week - Corsham, Portsmouth or Northallerton Duration: 6 months Role Description: Main Tech Skills required are ELK (Elastic, Logstash, Kibana) and Tanium The Cyber role is to join a growing security team responsible for designing, delivering and maintaining operational cybersecurity capabilities. Conducting pro-active, risk-based, protective monitoring on priority C4IS/networks to identify internal and external cyber-threats/attacks. This position involves a broad range of skills, including the development and mentoring of Junior Analysts, monitoring networks to actively remediate unauthorised activities. Your role Develop and integrate security event monitoring and incident management services. Respond to security incidents as they occur as part of an incident response team. Implement metrics and dashboards to give visibility of the Enterprise infrastructure. Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools. Produce documentation to ensure the repeatability and standardisation of security operating procedures. Develop additional investigative methods using the SOC's software toolsets to enhance recognition opportunities for specific analysis. Maintain a baseline of system security according to latest threat intelligence and evolving trends. Participate in root cause analysis of incidents in conjunction with engineers across the enterprise. Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices. Offer strategic and tactical security guidance including valuation requirement of technical controls. Be part of the CRM process Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident. Document, validate and create operational processes and procedures to help develop the SOC. Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources. Build, install, configure, and test dedicated cyber defence hardware. Support Junior Analysts to manage SOC systems. Previous experience of Enterprise ICS/network architectures and technologies Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning. Experience as a mentor/coach to Junior Analysts Your profile Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks Skilled in maintaining Microsoft directory services. Skilled in using virtualisation software. Knowledge of key security frameworks (eg ISO, NIST 800-53, 800-171, 800-172, C2M2) Excellent communication skills Experience of writing Defence/Government documentation Desirable Qualifications: Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent) SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent) Advanced Analyst Course (SANS SEC503 or equivalent)
17/05/2024
Project-based
We are Global IT Recruitment specialist that provides support to the clients across UK, Europe and Australia. We have an excellent job opportunity for you. Role Title: SIEM/Incident SME (Need Active DV Clearance) Location: Hybrid onsite in one of the following locations 2/3 days per week - Corsham, Portsmouth or Northallerton Duration: 6 months Role Description: Main Tech Skills required are ELK (Elastic, Logstash, Kibana) and Tanium The Cyber role is to join a growing security team responsible for designing, delivering and maintaining operational cybersecurity capabilities. Conducting pro-active, risk-based, protective monitoring on priority C4IS/networks to identify internal and external cyber-threats/attacks. This position involves a broad range of skills, including the development and mentoring of Junior Analysts, monitoring networks to actively remediate unauthorised activities. Your role Develop and integrate security event monitoring and incident management services. Respond to security incidents as they occur as part of an incident response team. Implement metrics and dashboards to give visibility of the Enterprise infrastructure. Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools. Produce documentation to ensure the repeatability and standardisation of security operating procedures. Develop additional investigative methods using the SOC's software toolsets to enhance recognition opportunities for specific analysis. Maintain a baseline of system security according to latest threat intelligence and evolving trends. Participate in root cause analysis of incidents in conjunction with engineers across the enterprise. Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices. Offer strategic and tactical security guidance including valuation requirement of technical controls. Be part of the CRM process Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident. Document, validate and create operational processes and procedures to help develop the SOC. Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources. Build, install, configure, and test dedicated cyber defence hardware. Support Junior Analysts to manage SOC systems. Previous experience of Enterprise ICS/network architectures and technologies Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning. Experience as a mentor/coach to Junior Analysts Your profile Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks Skilled in maintaining Microsoft directory services. Skilled in using virtualisation software. Knowledge of key security frameworks (eg ISO, NIST 800-53, 800-171, 800-172, C2M2) Excellent communication skills Experience of writing Defence/Government documentation Desirable Qualifications: Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent) SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent) Advanced Analyst Course (SANS SEC503 or equivalent)
Configuration Engineer £43ph (Umbrella, Inside IR35) Lincoln (Regular home working available) Initial 6 months An experienced Configuration Engineer is required for our Lincoln site, preferably within the Defence and Aerospace Sector; you will be required to discharge the 5 key Configuration activities into IPT's across all life cycle phases of a Programme. Within this role, you shall give clear direction into the IPT on C&DM process and tools be that at System Requirements, System level, Software, or hardware. In doing so, you must be prepared to 'challenge the norm' and support the IPT's in process tailoring to fit the life cycle phase and/or context of a Programme As a Configuration Engineer, you are expected to: Drive a pro-active approach to C&DM into IPT's Support the Head of Configuration and Data Management in encouraging new ideas and innovative solutions into the IPT and the Line of Business. (LoB) As an individual, you are expected: To resolve C&DM issues within an IPT by making proposals and driving through solutions To build and manage Customer and Supplier relationships To develop and promote knowledge and use of PLM Key Responsibility Areas Configuration Management Planning including generation and review of CM Plan Configuration Identification Change Control - Must have had experience in operating Change Control Boards including Configuration status input to the Board Configuration Status Accounting with emphasis on the generation of Configuration Baselines Verification and Audit (led FCA/PCA) Working hand-in-hand with our engineering delivery teams to ensure the Project dataset is maintained and configuration controlled Skills, Qualifications & Knowledge Required A good understanding of Configuration Management in accordance with DEF STAN 05-57. Excellent practical understanding of the five key elements of Configuration Management: Planning, Identification, Change Management, Status Accounting and Audit/Verification Document management experience including delivery and receipt within the bounds of ITAR and Export controls Software Configuration Management at the point of release into the Product structure Provided C&DM input to Design Reviews and Certification (Configuration Baseline Management) Strong Administration Skills with an attention to detail - you are required to have a logical mind-set
17/05/2024
Project-based
Configuration Engineer £43ph (Umbrella, Inside IR35) Lincoln (Regular home working available) Initial 6 months An experienced Configuration Engineer is required for our Lincoln site, preferably within the Defence and Aerospace Sector; you will be required to discharge the 5 key Configuration activities into IPT's across all life cycle phases of a Programme. Within this role, you shall give clear direction into the IPT on C&DM process and tools be that at System Requirements, System level, Software, or hardware. In doing so, you must be prepared to 'challenge the norm' and support the IPT's in process tailoring to fit the life cycle phase and/or context of a Programme As a Configuration Engineer, you are expected to: Drive a pro-active approach to C&DM into IPT's Support the Head of Configuration and Data Management in encouraging new ideas and innovative solutions into the IPT and the Line of Business. (LoB) As an individual, you are expected: To resolve C&DM issues within an IPT by making proposals and driving through solutions To build and manage Customer and Supplier relationships To develop and promote knowledge and use of PLM Key Responsibility Areas Configuration Management Planning including generation and review of CM Plan Configuration Identification Change Control - Must have had experience in operating Change Control Boards including Configuration status input to the Board Configuration Status Accounting with emphasis on the generation of Configuration Baselines Verification and Audit (led FCA/PCA) Working hand-in-hand with our engineering delivery teams to ensure the Project dataset is maintained and configuration controlled Skills, Qualifications & Knowledge Required A good understanding of Configuration Management in accordance with DEF STAN 05-57. Excellent practical understanding of the five key elements of Configuration Management: Planning, Identification, Change Management, Status Accounting and Audit/Verification Document management experience including delivery and receipt within the bounds of ITAR and Export controls Software Configuration Management at the point of release into the Product structure Provided C&DM input to Design Reviews and Certification (Configuration Baseline Management) Strong Administration Skills with an attention to detail - you are required to have a logical mind-set
Cyber Security Engineer Manchester City Centre Hybrid Cybersecurity Engineer Are you a skilled cybersecurity professional looking to take your career to the next level? We're seeking a Mid-Level Cybersecurity Engineer to join our team and contribute to our organisation's security posture. If you're passionate about protecting systems, networks, and data, this role is for you! Responsibilities: Evaluate ongoing security needs: Continuously assess the organization's security requirements and establish standard operating procedures to respond to inbound security issues. Develop and implement threat models: Stay informed about new threats and attack vectors, and proactively address them. Perform routine security assessments/audits: Evaluate networks, systems, code, controls, and applications to identify vulnerabilities. Investigate intrusion attempts: Conduct in-depth analysis of exploits and security incidents. Stay educated: Keep up-to-date with the latest cybersecurity trends and best practices. Qualifications: Education: Relevant degree (eg, Bachelor's in Engineering, Information Security, Information Assurance, Computer Science). Certifications (preferred): CISSP (Certified Information Systems Security Professional) CEH (Certified Ethical Hacker) CompTIA Security+ Other relevant certifications (eg, GIAC, TIA, IAM) Experience: At least 3 years of experience in incident detection, response, and forensics. Technical Skills: Familiarity with NIST SP 800-53 and RMF implementation. Knowledge of PKI infrastructure tools. Understanding of Firewalls, proxies, and encryption. Proficiency in programming languages (Python, C++, Java, etc.). If you're interested, please apply below to have your application processed TODAY!
