ARM (Advanced Resource Managers)
Romsey, Hampshire
A leading Tech & Engineering client of ours is currently in the market for a Senior Systems Engineer to join the team on a permanent basis. You'll join an expanding Corporate Services IT department that supports mission critical work completed by over 1000 end users across hundreds of Servers. As a Senior Systems Engineer, you'll be understanding, maintaining and developing specific aspects of an enterprise IT environment; encompassing tasks across technical design, implementation and support. You will be a fundamental part of the full rebuild of the clients infrastructure. Key Experience * Systems engineering experience at technical lead level with vendor technologies such as Microsoft, Amazon (AWS), VMWare, RedHat of similar. * Able to design, support and maintain internal IT environments, platforms and services at SME level or above. * Awareness of Defence or National Security IT standards, a background within these domains would be preferential; including within environments that operate at multiple classification levels. * Some exposure to Solution or Enterprise Architecture methods, you do not need to be a practitioner. Key Technologies Below are some of the key enterprise IT technologies deployed by the client, you do not need to be a specialist that covers all of these; training and support will be provided in time where required; * Corporate Microsoft Estate: 1000+ desktops and hundreds of Servers deployed across Romsey, Gloucester, Woking & Manchester. This include 'On-Prem' Microsoft full stack alongside 0365, Azure and AWS offerings. * Cloud platforms: Primarily AWS and Azure covering organisation design (layout), tenancy/account management, security, identity management, service provisioning and reporting functions. * Identity and Directory services: Design, management and maintenance of Microsoft Active Directory, OpenLDAP, KeyCloak and Microsoft's enterprise Single Sign-On technologies. * Mobile device management: Covering 300+ deployed mobile devices, applying best practice and industry standards. * Cyber security and information assurance: Managing and maintaining intrusion detection apparatus, supporting queries/investigations and hardened configuration of IT equipment. * DevSecOps and Site Reliability Engineering: Supporting enterprise software teams and their Ci/CD requirements using tools such as GitLab, Jenkins or SonarQube etc. Disclaimer: This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.
28/03/2024
Full time
A leading Tech & Engineering client of ours is currently in the market for a Senior Systems Engineer to join the team on a permanent basis. You'll join an expanding Corporate Services IT department that supports mission critical work completed by over 1000 end users across hundreds of Servers. As a Senior Systems Engineer, you'll be understanding, maintaining and developing specific aspects of an enterprise IT environment; encompassing tasks across technical design, implementation and support. You will be a fundamental part of the full rebuild of the clients infrastructure. Key Experience * Systems engineering experience at technical lead level with vendor technologies such as Microsoft, Amazon (AWS), VMWare, RedHat of similar. * Able to design, support and maintain internal IT environments, platforms and services at SME level or above. * Awareness of Defence or National Security IT standards, a background within these domains would be preferential; including within environments that operate at multiple classification levels. * Some exposure to Solution or Enterprise Architecture methods, you do not need to be a practitioner. Key Technologies Below are some of the key enterprise IT technologies deployed by the client, you do not need to be a specialist that covers all of these; training and support will be provided in time where required; * Corporate Microsoft Estate: 1000+ desktops and hundreds of Servers deployed across Romsey, Gloucester, Woking & Manchester. This include 'On-Prem' Microsoft full stack alongside 0365, Azure and AWS offerings. * Cloud platforms: Primarily AWS and Azure covering organisation design (layout), tenancy/account management, security, identity management, service provisioning and reporting functions. * Identity and Directory services: Design, management and maintenance of Microsoft Active Directory, OpenLDAP, KeyCloak and Microsoft's enterprise Single Sign-On technologies. * Mobile device management: Covering 300+ deployed mobile devices, applying best practice and industry standards. * Cyber security and information assurance: Managing and maintaining intrusion detection apparatus, supporting queries/investigations and hardened configuration of IT equipment. * DevSecOps and Site Reliability Engineering: Supporting enterprise software teams and their Ci/CD requirements using tools such as GitLab, Jenkins or SonarQube etc. Disclaimer: This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.
