Our client are a leading Multi-channel retailer FTSE250 group based in Northampton and are looking for a Security Architect to join their existing team of Architects - the role is Hybrid with 2 days a week expectation in office, 3 can be from home. Security Architect You will play an integral role in growing the team of architects while demonstrating your leadership values through delegation, motivation and trust. You will not just lead, but you will "do". Their culture is exploring, thinking and doing, and you will live this every single day. Some accountabilities of the role: Domain Architect for the Security Domain, you are ultimately accountable for the as-is and target security architectures for the group, working closely with all stakeholders including technical teams, senior stakeholders and external vendors and partners. DevSecOps Work with the technical teams to embed a DevSecOps culture in the Group Technology and Data function, acting as an evangelist of this approach to bring colleagues at all levels on the journey. Mentor through the adoption of a learning mindset and contribute back to practice and technology teams. Whether you lead team members directly or influence more junior architects through mentorship, coaching and architecture reviews, you will help nurture the next generation of talent. Practice developer Contributing to the evolution of the architecture design process, ensuring it is effective and efficient through maintaining the artefacts, conventions and knowledge sharing Your background A confirmed background in hands on information security with extensive real-world experience of working in an agile product development model as well as large systems integration programs, comfortable in tailoring your ways of working to fit with the delivery approach. You keep on top of the changing security technology landscape, grasp the relevance of emerging trends and help the technology team navigate the constantly shifting threat landscape. You are comfortable rolling up your sleeves, getting involved, breaking down silos, and making security a core part of the delivery teams to enable them to succeed. Experience in leading and inspiring colleagues to accomplish exceptional outcomes while building a nurturing, respectful and supportive culture. What's in it for you? You'll be supported by some fantastic training and development and have the opportunity to learn, grow and develop across the Group. They'll also equip you with a benefits package that grows as you grow with the company: Competitive bonus Car allowance Save-as-you-earn scheme Buy-as-you-earn scheme Contributory pension scheme Colleague discount across a variety of Group businesses A bit about them As the largest distributor of building materials in the UK, they have been helping to build Britain for over 200 years. With over 5 businesses, 16,000 colleagues and more than 1,200 branches, stores and sites around the UK they believe they have the best people and the best place to work. Everyone works hard together to deliver results, but most importantly, have some fun along the way. security analyst architect agile architect architecture risk governance compliance cloud pci dss security agile cyber retail northampton bedford milton keynes rugby bicester oxford hybrid devsecops devsecops information security it process audit security analyst architect agile architect architecture risk governance compliance cloud pci dss security agile cyber retail northampton bedford milton keynes rugby bicester oxford hybrid devsecops devsecops information security it process audit security analyst architect agile architect architecture risk governance compliance cloud pci dss security agile cyber retail northampton bedford milton keynes rugby bicester oxford hybrid devsecops devsecops information security it process audit IT stores retail
28/03/2024
Full time
Our client are a leading Multi-channel retailer FTSE250 group based in Northampton and are looking for a Security Architect to join their existing team of Architects - the role is Hybrid with 2 days a week expectation in office, 3 can be from home. Security Architect You will play an integral role in growing the team of architects while demonstrating your leadership values through delegation, motivation and trust. You will not just lead, but you will "do". Their culture is exploring, thinking and doing, and you will live this every single day. Some accountabilities of the role: Domain Architect for the Security Domain, you are ultimately accountable for the as-is and target security architectures for the group, working closely with all stakeholders including technical teams, senior stakeholders and external vendors and partners. DevSecOps Work with the technical teams to embed a DevSecOps culture in the Group Technology and Data function, acting as an evangelist of this approach to bring colleagues at all levels on the journey. Mentor through the adoption of a learning mindset and contribute back to practice and technology teams. Whether you lead team members directly or influence more junior architects through mentorship, coaching and architecture reviews, you will help nurture the next generation of talent. Practice developer Contributing to the evolution of the architecture design process, ensuring it is effective and efficient through maintaining