17/05/2024
Full time
Cyber Security Engineer Manchester City Centre Hybrid Cybersecurity Engineer Are you a skilled cybersecurity professional looking to take your career to the next level? We're seeking a Mid-Level Cybersecurity Engineer to join our team and contribute to our organisation's security posture. If you're passionate about protecting systems, networks, and data, this role is for you! Responsibilities: Evaluate ongoing security needs: Continuously assess the organization's security requirements and establish standard operating procedures to respond to inbound security issues. Develop and implement threat models: Stay informed about new threats and attack vectors, and proactively address them. Perform routine security assessments/audits: Evaluate networks, systems, code, controls, and applications to identify vulnerabilities. Investigate intrusion attempts: Conduct in-depth analysis of exploits and security incidents. Stay educated: Keep up-to-date with the latest cybersecurity trends and best practices. Qualifications: Education: Relevant degree (eg, Bachelor's in Engineering, Information Security, Information Assurance, Computer Science). Certifications (preferred): CISSP (Certified Information Systems Security Professional) CEH (Certified Ethical Hacker) CompTIA Security+ Other relevant certifications (eg, GIAC, TIA, IAM) Experience: At least 3 years of experience in incident detection, response, and forensics. Technical Skills: Familiarity with NIST SP 800-53 and RMF implementation. Knowledge of PKI infrastructure tools. Understanding of Firewalls, proxies, and encryption. Proficiency in programming languages (Python, C++, Java, etc.). If you're interested, please apply below to have your application processed TODAY!
Automotive Cyber Security Engineer (UNECE, R155, R156) Automotive Hybrid: 2 days per week in Crewe 6 months £550 per day PAYE Essential: This is not an IT Security role. This is automotive working on in-car applications and requires Embedded security knowledge and vehicle security controls. In short: Automotive Cyber Security Engineer required to join a prestigious automotive manufacturer in performing security-related activities. ABOUT THE ROLE We are seeking a Cyber Security Engineer to join the business on a temporary basis, at our Crewe campus working on a hybrid basis. The Cyber Security Engineer will report to Vehicle Cyber Security Manager. The role is responsible for the product cyber security engineering activities primarily focused around cyber security requirements, legislation analysis and interpretation and compliance to the client defined secure product development process. Responsibilities include: Assess, interpret and track new or amended cybersecurity security/software update management legislations to relevant functions and cascade interpretation to subject matter experts. Develop and or maintain security specifications for vehicle components and functions for all projects. Analyse and update cybersecurity requirements based on the applicable cyber security legislations for the project. Ensure traceability between regulations and requirements are maintained and available for audit purposes. Deliver cybersecurity work products aligned to the client's Secure Development Process (for eg TARA, security case, security plan, component security analysis). Update process templates or process flows based on lessons learnt and recommended improvements. SKILLS AND EXPERIENCE The successful applicant will be a delivery focused and experienced Cyber Security Engineer with technical product security competencies ideally from within the automotive sector. The successful candidate will be able to demonstrate: Product security technical competency (UNECE, R155, R156, ISO21434) Good knowledge of legislative landscape for cybersecurity and connected services in different regions (like China, South Korea, Japan, South Africa) in addition to Europe. Ability to analyse and interpret cyber security and software update regulations and how they impact the product requirements. Good understanding of security controls for automotive vehicles. System requirements engineering experience Software/Programming knowledge (C, C++) Delivery focused Project management and Planning Good communication at various levels in different forums Good presentation skills Ability to influence colleagues within your area of responsibility Good communication skills(German language would be advantageous) Engineering degree or equivalent is essential (or equivalent experience) Associate member of relevant professional institute is desirable. Candidates will ideally show evidence of the above in their CV in order to be considered. Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.
17/05/2024
Project-based
Automotive Cyber Security Engineer (UNECE, R155, R156) Automotive Hybrid: 2 days per week in Crewe 6 months £550 per day PAYE Essential: This is not an IT Security role. This is automotive working on in-car applications and requires Embedded security knowledge and vehicle security controls. In short: Automotive Cyber Security Engineer required to join a prestigious automotive manufacturer in performing security-related activities. ABOUT THE ROLE We are seeking a Cyber Security Engineer to join the business on a temporary basis, at our Crewe campus working on a hybrid basis. The Cyber Security Engineer will report to Vehicle Cyber Security Manager. The role is responsible for the product cyber security engineering activities primarily focused around cyber security requirements, legislation analysis and interpretation and compliance to the client defined secure product development process. Responsibilities include: Assess, interpret and track new or amended cybersecurity security/software update management legislations to relevant functions and cascade interpretation to subject matter experts. Develop and or maintain security specifications for vehicle components and functions for all projects. Analyse and update cybersecurity requirements based on the applicable cyber security legislations for the project. Ensure traceability between regulations and requirements are maintained and available for audit purposes. Deliver cybersecurity work products aligned to the client's Secure Development Process (for eg TARA, security case, security plan, component security analysis). Update process templates or process flows based on lessons learnt and recommended improvements. SKILLS AND EXPERIENCE The successful applicant will be a delivery focused and experienced Cyber Security Engineer with technical product security competencies ideally from within the automotive sector. The successful candidate will be able to demonstrate: Product security technical competency (UNECE, R155, R156, ISO21434) Good knowledge of legislative landscape for cybersecurity and connected services in different regions (like China, South Korea, Japan, South Africa) in addition to Europe. Ability to analyse and interpret cyber security and software update regulations and how they impact the product requirements. Good understanding of security controls for automotive vehicles. System requirements engineering experience Software/Programming knowledge (C, C++) Delivery focused Project management and Planning Good communication at various levels in different forums Good presentation skills Ability to influence colleagues within your area of responsibility Good communication skills(German language would be advantageous) Engineering degree or equivalent is essential (or equivalent experience) Associate member of relevant professional institute is desirable. Candidates will ideally show evidence of the above in their CV in order to be considered. Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.
Global Technology Solutions Ltd
Edinburgh, Midlothian
Job Title: Infrastructure Support Engineer III Contract length: 3-months Day rate: £340 inside ir35 through umbrella Location: Edinburgh *Must be holding SC Clearance* Site hours are: 07:00 - 16:30 Mon-Thurs and 07:00 - 13:30 Fri - hours to be agreed ROLE OVERVIEW: We are looking for customer-focused and enthusiastic 3rd line infrastructure Support Engineer with a genuine interest in solving peoples IT issues to backfill our Business As Usual services while some of our key staff support a critical project. The applicant should be technically competent, possess good written and verbal communication skills and be willing to collaborate with the wider IT support teams. The 3rd line team members are expected to be specialists at solving a variety of software issues, while minimizing disruption to our users. A successful candidate will be someone who can blend first rate customer service with first rate technical skills. Previous experience resolving 2nd and 3rd line issues in an enterprise environment is essential. DETAILED JOB DESCRIPTION: * To manage a range of technologies such as Domain Central Services (Active Directory), SCCM - to include optimisation, interoperability, and availability * Hands on experience of day to day administration of Microsoft Active Directory including creation of users, security groups, GPO's and roaming profiles * Able to identify, define and resolve complex issues with Microsoft Windows and Office applications * Coach and educate the 2nd Line Engineers, in developing their skills to improve first time fix and overall team performance * Demonstrate resilience and the resourcefulness to work effectively under pressure and to tight deadlines * Ability to author documents such as reports, policies, procedures and workflows ESSENTIALS SKILLS/QUALIFICATIONS: * Active Directory * SCCM management & operation (or similar network management system) * Microsoft WSUS (Windows Server Update Services) * Ivanti Security Controls * Ivanti Device and Application Control * Avecto Defendpoint DESIRABLE SKILLS/QUALIFICATIONS: * Citrix based VDI Infrastructure * Administering Licence Servers * Administering Managed Print Servers * ITIL Foundation * MCP/MCSE If you have the skills required, please "In applying for this position, you consent to your personal data being shared with the specified employer and for your details to remain with GTS for as long as is necessary to process your application. See our Privacy Notice for full information Global Technology Solutions is acting as an Employment Business in relation to this vacancy.