Global Senior Security Engineer- £81k-£91k Permanent London - Hybrid Are you passionate about safeguarding sensitive data and thwarting digital threats? We're partnering with a leading global law firm to find a Senior Security Engineer who will be the driving force in their dynamic and collaborative environment. Working Hours and Location: Hybrid working model with 2-3 days in the London, Liverpool Street offices. Hours: 9:00 a.m. to 5:00 p.m. with flexibility in accordance with the needs of the business. As a Global Senior Security Engineer, you'll play a crucial role in architecting and maintaining robust security infrastructure. From managing security risks to spearheading the transition to cloud-based solutions, your expertise will be pivotal in ensuring the integrity of the digital ecosystem. Join a collaborative team where your skills are valued and your growth is supported. Enjoy flexible working hours and a supportive environment that prioritises work-life balance. Your responsibilities will include: Designing and maintaining secure architecture Managing security risks and communicating them effectively Implementing cloud security solutions (eg, Azure, O365) Developing and updating security documentation Overseeing Data Loss Prevention (DLP) systems Assisting in defining DLP policies and incident response Collaborating with IT for security standards Monitoring physical data security methods To excel in this role, you'll need: Extensive InfoSec experience Expertise in networking and security standards Strong CISSP and CEH knowledge Familiarity with ISO 27002 Good documentation and authentication skills Familiarity with security tools like Microsoft Defender, CyberArk, etc. Strong communication skills Exceptional problem-solving abilities and strategic thinking A customer-centric approach with the ability to anticipate needs Ready to fortify digital defences and shape the future of cybersecurity? Apply now to be part of a dynamic global team
28/03/2024
Full time
Global Senior Security Engineer- £81k-£91k Permanent London - Hybrid Are you passionate about safeguarding sensitive data and thwarting digital threats? We're partnering with a leading global law firm to find a Senior Security Engineer who will be the driving force in their dynamic and collaborative environment. Working Hours and Location: Hybrid working model with 2-3 days in the London, Liverpool Street offices. Hours: 9:00 a.m. to 5:00 p.m. with flexibility in accordance with the needs of the business. As a Global Senior Security Engineer, you'll play a crucial role in architecting and maintaining robust security infrastructure. From managing security risks to spearheading the transition to cloud-based solutions, your expertise will be pivotal in ensuring the integrity of the digital ecosystem. Join a collaborative team where your skills are valued and your growth is supported. Enjoy flexible working hours and a supportive environment that prioritises work-life balance. Your responsibilities will include: Designing and maintaining secure architecture Managing security risks and communicating them effectively Implementing cloud security solutions (eg, Azure, O365) Developing and updating security documentation Overseeing Data Loss Prevention (DLP) systems Assisting in defining DLP policies and incident response Collaborating with IT for security standards Monitoring physical data security methods To excel in this role, you'll need: Extensive InfoSec experience Expertise in networking and security standards Strong CISSP and CEH knowledge Familiarity with ISO 27002 Good documentation and authentication skills Familiarity with security tools like Microsoft Defender, CyberArk, etc. Strong communication skills Exceptional problem-solving abilities and strategic thinking A customer-centric approach with the ability to anticipate needs Ready to fortify digital defences and shape the future of cybersecurity? Apply now to be part of a dynamic global team
Junior Technical Writer - Banking/remote Are you a passionate and confident Junior Technical Writer (Cyber security) ready to make a significant contribution working for one of the UK's fastest growing Financial Services Consultancies? Then read on! MHC Overview: MHC are an award-winning IT and Business Consultancy, specialising in Change Management initiatives, which we deliver working in a collaborative way with our Clients. You will have the confidence and the capability to step straight into a specialist consultancy role within one of MHC's Practice areas to provide effective and efficient solutions that support our Clients' business requirements, while working constructively with senior MHC and Client managers and other staff. MHC are hiring a Junior Technical Writer to join us on a PAYE contract basis and work on a project we are delivering for a Tier 1 Bank. We are seeking a Junior Technical Writer to join the bank's Cybersecurity Education and Awareness team to design and deliver clear and effective documentation and communications across several projects of