the artefacts, conventions and knowledge sharing Your background A confirmed background in hands on information security with extensive real-world experience of working in an agile product development model as well as large systems integration programs, comfortable in tailoring your ways of working to fit with the delivery approach. You keep on top of the changing security technology landscape, grasp the relevance of emerging trends and help the technology team navigate the constantly shifting threat landscape. You are comfortable rolling up your sleeves, getting involved, breaking down silos, and making security a core part of the delivery teams to enable them to succeed. Experience in leading and inspiring colleagues to accomplish exceptional outcomes while building a nurturing, respectful and supportive culture. What's in it for you? You'll be supported by some fantastic training and development and have the opportunity to learn, grow and develop across the Group. They'll also equip you with a benefits package that grows as you grow with the company: Competitive bonus Car allowance Save-as-you-earn scheme Buy-as-you-earn scheme Contributory pension scheme Colleague discount across a variety of Group businesses A bit about them As the largest distributor of building materials in the UK, they have been helping to build Britain for over 200 years. With over 5 businesses, 16,000 colleagues and more than 1,200 branches, stores and sites around the UK they believe they have the best people and the best place to work. Everyone works hard together to deliver results, but most importantly, have some fun along the way. security analyst architect agile architect architecture risk governance compliance cloud pci dss security agile cyber retail northampton bedford milton keynes rugby bicester oxford hybrid devsecops devsecops information security it process audit security analyst architect agile architect architecture risk governance compliance cloud pci dss security agile cyber retail northampton bedford milton keynes rugby bicester oxford hybrid devsecops devsecops information security it process audit security analyst architect agile architect architecture risk governance compliance cloud pci dss security agile cyber retail northampton bedford milton keynes rugby bicester oxford hybrid devsecops devsecops information security it process audit IT stores retail
Network Risk and Compliance Analyst: Primary responsibilities will include: Develop and manage monitoring activities to ensure compliance with Information Security and Technology regulatory requirements and internal policies and standards Identify, develop and maintain key risk indicators to track and ensure compliance with established policies and standards Lead global and complex compliance remediation projects with cross-functional teams Conduct targeted reviews to identify risks, opportunities, and areas for improvement Lead development of management action plans; propose resolution options, identify responsible owners, and closure dates Proactively identify and report Information Security and Technology compliance risks Ensure risks are effectively identified, quantified, prioritized, communicated, and managed, including recommendations for risk mitigation, and identifying the root cause/key themes Effectively communicate findings and recommendations to management in detailed and organized format/process via presentations to stakeholders and senior management Manage Audit, Regulatory and Third-Part audits/risk assessments Lead development of formal responses to Audit and Regulatory inquiries or assessments. This may be comprised of documentation gathering, drafting of documents, and researching past activity and reports Centralize compliance responses/data to improve audit response time and create consistent responses across teams Interact with Auditors and Regulators as needed Develop and conduct ongoing risk and compliance training and education Role Requirements: Bachelor's degree in Computer Science, Cyber Security, Information Security, Information Systems Management, Information Technology Auditing or related relevant field Strong technical background in order to communicate effectively with Network Engineers Experience in leading projects, preferably global projects Experience with audits and/or compliance assessments/monitoring. PMI, CISSP, CISM, CISA a plus Ability to operate in a fast-paced global environment. Ability to work under pressure, meet tight deadlines and embrace change. Ability to communicate clearly to various levels of management (including executive management), across various business functions (including engineering)
25/03/2024
Full time