16/05/2024
Project-based
Job Title: Infrastructure Support Engineer III Contract length: 3-months Day rate: £340 inside ir35 through umbrella Location: Edinburgh *Must be holding SC Clearance* Site hours are: 07:00 - 16:30 Mon-Thurs and 07:00 - 13:30 Fri - hours to be agreed ROLE OVERVIEW: We are looking for customer-focused and enthusiastic 3rd line infrastructure Support Engineer with a genuine interest in solving peoples IT issues to backfill our Business As Usual services while some of our key staff support a critical project. The applicant should be technically competent, possess good written and verbal communication skills and be willing to collaborate with the wider IT support teams. The 3rd line team members are expected to be specialists at solving a variety of software issues, while minimizing disruption to our users. A successful candidate will be someone who can blend first rate customer service with first rate technical skills. Previous experience resolving 2nd and 3rd line issues in an enterprise environment is essential. DETAILED JOB DESCRIPTION: * To manage a range of technologies such as Domain Central Services (Active Directory), SCCM - to include optimisation, interoperability, and availability * Hands on experience of day to day administration of Microsoft Active Directory including creation of users, security groups, GPO's and roaming profiles * Able to identify, define and resolve complex issues with Microsoft Windows and Office applications * Coach and educate the 2nd Line Engineers, in developing their skills to improve first time fix and overall team performance * Demonstrate resilience and the resourcefulness to work effectively under pressure and to tight deadlines * Ability to author documents such as reports, policies, procedures and workflows ESSENTIALS SKILLS/QUALIFICATIONS: * Active Directory * SCCM management & operation (or similar network management system) * Microsoft WSUS (Windows Server Update Services) * Ivanti Security Controls * Ivanti Device and Application Control * Avecto Defendpoint DESIRABLE SKILLS/QUALIFICATIONS: * Citrix based VDI Infrastructure * Administering Licence Servers * Administering Managed Print Servers * ITIL Foundation * MCP/MCSE If you have the skills required, please "In applying for this position, you consent to your personal data being shared with the specified employer and for your details to remain with GTS for as long as is necessary to process your application. See our Privacy Notice for full information Global Technology Solutions is acting as an Employment Business in relation to this vacancy.
CNC MILLER SETTER OPERATOR REPORTING TO: PRODUCTION MANAGER Due to my client's continued expansion and strong product portfolio across both motorsport and future automotive, we are looking to recruit a CNC Miller Setter Operator to support Production. My client is relied upon by many of the world's top motorsport teams, performance car constructors, hybrid and electric transportation innovators to extract the performance and reliability they require to get their high-performance transmission challenges done. Whatever the nature of your next motorsport or vehicle engineering project might be, my client can help with off-the shelf and bespoke solutions along with design consulting and manufacturing expertise. At my client, we believe that good customer service is every bit as important as a strong product. DUTIES AND RESPONSIBILITIES INCLUDE: Cleanliness of work station and maintenance of machines while during and at the end of their shift in line with company TPM Schedule Reading and interpreting engineering drawings Setting and operating milling machines to required tolerance Use of manual measuring equipment Tool setting on CNC Machines Programme proving of new products as and when required. Actively provide details of changes to correct/improve programs that go towards improving machining performance Loading and unloading parts onto machines Maintain notes (machine log book) on current process identifying any issues for following shift Use of Fanuc controls Tapping and Deburring where required Help and assist other members of the milling cell when required Following daily work to do lists to follow the production schedule issued by Team Leader Take care not to cause harm to yourself, a colleague, visitors, customers or contractors Adhere to all quality, Health and Safety and environmental policies, manuals, objectives, process, procedures and work instructions Actively participate in the [COMPANY] Think Smart/Safe programme Wear appropriate personal protective equipment (PPE) - be accountable for notifying Health and Safety when in need of replacements Liaising with production engineering, design and inspection as and when required Any additional tasks required THE IDEAL CANDIDATE MUST HAVE/SKILLS REQUIRED: Attention to detail Initiative Can-do attitude Confidentiality Customer Service Focus Team player EXPERIENCE IN THE FOLLOWING AREAS WILL BE REQUIRED: 3-5 Years relevant production experience Experience of Milling Operations Willing to work shifts and unsociable hours High attention to detail Required to work overtime in line with company needs DESIRABLE: Experience of a high-quality Manufacturing environment Have previously run Matsuura 3-4-5 axis milling machines or similar Minor Fanuc programme editing Excellent communication skills Good time management
16/05/2024
Full time
CNC MILLER SETTER OPERATOR REPORTING TO: PRODUCTION MANAGER Due to my client's continued expansion and strong product portfolio across both motorsport and future automotive, we are looking to recruit a CNC Miller Setter Operator to support Production. My client is relied upon by many of the world's top motorsport teams, performance car constructors, hybrid and electric transportation innovators to extract the performance and reliability they require to get their high-performance transmission challenges done. Whatever the nature of your next motorsport or vehicle engineering project might be, my client can help with off-the shelf and bespoke solutions along with design consulting and manufacturing expertise. At my client, we believe that good customer service is every bit as important as a strong product. DUTIES AND RESPONSIBILITIES INCLUDE: Cleanliness of work station and maintenance of machines while during and at the end of their shift in line with company TPM Schedule Reading and interpreting engineering drawings Setting and operating milling machines to required tolerance Use of manual measuring equipment Tool setting on CNC Machines Programme proving of new products as and when required. Actively provide details of changes to correct/improve programs that go towards improving machining performance Loading and unloading parts onto machines Maintain notes (machine log book) on current process identifying any issues for following shift Use of Fanuc controls Tapping and Deburring where required Help and assist other members of the milling cell when required Following daily work to do lists to follow the production schedule issued by Team Leader Take care not to cause harm to yourself, a colleague, visitors, customers or contractors Adhere to all quality, Health and Safety and environmental policies, manuals, objectives, process, procedures and work instructions Actively participate in the [COMPANY] Think Smart/Safe programme Wear appropriate personal protective equipment (PPE) - be accountable for notifying Health and Safety when in need of replacements Liaising with production engineering, design and inspection as and when required Any additional tasks required THE IDEAL CANDIDATE MUST HAVE/SKILLS REQUIRED: Attention to detail Initiative Can-do attitude Confidentiality Customer Service Focus Team player EXPERIENCE IN THE FOLLOWING AREAS WILL BE REQUIRED: 3-5 Years relevant production experience Experience of Milling Operations Willing to work shifts and unsociable hours High attention to detail Required to work overtime in line with company needs DESIRABLE: Experience of a high-quality Manufacturing environment Have previously run Matsuura 3-4-5 axis milling machines or similar Minor Fanuc programme editing Excellent communication skills Good time management
As a Hadoop Administrator, you will play a crucial role in managing and maintaining our Hadoop ecosystem to ensure optimal performance, reliability, and security. You will collaborate closely with our data engineers, analysts, and other stakeholders to understand their requirements and provide efficient solutions. Your responsibilities will include but are not limited to: Installing, configuring, and maintaining Hadoop clusters, including HDFS, YARN, Hive, HBase, Kafka, Spark, and other related technologies. Monitoring cluster health and performance, diagnosing and troubleshooting issues, and implementing solutions to minimize downtime. Capacity planning and scaling the Hadoop infrastructure to accommodate growing data volumes and user demands. Implementing and enforcing security policies, access controls, and data governance measures to protect sensitive information. Performing regular backups, disaster recovery planning, and data retention policies to ensure data integrity and availability. Collaborating with cross-functional teams to design and implement data pipelines, ETL processes, and data workflows. Evaluating new technologies and upgrades, conducting performance tuning, and optimizing resource utilization for cost efficiency. Providing technical guidance, training, and support to junior team members and end-users to promote best practices and knowledge sharing.
16/05/2024
Project-based
As a Hadoop Administrator, you will play a crucial role in managing and maintaining our Hadoop ecosystem to ensure optimal performance, reliability, and security. You will collaborate closely with our data engineers, analysts, and other stakeholders to understand their requirements and provide efficient solutions. Your responsibilities will include but are not limited to: Installing, configuring, and maintaining Hadoop clusters, including HDFS, YARN, Hive, HBase, Kafka, Spark, and other related technologies. Monitoring cluster health and performance, diagnosing and troubleshooting issues, and implementing solutions to minimize downtime. Capacity planning and scaling the Hadoop infrastructure to accommodate growing data volumes and user demands. Implementing and enforcing security policies, access controls, and data governance measures to protect sensitive information. Performing regular backups, disaster recovery planning, and data retention policies to ensure data integrity and availability. Collaborating with cross-functional teams to design and implement data pipelines, ETL processes, and data workflows. Evaluating new technologies and upgrades, conducting performance tuning, and optimizing resource utilization for cost efficiency. Providing technical guidance, training, and support to junior team members and end-users to promote best practices and knowledge sharing.
Job Description: As a Kafka Administrator, you will be responsible for the design, implementation, and maintenance of our Kafka ecosystem, ensuring its scalability, reliability, and performance to meet the evolving needs of our organization. You will collaborate closely with data engineers, software developers, and other stakeholders to architect robust solutions and streamline data pipelines. Your key responsibilities will include: Installing, configuring, and managing Apache Kafka clusters, including brokers, ZooKeeper, Kafka Connect, and Kafka Streams, across development, testing, and production environments. Monitoring Kafka cluster health, performance metrics, and throughput, and proactively identifying and addressing potential bottlenecks or issues. Implementing security measures, access controls, and encryption protocols to safeguard data privacy and integrity within the Kafka ecosystem. Managing Kafka topics, partitions, replication, and consumer groups, and optimizing configurations for efficient resource utilization and high availability. Collaborating with cross-functional teams to design and implement data ingestion pipelines, Real Time processing workflows, and event-driven architectures. Performing capacity planning, scaling, and disaster recovery planning to ensure scalability, fault tolerance, and business continuity. Automating routine tasks, such as cluster provisioning, deployment, monitoring, and alerting, using configuration management tools and Scripting languages. Staying abreast of industry best practices, emerging trends, and new features in Kafka and related technologies, and evaluating their applicability to our environment.
16/05/2024
Project-based
Job Description: As a Kafka Administrator, you will be responsible for the design, implementation, and maintenance of our Kafka ecosystem, ensuring its scalability, reliability, and performance to meet the evolving needs of our organization. You will collaborate closely with data engineers, software developers, and other stakeholders to architect robust solutions and streamline data pipelines. Your key responsibilities will include: Installing, configuring, and managing Apache Kafka clusters, including brokers, ZooKeeper, Kafka Connect, and Kafka Streams, across development, testing, and production environments. Monitoring Kafka cluster health, performance metrics, and throughput, and proactively identifying and addressing potential bottlenecks or issues. Implementing security measures, access controls, and encryption protocols to safeguard data privacy and integrity within the Kafka ecosystem. Managing Kafka topics, partitions, replication, and consumer groups, and optimizing configurations for efficient resource utilization and high availability. Collaborating with cross-functional teams to design and implement data ingestion pipelines, Real Time processing workflows, and event-driven architectures. Performing capacity planning, scaling, and disaster recovery planning to ensure scalability, fault tolerance, and business continuity. Automating routine tasks, such as cluster provisioning, deployment, monitoring, and alerting, using configuration management tools and Scripting languages. Staying abreast of industry best practices, emerging trends, and new features in Kafka and related technologies, and evaluating their applicability to our environment.
Job Description: As a Cassandra Database Administrator, you will be responsible for the design, implementation, and maintenance of our Cassandra database clusters, ensuring their scalability, reliability, and performance to meet the demands of our growing business. You will collaborate closely with software engineers, data architects, and other stakeholders to design efficient data models, optimize query performance, and ensure data consistency and availability. Your primary responsibilities will include: Installing, configuring, and managing Apache Cassandra clusters, including nodes, partitions, replication, and consistency levels, across multiple environments (eg, development, testing, production). Monitoring database health, performance metrics, and resource utilization, and proactively identifying and resolving issues to minimize downtime and ensure optimal performance. Implementing and maintaining data replication, backup, and recovery strategies to safeguard data integrity and availability in the event of failures or disasters. Managing schema design, data modelling, and query optimization to maximize performance, scalability, and efficiency of Cassandra databases. Implementing security measures, access controls, and encryption mechanisms to protect sensitive data and comply with regulatory requirements. Collaborating with cross-functional teams to design and implement data migration, ETL processes, and data integration workflows between Cassandra and other data sources. Performing capacity planning, scaling, and performance tuning to accommodate growing data volumes, user loads, and application requirements. Automating routine tasks, such as cluster provisioning, configuration management, monitoring, and alerting, using Scripting languages and automation tools.
16/05/2024
Project-based
Job Description: As a Cassandra Database Administrator, you will be responsible for the design, implementation, and maintenance of our Cassandra database clusters, ensuring their scalability, reliability, and performance to meet the demands of our growing business. You will collaborate closely with software engineers, data architects, and other stakeholders to design efficient data models, optimize query performance, and ensure data consistency and availability. Your primary responsibilities will include: Installing, configuring, and managing Apache Cassandra clusters, including nodes, partitions, replication, and consistency levels, across multiple environments (eg, development, testing, production). Monitoring database health, performance metrics, and resource utilization, and proactively identifying and resolving issues to minimize downtime and ensure optimal performance. Implementing and maintaining data replication, backup, and recovery strategies to safeguard data integrity and availability in the event of failures or disasters. Managing schema design, data modelling, and query optimization to maximize performance, scalability, and efficiency of Cassandra databases. Implementing security measures, access controls, and encryption mechanisms to protect sensitive data and comply with regulatory requirements. Collaborating with cross-functional teams to design and implement data migration, ETL processes, and data integration workflows between Cassandra and other data sources. Performing capacity planning, scaling, and performance tuning to accommodate growing data volumes, user loads, and application requirements. Automating routine tasks, such as cluster provisioning, configuration management, monitoring, and alerting, using Scripting languages and automation tools.
AWS/Security/DevSecOps/Control Tower/IAM Are you an enthusiastic security specialist in AWS? A top-tier DevSecOps Engineer? Are you eager to take charge of the technical direction for one of the most rapidly expanding companies in the PropTech sector? If so, and you have - 3+ years' experience as a DevSecOps Engineer or Security Engineer with AWS In depth knowledge of AWS security tools inc. SecurityHub, Inspector, Detective, CloudTrail, GuardDuty and CloudWatch Proficiency in AWS services and features, including IAM, VPC, EC2, S3, RDS, Lambda, and CloudFormation Strong understanding of security best practices, principles, and frameworks, such as ISO 27001 controls and NIST Guidelines Experience in implementing security automation using Scripting languages eg Python and infrastructure-as-code (IaC) tools Ability to perform security threat modelling and risk assessments to identify and prioritize security risks Experience with security incident response and handling, including log analysis and forensics Outstanding business stakeholder engagement and management experience, inc. presenting of solutions to the exec team Certifications such as AWS Certified Security Specialist are a plus 70/75K, Occasional Travel to the Midlands Required Then get in touch today, interviews next week for the right candidates!
16/05/2024
Full time
AWS/Security/DevSecOps/Control Tower/IAM Are you an enthusiastic security specialist in AWS? A top-tier DevSecOps Engineer? Are you eager to take charge of the technical direction for one of the most rapidly expanding companies in the PropTech sector? If so, and you have - 3+ years' experience as a DevSecOps Engineer or Security Engineer with AWS In depth knowledge of AWS security tools inc. SecurityHub, Inspector, Detective, CloudTrail, GuardDuty and CloudWatch Proficiency in AWS services and features, including IAM, VPC, EC2, S3, RDS, Lambda, and CloudFormation Strong understanding of security best practices, principles, and frameworks, such as ISO 27001 controls and NIST Guidelines Experience in implementing security automation using Scripting languages eg Python and infrastructure-as-code (IaC) tools Ability to perform security threat modelling and risk assessments to identify and prioritize security risks Experience with security incident response and handling, including log analysis and forensics Outstanding business stakeholder engagement and management experience, inc. presenting of solutions to the exec team Certifications such as AWS Certified Security Specialist are a plus 70/75K, Occasional Travel to the Midlands Required Then get in touch today, interviews next week for the right candidates!