Network Risk and Compliance Analyst: Primary responsibilities will include: Develop and manage monitoring activities to ensure compliance with Information Security and Technology regulatory requirements and internal policies and standards Identify, develop and maintain key risk indicators to track and ensure compliance with established policies and standards Lead global and complex compliance remediation projects with cross-functional teams Conduct targeted reviews to identify risks, opportunities, and areas for improvement Lead development of management action plans; propose resolution options, identify responsible owners, and closure dates Proactively identify and report Information Security and Technology compliance risks Ensure risks are effectively identified, quantified, prioritized, communicated, and managed, including recommendations for risk mitigation, and identifying the root cause/key themes Effectively communicate findings and recommendations to management in detailed and organized format/process via presentations to stakeholders and senior management Manage Audit, Regulatory and Third-Part audits/risk assessments Lead development of formal responses to Audit and Regulatory inquiries or assessments. This may be comprised of documentation gathering, drafting of documents, and researching past activity and reports Centralize compliance responses/data to improve audit response time and create consistent responses across teams Interact with Auditors and Regulators as needed Develop and conduct ongoing risk and compliance training and education Role Requirements: Bachelor's degree in Computer Science, Cyber Security, Information Security, Information Systems Management, Information Technology Auditing or related relevant field Strong technical background in order to communicate effectively with Network Engineers Experience in leading projects, preferably global projects Experience with audits and/or compliance assessments/monitoring. PMI, CISSP, CISM, CISA a plus Ability to operate in a fast-paced global environment. Ability to work under pressure, meet tight deadlines and embrace change. Ability to communicate clearly to various levels of management (including executive management), across various business functions (including engineering)
CONTRACT CYBERARK Rate - C2C Open REMOTE DURATION: 6 MONTH MINIMUM Must have excellent communication skills, must have excellent documentation skills, PAM CyberArk Responsible for the implementation and management of CyberArk and other Privileged Management solutions. Has familiarity working with most CyberArk products, including but not limited to: Privileged Access Manager, Vendor Privileged Access Manager, Cloud Entitlements Manager, Endpoint Privilege Manager, Privileged Session Manager, Privileged Threat Analytics, and Privileged Cloud. Identifies and leads privileged access management improvements and projects to improve our overall security posture Manages the end-to-end CyberArk environment/application from maintenance to administration Manages all privileged credentials across a hybrid environment Works collaboratively across the business to define and create CyberArk policies, platforms, safes Responsible for utilizing KPIs and metrics to report out on CyberArk system health Actively protects the integrity and confidentiality of our information assets while enabling business functionality in all systems and environments by supporting applicable security solutions Supports departmental and corporate goals by meeting key performance indicators and defined metrics Supports and follows Change Management processes and procedures Serves as a technical escalation resource to less experienced team members Participates in and supports Compliance processes, providing leadership and support to Analysts. Recommends and implements new functionality to enhance compliance processes while ensuring compliance controls are followed and effective. Responsible for 24x7x365 on-call escalation rotational support Experience : 3+ years of hands-on experience with implementing and managing CyberArk environments 3+ years of experience or training in Identity systems security fundamentals design, implementation and troubleshooting across all computer/server platforms. Experience in designing and standing up a new CyberArk environment or migration to a new environment. Experience supporting a distributed hybrid cloud/on-premises environment Understanding and experience operating within the NIST Security Framework Strong written and verbal communication skills Education/Certifications: Bachelor's degree from an accredited college or university, or equivalent experience. One or more of the following CyberArk certifications are desired but not required: Defender, Sentry, or Guardian Certification in one or more of the following areas is desired but not required: Certified Information Security Professional (CISSP), Certified Cloud Security Professional (CCSP) WORK TO BE PERFORMED: Perform Privileged Access Management (PAM) Work utilizing CyberArk and Hashi Vault Support planning, designing, and executing of the PAM strategy Work on implementing Privileged Session Management solution through CyberArk Work across multiple teams and pillars to socialize and align PAM requirements to the organization Remediate and troubleshoot PAM related errors across the CyberArk and Hashi Platforms Provide operational support for PAM platforms Work on integrations with other applications and systems to provide CyberArk or Hashi support Assist in building CyberArk infrastructure Assist and help lead architecture development and creation of relevant documentation Assist with product documentation and processes for PAM team Deliverables: PAM Strategy draft Implementation of Privileged Session Management solution Process documentation and architectural documentation, as needed Provide subject matter expert level expertise and support on implementing and maintaining the CyberArk platforms. Provide Cloud Security Engineering Services Identify cloud-based security objectives for PAM program and provide SME level expertise Assist with integrating hybrid model with cloud and on-prem services Provide best practices recommendations for cloud connectivity and account management Produce detailed documentation around all aspects of cloud integration and functionality. Deliverables: Provide Cloud related documentation, guidance, and assistance. Operational Skills Assist in Tier 2/3 support of PAM platforms Provide training, documentation, and Standard Operating Procedures (SOP s) to Managed Security Services Provider (MSSP) vendor for continued development of operations support Deliverables: Provide operational support and documentation/guidance for all operational requirements