Strategic: By supporting the project in the areas of team organization, documentation control and cost allocation in SAP/WBS, the project liaison team leader will see their role and responsibility increase with the development of the project through the design phases. Every new design phase will bring additional needs and workload, driven by the implementation and closure phases requiring a higher contribution of this function, thus a higher need of good coordination. This function provides an important assistance to the design engineers by allowing them to focus mainly in the engineering design and removing from them the workload of project organization tasks. The project liaison team leader has a key role in expansion projects to guarantee that all purchase orders of the project are correctly allocated to the correspondent WBS, hence guaranteeing a good knowledge and control of the project budget, as well as, the documentation generated by the project is correctly logged, distributed and archived Scope of the mission Integrating the project team, the project liaison team leader is responsible to lead the team which coordinates project documentation flows and archive, establishes systems to manage/track purchase orders and goods receipts, responsible management of miscellaneous non-PO purchases, establish and maintain systems for allocation of project costs in SAP/WBS, and all aspects related with the organization of the engineering team: welcoming new team members, developing individualized onboarding plans, support their needs, organize the project gate reviews and monthly review meetings Primary Tasks and responsibilities: . Onboarding of new employees: o Lead, with support from the Regional Program Director, in onboarding of new employees to the engineering organization o Work with new employees' direct supervisors to develop individual training plans tailored to the needs of their role, along with base knowledge/expectations of the engineering organization o Plan and prepare the logistic needs for new team members, including system/security access, supplies/equipment, travel arrangements, and other business support. * Cost control: o Establish and maintain systems to issue and track purchase orders in SAP, guaranteeing correct WBS allocation o Coach and Support Project Liaison to issue and track Shopping Carts (SCs), Purchase Orders (POs) and goods receipts (GRs) in SAP in a timely manner o Coach and Support Project Controls to Actively manage SAP/WBS cost allocation and highlight variations o Provide actuals per WBS to support forecasting by Project Managers o Stewardship of Engineering procurement card (ProCard) for all non-travel related miscellaneous purchases, ensuring appropriate use of Procard vs Purchase Order, leadership approval according to Local Approval Matrix (LAM) o Consolidate quarterly and monthly project cost forecast reported by PM o Update forecasts in Planisware o Oversee updating of SAP/ARIBA files o Monthly Headcount allocation to appropriate WBS accounts for all active projects & waves within the region/site o Report actual costs of the yearly Engineering department budgets * Leadership of the Liaison Team o Manage of daily miscellaneous requirements and admin tasks o Manage and delegate administrative tasks and project priorities o Manage and delegate department administrative work such as organizing the monthly department meetings, annual outing, travel, visitors, teambuilding activities, etc o Maintain and manage a healthy and motivating work environment o Improve and formalize monthly departmental reports/meeting * Leadership of the Document Control Team: o Organize, distribute and archive all project documents, guaranteeing proper archiving rules to support claims to contractors and EPCm partners o Manage the project folder access Matrix, maintain project transmittals, archiving engineering deliverables and permitting docs on project Servers * Department Communication: o Responsible for all aspect of internal and external communication within local Engineering department o Manage visual branding display in department o Work closely with HR/GSS/EHS team * Facilities management: o Responsible for facilities operations within the department o Liaise with facilities contractors, responsible to maintain engineering facilities o Managing repairs, maintenance and replacement in the engineering facilities o Working together with EHS regarding fire safety procedures in the engineering facilities * General duties: o Carry out assigned tasks and duties in a safe manner, in accordance with instructions, and to comply with environmental, health & safety rules/procedures, regulations and codes of practice. o Perform engineering and technical support to the projects when needed, undertaking any additional tasks commensurate with the role as and when required. o rules and procedures set down: Technical Profile requirements: . University degree or College diploma specializing in business administration or a technical field . Experience and/or background in industrial companies, preferably linked to engineering or . operations . Competent and fluent (written and verbal) in Spanish and English . Computer literacy with good working knowledge of the MS Office package . Experience with SAP and Ariba software . Knowledge of EHS standards and industry good practices . Must have the Knowledge, Experience and Skills to conduct their tasks in accordance with the Non-Technical Profile Requirements : . Organized . Team worker . Result oriented and timely delivery . Positive mindset . Capable to work in Matrix organizations . Problem and conflict solver . Flexible and resilient to work in ambiguous situations with limited supervision . Coaching skills . Good communication Location: . North of Spain, exact location remains confidential till at least early July . Until EOY 2024 remote work, afterwards consultants are expected to work onsite Business Travel: . Travel will be required and outside Spain reimbursed via expenses Contract: . Long term contract . Confirmation of the mission will take place before 1/7 . Official confirmation and contract creation scheduled for early July Start: . Objective +- 1st of August . Consultants can perform notice if 4-6 weeks, longer is to discuss with the manager . Consultants cannot take long holidays in July/August after start due to the high workload Languages: . Fluent In Spanish & English Rate: . Market-level Rates for Spain . All-in Rate for Remote and local presence at SPAIN . No expenses accepted Reason for Hire Specific Skills Required for Project Safety Equipment Not applicable (keep in mind that for Olen and Hoboken sites a neon vest is mandatory) Additional Safety Equipment to be provided by Supplier n.a. Travel Required? Yes Travel percentage- 10%
16/05/2024
Full time
Strategic: By supporting the project in the areas of team organization, documentation control and cost allocation in SAP/WBS, the project liaison team leader will see their role and responsibility increase with the development of the project through the design phases. Every new design phase will bring additional needs and workload, driven by the implementation and closure phases requiring a higher contribution of this function, thus a higher need of good coordination. This function provides an important assistance to the design engineers by allowing them to focus mainly in the engineering design and removing from them the workload of project organization tasks. The project liaison team leader has a key role in expansion projects to guarantee that all purchase orders of the project are correctly allocated to the correspondent WBS, hence guaranteeing a good knowledge and control of the project budget, as well as, the documentation generated by the project is correctly logged, distributed and archived Scope of the mission Integrating the project team, the project liaison team leader is responsible to lead the team which coordinates project documentation flows and archive, establishes systems to manage/track purchase orders and goods receipts, responsible management of miscellaneous non-PO purchases, establish and maintain systems for allocation of project costs in SAP/WBS, and all aspects related with the organization of the engineering team: welcoming new team members, developing individualized onboarding plans, support their needs, organize the project gate reviews and monthly review meetings Primary Tasks and responsibilities: . Onboarding of new employees: o Lead, with support from the Regional Program Director, in onboarding of new employees to the engineering organization o Work with new employees' direct supervisors to develop individual training plans tailored to the needs of their role, along with base knowledge/expectations of the engineering organization o Plan and prepare the logistic needs for new team members, including system/security access, supplies/equipment, travel arrangements, and other business support. * Cost control: o Establish and maintain systems to issue and track purchase orders in SAP, guaranteeing correct WBS allocation o Coach and Support Project Liaison to issue and track Shopping Carts (SCs), Purchase Orders (POs) and goods receipts (GRs) in SAP in a timely manner o Coach and Support Project Controls to Actively manage SAP/WBS cost allocation and highlight variations o Provide actuals per WBS to support forecasting by Project Managers o Stewardship of Engineering procurement card (ProCard) for all non-travel related miscellaneous purchases, ensuring appropriate use of Procard vs Purchase Order, leadership approval according to Local Approval Matrix (LAM) o Consolidate quarterly and monthly project cost forecast reported by PM o Update forecasts in Planisware o Oversee updating of SAP/ARIBA files o Monthly Headcount allocation to appropriate WBS accounts for all active projects & waves within the region/site o Report actual costs of the yearly Engineering department budgets * Leadership of the Liaison Team o Manage of daily miscellaneous requirements and admin tasks o Manage and delegate administrative tasks and project priorities o Manage and delegate department administrative work such as organizing the monthly department meetings, annual outing, travel, visitors, teambuilding activities, etc o Maintain and manage a healthy and motivating work environment o Improve and formalize monthly departmental reports/meeting * Leadership of the Document Control Team: o Organize, distribute and archive all project documents, guaranteeing proper archiving rules to support claims to contractors and EPCm partners o Manage the project folder access Matrix, maintain project transmittals, archiving engineering deliverables and permitting docs on project Servers * Department Communication: o Responsible for all aspect of internal and external communication within local Engineering department o Manage visual branding display in department o Work closely with HR/GSS/EHS team * Facilities management: o Responsible for facilities operations within the department o Liaise with facilities contractors, responsible to maintain engineering facilities o Managing repairs, maintenance and replacement in the engineering facilities o Working together with EHS regarding fire safety procedures in the engineering facilities * General duties: o Carry out assigned tasks and duties in a safe manner, in accordance with instructions, and to comply with environmental, health & safety rules/procedures, regulations and codes of practice. o Perform engineering and technical support to the projects when needed, undertaking any additional tasks commensurate with the role as and when required. o rules and procedures set down: Technical Profile requirements: . University degree or College diploma specializing in business administration or a technical field . Experience and/or background in industrial companies, preferably linked to engineering or . operations . Competent and fluent (written and verbal) in Spanish and English . Computer literacy with good working knowledge of the MS Office package . Experience with SAP and Ariba software . Knowledge of EHS standards and industry good practices . Must have the Knowledge, Experience and Skills to conduct their tasks in accordance with the Non-Technical Profile Requirements : . Organized . Team worker . Result oriented and timely delivery . Positive mindset . Capable to work in Matrix organizations . Problem and conflict solver . Flexible and resilient to work in ambiguous situations with limited supervision . Coaching skills . Good communication Location: . North of Spain, exact location remains confidential till at least early July . Until EOY 2024 remote work, afterwards consultants are expected to work onsite Business Travel: . Travel will be required and outside Spain reimbursed via expenses Contract: . Long term contract . Confirmation of the mission will take place before 1/7 . Official confirmation and contract creation scheduled for early July Start: . Objective +- 1st of August . Consultants can perform notice if 4-6 weeks, longer is to discuss with the manager . Consultants cannot take long holidays in July/August after start due to the high workload Languages: . Fluent In Spanish & English Rate: . Market-level Rates for Spain . All-in Rate for Remote and local presence at SPAIN . No expenses accepted Reason for Hire Specific Skills Required for Project Safety Equipment Not applicable (keep in mind that for Olen and Hoboken sites a neon vest is mandatory) Additional Safety Equipment to be provided by Supplier n.a. Travel Required? Yes Travel percentage- 10%
Infrastructure Engineer - £45K - Brighton An exciting opportunity to join a growing UK-based hosting provider as an Infrastructure Engineer joining their Technical team. Your role Will involve designing, implementing, & maintaining the technological backbone of the organisation's IT infrastructure. Responsibilities will include ensuring the reliability, scalability, & security systems while also contributing to infrastructure improvements. Responsibilities: Infrastructure Design and Implementation: - Design, implement, & maintain scalable, secure, and resilient infrastructure solutions. - Collaborate with cross-functional teams to understand business requirements & translate into infrastructure solutions. - Evaluate new tech & tools enhancing the efficiency and effectiveness of infrastructure. System Administration: - Manage & maintain Servers, networks, storage, and other infrastructure components. - Monitor system performance & proactively trouble issues. - Ensure system security by implementing best practices, security policies, and access controls. Disaster Recovery and Business Continuity: - Design & implement disaster recovery plans to ensure business continuity in the event of system failures or disasters. - Conduct regular backup and recovery testing to validate the effectiveness of the disaster recovery plans. Requirements: - Proven Infrastructure Engineer experience. - Strong understanding of networking concepts, protocols, & technologies. - Virtualization technologies experience such as VMware, Hyper-V, or KVM. - Hands-on cloud experience platforms (AWS, Azure, or Google Cloud). - Knowledge of security best practices & techniques - Data centre experience. Benefits: 28 days holiday + Bank holidays. Annual discretionary bonus. Great team culture (Regular team socials). Vibrant modern office overlooking the Sea. Flexible working hours. Training & development opportunities. Casual dress, company events, company pension 7 private medical insurance. Infrastructure Engineer - £45K - Brighton
16/05/2024
Full time
Infrastructure Engineer - £45K - Brighton An exciting opportunity to join a growing UK-based hosting provider as an Infrastructure Engineer joining their Technical team. Your role Will involve designing, implementing, & maintaining the technological backbone of the organisation's IT infrastructure. Responsibilities will include ensuring the reliability, scalability, & security systems while also contributing to infrastructure improvements. Responsibilities: Infrastructure Design and Implementation: - Design, implement, & maintain scalable, secure, and resilient infrastructure solutions. - Collaborate with cross-functional teams to understand business requirements & translate into infrastructure solutions. - Evaluate new tech & tools enhancing the efficiency and effectiveness of infrastructure. System Administration: - Manage & maintain Servers, networks, storage, and other infrastructure components. - Monitor system performance & proactively trouble issues. - Ensure system security by implementing best practices, security policies, and access controls. Disaster Recovery and Business Continuity: - Design & implement disaster recovery plans to ensure business continuity in the event of system failures or disasters. - Conduct regular backup and recovery testing to validate the effectiveness of the disaster recovery plans. Requirements: - Proven Infrastructure Engineer experience. - Strong understanding of networking concepts, protocols, & technologies. - Virtualization technologies experience such as VMware, Hyper-V, or KVM. - Hands-on cloud experience platforms (AWS, Azure, or Google Cloud). - Knowledge of security best practices & techniques - Data centre experience. Benefits: 28 days holiday + Bank holidays. Annual discretionary bonus. Great team culture (Regular team socials). Vibrant modern office overlooking the Sea. Flexible working hours. Training & development opportunities. Casual dress, company events, company pension 7 private medical insurance. Infrastructure Engineer - £45K - Brighton
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
16/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
16/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Group Senior Penetration Tester - Azure/AWS - Crest - PEN £70k + Benefits + Bonus UK - FULLY REMOTE - (with occasion visits to closest uk office) *Security Check (SC) vetting clearance is a conditional requirement of the role* A global enterprise company are looking for a skilled Senior Penetration Tester to join their highly regarded cyber-security team. The role will be to develop and implement pen testing strategies and measures to maintain and enhance the cyber-security of our business systems, infrastructure, and own the pen testing function in house . Responsibilities for the Group Senior Pen Tester position will include: Develop and implement a comprehensive pen testing strategy for Group business and schedule of pen testing activities. Conduct Pen Tests and output risk assessments and vulnerability assessments to identify potential weaknesses in the organisation's systems, processes, infrastructure, supply chain and employee susceptibility to social engineering techniques. Collaborate with internal teams to develop and implement appropriate controls and measures to mitigate identified risks and vulnerabilities. Conduct thorough and comprehensive penetration tests on various systems, network and applications to identify vulnerabilities and potential security risks. Develop and execute detailed penetration testing methodologies and strategies tailored to meet the specific requirements of the businesses. You will need the following: Must be a Crest Registered Tester (CRT) and hold one or more Crest Certified Tester (CTT) Proven experience as a Penetration Tester, with a strong track record of conducting successful penetration tests on a variety of systems and end to end solutions, applications (SaaS and on-premises), APIs, infrastructure both on premise and cloud (AWS & AZURE). Strong understanding of common security vulnerabilities and attack vectors, as well as the ability to exploit and mitigate them.