22/03/2024
Project-based
CONTRACT CYBERARK Rate - C2C Open REMOTE DURATION: 6 MONTH MINIMUM Must have excellent communication skills, must have excellent documentation skills, PAM CyberArk Responsible for the implementation and management of CyberArk and other Privileged Management solutions. Has familiarity working with most CyberArk products, including but not limited to: Privileged Access Manager, Vendor Privileged Access Manager, Cloud Entitlements Manager, Endpoint Privilege Manager, Privileged Session Manager, Privileged Threat Analytics, and Privileged Cloud. Identifies and leads privileged access management improvements and projects to improve our overall security posture Manages the end-to-end CyberArk environment/application from maintenance to administration Manages all privileged credentials across a hybrid environment Works collaboratively across the business to define and create CyberArk policies, platforms, safes Responsible for utilizing KPIs and metrics to report out on CyberArk system health Actively protects the integrity and confidentiality of our information assets while enabling business functionality in all systems and environments by supporting applicable security solutions Supports departmental and corporate goals by meeting key performance indicators and defined metrics Supports and follows Change Management processes and procedures Serves as a technical escalation resource to less experienced team members Participates in and supports Compliance processes, providing leadership and support to Analysts. Recommends and implements new functionality to enhance compliance processes while ensuring compliance controls are followed and effective. Responsible for 24x7x365 on-call escalation rotational support Experience : 3+ years of hands-on experience with implementing and managing CyberArk environments 3+ years of experience or training in Identity systems security fundamentals design, implementation and troubleshooting across all computer/server platforms. Experience in designing and standing up a new CyberArk environment or migration to a new environment. Experience supporting a distributed hybrid cloud/on-premises environment Understanding and experience operating within the NIST Security Framework Strong written and verbal communication skills Education/Certifications: Bachelor's degree from an accredited college or university, or equivalent experience. One or more of the following CyberArk certifications are desired but not required: Defender, Sentry, or Guardian Certification in one or more of the following areas is desired but not required: Certified Information Security Professional (CISSP), Certified Cloud Security Professional (CCSP) WORK TO BE PERFORMED: Perform Privileged Access Management (PAM) Work utilizing CyberArk and Hashi Vault Support planning, designing, and executing of the PAM strategy Work on implementing Privileged Session Management solution through CyberArk Work across multiple teams and pillars to socialize and align PAM requirements to the organization Remediate and troubleshoot PAM related errors across the CyberArk and Hashi Platforms Provide operational support for PAM platforms Work on integrations with other applications and systems to provide CyberArk or Hashi support Assist in building CyberArk infrastructure Assist and help lead architecture development and creation of relevant documentation Assist with product documentation and processes for PAM team Deliverables: PAM Strategy draft Implementation of Privileged Session Management solution Process documentation and architectural documentation, as needed Provide subject matter expert level expertise and support on implementing and maintaining the CyberArk platforms. Provide Cloud Security Engineering Services Identify cloud-based security objectives for PAM program and provide SME level expertise Assist with integrating hybrid model with cloud and on-prem services Provide best practices recommendations for cloud connectivity and account management Produce detailed documentation around all aspects of cloud integration and functionality. Deliverables: Provide Cloud related documentation, guidance, and assistance. Operational Skills Assist in Tier 2/3 support of PAM platforms Provide training, documentation, and Standard Operating Procedures (SOP s) to Managed Security Services Provider (MSSP) vendor for continued development of operations support Deliverables: Provide operational support and documentation/guidance for all operational requirements
Request Technology - Craig Johnson
San Francisco, California
*We are unable to sponsor for this Remote contract role* Prestigious Enterprise Company is currently seeking a Senior CyberArk Engineer. Candidate will be responsible for the implementation and management of CyberArk and other Privileged Management solutions. Candidate will have familiarity working with most CyberArk products, including but not limited to: Privileged Access Manager, Vendor Privileged Access Manager, Cloud Entitlements Manager, Endpoint Privilege Manager, Privileged Session Manager, Privileged Threat Analytics, and Privileged Cloud. Responsibilities: Identifies and leads privileged access management improvements and projects to improve our overall security posture Manages the end-to-end CyberArk environment/application from maintenance to administration Manages all privileged credentials across a hybrid environment Works collaboratively across the business to define and create CyberArk policies, platforms, safes Responsible for utilizing KPI's and metrics to report out on CyberArk system health Actively protects the integrity and confidentiality of our information assets while enabling business functionality in all systems and environments by supporting applicable security solutions Supports departmental and corporate goals by meeting key performance indicators and defined metrics Supports and follows Change Management processes and procedures Serves as a technical escalation resource to less experienced team members Participates in and supports Compliance processes, providing leadership and support to Analysts. Recommends and implements new functionality to enhance compliance processes while ensuring compliance controls are followed and effective. Responsible for 24x7x365 on-call escalation rotational support Qualifications: Deep understanding of CyberArk and its components Prior utilization of representational state transfer application programming interface (REST API) Experience with PAM related architecture and best practices Strong understanding of Cloud Service Providers and relevant experience with integration and configuration of PAM platforms into the cloud Operational experience helping manage CyberArk and Hashi Vault infrastructure Knowledge or usage of Terraform/Hashicorp Configuration language (HCL) Strong understanding of modern deployment technologies including CICD, Terraform, Ansible, and Docker Proficiency in cryptography. Experience with Windows, Unix, Cisco, platforms, and controls. 3-5+ Years' direct experience with CyberArk or Hashi at an Engineering level 5+ Years' experience in PAM management and platforms PAM related certifications (CyberArk Defender OR Sentry/Hashi Administrator)
04/03/2024
Project-based
*We are unable to sponsor for this Remote contract role* Prestigious Enterprise Company is currently seeking a Senior CyberArk Engineer. Candidate will be responsible for the implementation and management of CyberArk and other Privileged Management solutions. Candidate will have familiarity working with most CyberArk products, including but not limited to: Privileged Access Manager, Vendor Privileged Access Manager, Cloud Entitlements Manager, Endpoint Privilege Manager, Privileged Session Manager, Privileged Threat Analytics, and Privileged Cloud. Responsibilities: Identifies and leads privileged access management improvements and projects to improve our overall security posture Manages the end-to-end CyberArk environment/application from maintenance to administration Manages all privileged credentials across a hybrid environment Works collaboratively across the business to define and create CyberArk policies, platforms, safes Responsible for utilizing KPI's and metrics to report out on CyberArk system health Actively protects the integrity and confidentiality of our information assets while enabling business functionality in all systems and environments by supporting applicable security solutions Supports departmental and corporate goals by meeting key performance indicators and defined metrics Supports and follows Change Management processes and procedures Serves as a technical escalation resource to less experienced team members Participates in and supports Compliance processes, providing leadership and support to Analysts. Recommends and implements new functionality to enhance compliance processes while ensuring compliance controls are followed and effective. Responsible for 24x7x365 on-call escalation rotational support Qualifications: Deep understanding of CyberArk and its components Prior utilization of representational state transfer application programming interface (REST API) Experience with PAM related architecture and best practices Strong understanding of Cloud Service Providers and relevant experience with integration and configuration of PAM platforms into the cloud Operational experience helping manage CyberArk and Hashi Vault infrastructure Knowledge or usage of Terraform/Hashicorp Configuration language (HCL) Strong understanding of modern deployment technologies including CICD, Terraform, Ansible, and Docker Proficiency in cryptography. Experience with Windows, Unix, Cisco, platforms, and controls. 3-5+ Years' direct experience with CyberArk or Hashi at an Engineering level 5+ Years' experience in PAM management and platforms PAM related certifications (CyberArk Defender OR Sentry/Hashi Administrator)