15/05/2024
Full time
Group Senior Penetration Tester - Azure/AWS - Crest - PEN £70k + Benefits + Bonus UK - FULLY REMOTE - (with occasion visits to closest uk office) *Security Check (SC) vetting clearance is a conditional requirement of the role* A global enterprise company are looking for a skilled Senior Penetration Tester to join their highly regarded cyber-security team. The role will be to develop and implement pen testing strategies and measures to maintain and enhance the cyber-security of our business systems, infrastructure, and own the pen testing function in house . Responsibilities for the Group Senior Pen Tester position will include: Develop and implement a comprehensive pen testing strategy for Group business and schedule of pen testing activities. Conduct Pen Tests and output risk assessments and vulnerability assessments to identify potential weaknesses in the organisation's systems, processes, infrastructure, supply chain and employee susceptibility to social engineering techniques. Collaborate with internal teams to develop and implement appropriate controls and measures to mitigate identified risks and vulnerabilities. Conduct thorough and comprehensive penetration tests on various systems, network and applications to identify vulnerabilities and potential security risks. Develop and execute detailed penetration testing methodologies and strategies tailored to meet the specific requirements of the businesses. You will need the following: Must be a Crest Registered Tester (CRT) and hold one or more Crest Certified Tester (CTT) Proven experience as a Penetration Tester, with a strong track record of conducting successful penetration tests on a variety of systems and end to end solutions, applications (SaaS and on-premises), APIs, infrastructure both on premise and cloud (AWS & AZURE). Strong understanding of common security vulnerabilities and attack vectors, as well as the ability to exploit and mitigate them.
Request Technology - Craig Johnson
Chicago, Illinois
* Position is bonus eligible* Prestigious Financial Institution is currently seeking an Enterprise Monitoring Technical Lead Engineer with strong Splunk experience. Candidate will lead the investigating, planning, and implementing of the enterprise monitoring system, as well as identify areas for improvement, recommend allocation of resources, and work with solution architects to craft an appropriate remediation or enhancement for these systems. Responsibilities: Translate middle and senior management strategic directives into workable technical directives Monitor project status and take remedial action on projects behind schedule and/or over budget Provide subject matter expertise for ongoing support of third-party tools like Splunk Provide expert-level technical mentoring to more junior members of the team Resolve complex support issues in non-production and production environments. Have an understanding of Cloud Native applications running on Kubernetes within AWS and how exposed APIs may be used to monitor them Assist production support and development staff in debugging environment defects using logging monitors and/or APM-related profiling data Create procedural and troubleshooting documentation related to enterprise monitoring systems and the applications they are monitoring Write complex automation scripts using common automation tools, such as Jenkins, Ansible, and Terraform for the installation, configuration, and/or upgrade of monitoring systems. Qualifications: Expert understanding of: Systems administration and change management practices Enterprise monitoring and reporting tools Experience Scripting and/or coding against APIs In-depth knowledge of common used management and monitoring tech Internet/Web based technologies ITIL Best Practices Experience with tech used to support microservices Network technologies AWS log collection such as CloudTrail, CloudWatch, VPC Flow Logs Monitoring and reporting using SNMP CI/CD tools such as Artifactory, Jenkins, and GIT Cloud native applications, including Terraform experience Technologies used to support microservices Encryption technologies (SSL/TLS, PKI Infrastructure management) Security controls as applied to software technologies Bachelor's degree in a related area 10+ years of related experience 10 years experience working in a distributed multi-platform environment. 3 years experience working with cloud native applications 3 years experience managing technical projects Cloud certification in AWS is a plus
14/05/2024
Full time
* Position is bonus eligible* Prestigious Financial Institution is currently seeking an Enterprise Monitoring Technical Lead Engineer with strong Splunk experience. Candidate will lead the investigating, planning, and implementing of the enterprise monitoring system, as well as identify areas for improvement, recommend allocation of resources, and work with solution architects to craft an appropriate remediation or enhancement for these systems. Responsibilities: Translate middle and senior management strategic directives into workable technical directives Monitor project status and take remedial action on projects behind schedule and/or over budget Provide subject matter expertise for ongoing support of third-party tools like Splunk Provide expert-level technical mentoring to more junior members of the team Resolve complex support issues in non-production and production environments. Have an understanding of Cloud Native applications running on Kubernetes within AWS and how exposed APIs may be used to monitor them Assist production support and development staff in debugging environment defects using logging monitors and/or APM-related profiling data Create procedural and troubleshooting documentation related to enterprise monitoring systems and the applications they are monitoring Write complex automation scripts using common automation tools, such as Jenkins, Ansible, and Terraform for the installation, configuration, and/or upgrade of monitoring systems. Qualifications: Expert understanding of: Systems administration and change management practices Enterprise monitoring and reporting tools Experience Scripting and/or coding against APIs In-depth knowledge of common used management and monitoring tech Internet/Web based technologies ITIL Best Practices Experience with tech used to support microservices Network technologies AWS log collection such as CloudTrail, CloudWatch, VPC Flow Logs Monitoring and reporting using SNMP CI/CD tools such as Artifactory, Jenkins, and GIT Cloud native applications, including Terraform experience Technologies used to support microservices Encryption technologies (SSL/TLS, PKI Infrastructure management) Security controls as applied to software technologies Bachelor's degree in a related area 10+ years of related experience 10 years experience working in a distributed multi-platform environment. 3 years experience working with cloud native applications 3 years experience managing technical projects Cloud certification in AWS is a plus
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Company is currently seeking a Financial Risk Management Systems Product Manager. Candidate will be responsible for maximizing the value of the Products delivered to our stakeholders by representing business interests, working with our technology teams to determine requirements, creating a product roadmap for development, and prioritizing the work. The Product Owner will work in a hybrid agile methodology collaborating with cross-functional teams. The Product Owner must ensure that the technology teams understand and are aligned with the Product vision and that leadership is kept aware of Product progress and status. Responsibilities: Act as the primary point of contact for stakeholders regarding the product backlog and product development Interact with internal and external stakeholders such as regulators, exchanges and other external parties in explaining Products Elicit, interpret, lead requirement workshop discussions with vendors, stakeholders and/or product owners; assist in the development of backlog items and acceptance criteria Work with internal and external stakeholders to understand their needs and ensure that they are reflected in the product backlog Maintain direct communications with senior and middle management Coordinate preparation of materials for Management Committee, Board of Directors and Regulatory meetings as needed Maintain Product Vision and Roadmap Understand regulatory requirements and drivers impacting development goals and plans Evaluate product changes and recommend needed process and system changes Develop functional capabilities within the organization by driving innovation and continuous process improvements Collaborate with cross-functional teams to define and prioritize the product backlog Refine the product backlog to ensure that it is ready for development Maintain product budget and forecast. Seek to optimize product delivery in the most cost effective manner. Collaborate with technology partners and teams to drive strategic plans for system development, integration and deployment Work with the Project Owners/Managers, Technology Lead, and Scrum Master to ensure that the team is following the hybrid agile methodology and that any issues are addressed in a timely manner Document and/or sign-off on acceptance criteria for user stories Ensure that the product backlog is transparent, visible, and understood by all stakeholders Ensure there is a clear traceability of requirements to deliverables Ensure the product complies with all non-functional requirements Comply with all product delivery controls and procedures Continuously monitor and evaluate the product backlog to ensure that it is meeting stakeholder needs and delivering value Identify scope gaps and missing requirements by acquiring an in-depth understanding of current state capabilities (ie, Legacy system) and future state needs Proactively identify and escalates risks and issues to the leadership team. Monitor vendor performance (where applicable) against statements of work Meet complex business needs in an efficient, flexible, and ever-improving manner Indirectly supervise project team members from across FRM and internal technology teams. May involve direct supervision of individuals or teams within one year. Qualifications: Previous experience as a Product Manager/Owner in a hybrid agile methodology is required Strong understanding of Agile product management methodologies and product development processes Excellent communication, collaboration, and presentation skills Strong interpersonal and influencing skills, including ability to interact effectively with peers, all levels of management, regulators and member firms Ability to work effectively with and lead cross-functional teams Strong analytical and problem-solving skills Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports Ability to prioritize and manage multiple tasks and projects simultaneously Ability to work independently in a fast-paced, dynamic environment Must be able to work under deadlines and manage multiple tasks Self-directed; Ability to work both independently with minimal direction or oversight in a team-oriented, collaborative environment Experience working in the financial services industry General securities markets, derivatives knowledge required Strong knowledge in multiple asset classes like equities, interest rates, volatility, commodities, and foreign currencies (Risk Pillar Specific) Experience with central counter-party clearing, settlement of derivatives, financial risk management and regulated capital markets infrastructure Willingness to roll up your sleeves and do whatever is necessary Proficiency using Jira, Confluence, Tableau and Microsoft Office applications Bachelor's degree (or equivalent) in relevant fields including Accounting, Finance, Computer Science, Management Information Systems, Engineering among others MBA, MS or equivalent graduate degree in a relevant field preferred 10+ years of financial risk management experience leading teams and building robust business processes is required 2+ years of product management experience, preferably with Risk Management products and capabilities Demonstrated experience with ensuring effective process change management 10+ years of experience in financial services/regulated capital markets infrastructure. Experience with an exchange, regulator or clearing house preferred
14/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Company is currently seeking a Financial Risk Management Systems Product Manager. Candidate will be responsible for maximizing the value of the Products delivered to our stakeholders by representing business interests, working with our technology teams to determine requirements, creating a product roadmap for development, and prioritizing the work. The Product Owner will work in a hybrid agile methodology collaborating with cross-functional teams. The Product Owner must ensure that the technology teams understand and are aligned with the Product vision and that leadership is kept aware of Product progress and status. Responsibilities: Act as the primary point of contact for stakeholders regarding the product backlog and product development Interact with internal and external stakeholders such as regulators, exchanges and other external parties in explaining Products Elicit, interpret, lead requirement workshop discussions with vendors, stakeholders and/or product owners; assist in the development of backlog items and acceptance criteria Work with internal and external stakeholders to understand their needs and ensure that they are reflected in the product backlog Maintain direct communications with senior and middle management Coordinate preparation of materials for Management Committee, Board of Directors and Regulatory meetings as needed Maintain Product Vision and Roadmap Understand regulatory requirements and drivers impacting development goals and plans Evaluate product changes and recommend needed process and system changes Develop functional capabilities within the organization by driving innovation and continuous process improvements Collaborate with cross-functional teams to define and prioritize the product backlog Refine the product backlog to ensure that it is ready for development Maintain product budget and forecast. Seek to optimize product delivery in the most cost effective manner. Collaborate with technology partners and teams to drive strategic plans for system development, integration and deployment Work with the Project Owners/Managers, Technology Lead, and Scrum Master to ensure that the team is following the hybrid agile methodology and that any issues are addressed in a timely manner Document and/or sign-off on acceptance criteria for user stories Ensure that the product backlog is transparent, visible, and understood by all stakeholders Ensure there is a clear traceability of requirements to deliverables Ensure the product complies with all non-functional requirements Comply with all product delivery controls and procedures Continuously monitor and evaluate the product backlog to ensure that it is meeting stakeholder needs and delivering value Identify scope gaps and missing requirements by acquiring an in-depth understanding of current state capabilities (ie, Legacy system) and future state needs Proactively identify and escalates risks and issues to the leadership team. Monitor vendor performance (where applicable) against statements of work Meet complex business needs in an efficient, flexible, and ever-improving manner Indirectly supervise project team members from across FRM and internal technology teams. May involve direct supervision of individuals or teams within one year. Qualifications: Previous experience as a Product Manager/Owner in a hybrid agile methodology is required Strong understanding of Agile product management methodologies and product development processes Excellent communication, collaboration, and presentation skills Strong interpersonal and influencing skills, including ability to interact effectively with peers, all levels of management, regulators and member firms Ability to work effectively with and lead cross-functional teams Strong analytical and problem-solving skills Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports Ability to prioritize and manage multiple tasks and projects simultaneously Ability to work independently in a fast-paced, dynamic environment Must be able to work under deadlines and manage multiple tasks Self-directed; Ability to work both independently with minimal direction or oversight in a team-oriented, collaborative environment Experience working in the financial services industry General securities markets, derivatives knowledge required Strong knowledge in multiple asset classes like equities, interest rates, volatility, commodities, and foreign currencies (Risk Pillar Specific) Experience with central counter-party clearing, settlement of derivatives, financial risk management and regulated capital markets infrastructure Willingness to roll up your sleeves and do whatever is necessary Proficiency using Jira, Confluence, Tableau and Microsoft Office applications Bachelor's degree (or equivalent) in relevant fields including Accounting, Finance, Computer Science, Management Information Systems, Engineering among others MBA, MS or equivalent graduate degree in a relevant field preferred 10+ years of financial risk management experience leading teams and building robust business processes is required 2+ years of product management experience, preferably with Risk Management products and capabilities Demonstrated experience with ensuring effective process change management 10+ years of experience in financial services/regulated capital markets infrastructure. Experience with an exchange, regulator or clearing house preferred
NO SPONSORSHIP Principal, Software Engineering Enterprise Cloud Monitoring - Splunk SALARY: $200k- $215k base w/up to 30% bonus LOCATION: Dallas, TX 3 days onsite, 2 days remote It is all about on-premises monitoring and cloud monitoring The products they are looking for outside of Splunk is Data Dog, Dynatrace, New Relic Heavy cloud, AWS, EC2, Automation, application performance monitoring, enterprise monitoring, any EMC patrol, Tivoli, and regulatory experience Responsibilities Translate middle and senior management strategic directives into workable technical directives Monitor project status and take remedial action on projects behind schedule and/or over budget Provide subject matter expertise for ongoing support of third-party tools like Splunk Provide expert-level technical mentoring to more junior members of the team Resolve complex support issues in non-production and production environments. Have an understanding of Cloud Native applications running on Kubernetes within AWS and how exposed APIs may be used to monitor them Assist production support and development staff in debugging environment defects using logging monitors and/or APM-related profiling data Create procedural and troubleshooting documentation related to enterprise monitoring systems and the applications they are monitoring Write complex automation scripts using common automation tools, such as Jenkins, Ansible, and Terraform for the installation, configuration, and/or upgrade of monitoring systems Qualifications Systems administration and change management practices Enterprise monitoring and reporting tools Experience Scripting and/or coding against APIs In-depth knowledge of common used management and monitoring tech Internet/Web based technologies ITLT Best Practices Experience with tech used to support microservices Network technologies AWS log collection such as CloudTrail, CloudWatch, VPC Flow Logs Monitoring and reporting using SNMP CI/CD tools such as Artifactory, Jenkins, and GIT Cloud native applications, including Terraform experience Technologies used to support microservices Encryption technologies (SSL/TLS, PKI Infrastructure management) Security controls as applied to software technologies Bachelor's degree 10+ years of related experience Minimum 10 years experience working in a distributed multi-platform environment. Minimum 3 years experience working with cloud native applications Minimum 3 years experience managing technical projects
14/05/2024
Full time
NO SPONSORSHIP Principal, Software Engineering Enterprise Cloud Monitoring - Splunk SALARY: $200k- $215k base w/up to 30% bonus LOCATION: Dallas, TX 3 days onsite, 2 days remote It is all about on-premises monitoring and cloud monitoring The products they are looking for outside of Splunk is Data Dog, Dynatrace, New Relic Heavy cloud, AWS, EC2, Automation, application performance monitoring, enterprise monitoring, any EMC patrol, Tivoli, and regulatory experience Responsibilities Translate middle and senior management strategic directives into workable technical directives Monitor project status and take remedial action on projects behind schedule and/or over budget Provide subject matter expertise for ongoing support of third-party tools like Splunk Provide expert-level technical mentoring to more junior members of the team Resolve complex support issues in non-production and production environments. Have an understanding of Cloud Native applications running on Kubernetes within AWS and how exposed APIs may be used to monitor them Assist production support and development staff in debugging environment defects using logging monitors and/or APM-related profiling data Create procedural and troubleshooting documentation related to enterprise monitoring systems and the applications they are monitoring Write complex automation scripts using common automation tools, such as Jenkins, Ansible, and Terraform for the installation, configuration, and/or upgrade of monitoring systems Qualifications Systems administration and change management practices Enterprise monitoring and reporting tools Experience Scripting and/or coding against APIs In-depth knowledge of common used management and monitoring tech Internet/Web based technologies ITLT Best Practices Experience with tech used to support microservices Network technologies AWS log collection such as CloudTrail, CloudWatch, VPC Flow Logs Monitoring and reporting using SNMP CI/CD tools such as Artifactory, Jenkins, and GIT Cloud native applications, including Terraform experience Technologies used to support microservices Encryption technologies (SSL/TLS, PKI Infrastructure management) Security controls as applied to software technologies Bachelor's degree 10+ years of related experience Minimum 10 years experience working in a distributed multi-platform environment. Minimum 3 years experience working with cloud native applications Minimum 3 years experience managing technical projects