varying complexity. Ideally you will have experience in a technical field such as cybersecurity, software development, or engineering, and is confident working with stakeholders at all levels to gather requirements and translate complex processes and information into accurate, engaging, and digestible content. Responsibilities Work closely with the Senior Technical Writer, you will create effective and impactful: - Technical documentation, - User manuals/guidelines, - Brochures, - Documentation packs, Actively engage with relevant stakeholders and teams to understand projects and their impact. Gather information from subject matter experts to create accurate, accessible, and engaging content to brand and communication guidelines. Create reusable, easy to maintain templates across a range of documentation and content types, including Intranet portals, product catalogues, and presentations. Knowledge, Qualifications & Experience Required skills and qualifications: Must: Minimum of 3 years of experience as technical writer. Must: Excellent spoken and written English with a keen eye for detail. Must: Rapidly grasp complex processes and translate them into accurate and simple content. Minimum of 5 years of experience in the IT industry. Functional understanding of designing and writing for neurodiverse audiences. A flexible, enthusiastic, and accessible team member, calm under pressure, keen to share knowledge, introduce ideas, and assist the team when needed. Good to have skillsets: Use of a project and task management tool such as JIRA or Understanding of process and workflow optimisation. A certification in technical writing. Functional understanding of CSS and HTML, and a development language such as JavaScript. Functional understanding of project, software, UI/UX, and documentation development life cycles. Strong project, prioritisation, and stakeholder management across concurrent projects. Remote working. Please apply now for immediate consideration.
28/03/2024
Project-based
Junior Technical Writer - Banking/remote Are you a passionate and confident Junior Technical Writer (Cyber security) ready to make a significant contribution working for one of the UK's fastest growing Financial Services Consultancies? Then read on! MHC Overview: MHC are an award-winning IT and Business Consultancy, specialising in Change Management initiatives, which we deliver working in a collaborative way with our Clients. You will have the confidence and the capability to step straight into a specialist consultancy role within one of MHC's Practice areas to provide effective and efficient solutions that support our Clients' business requirements, while working constructively with senior MHC and Client managers and other staff. MHC are hiring a Junior Technical Writer to join us on a PAYE contract basis and work on a project we are delivering for a Tier 1 Bank. We are seeking a Junior Technical Writer to join the bank's Cybersecurity Education and Awareness team to design and deliver clear and effective documentation and communications across several projects of varying complexity. Ideally you will have experience in a technical field such as cybersecurity, software development, or engineering, and is confident working with stakeholders at all levels to gather requirements and translate complex processes and information into accurate, engaging, and digestible content. Responsibilities Work closely with the Senior Technical Writer, you will create effective and impactful: - Technical documentation, - User manuals/guidelines, - Brochures, - Documentation packs, Actively engage with relevant stakeholders and teams to understand projects and their impact. Gather information from subject matter experts to create accurate, accessible, and engaging content to brand and communication guidelines. Create reusable, easy to maintain templates across a range of documentation and content types, including Intranet portals, product catalogues, and presentations. Knowledge, Qualifications & Experience Required skills and qualifications: Must: Minimum of 3 years of experience as technical writer. Must: Excellent spoken and written English with a keen eye for detail. Must: Rapidly grasp complex processes and translate them into accurate and simple content. Minimum of 5 years of experience in the IT industry. Functional understanding of designing and writing for neurodiverse audiences. A flexible, enthusiastic, and accessible team member, calm under pressure, keen to share knowledge, introduce ideas, and assist the team when needed. Good to have skillsets: Use of a project and task management tool such as JIRA or Understanding of process and workflow optimisation. A certification in technical writing. Functional understanding of CSS and HTML, and a development language such as JavaScript. Functional understanding of project, software, UI/UX, and documentation development life cycles. Strong project, prioritisation, and stakeholder management across concurrent projects. Remote working. Please apply now for immediate consideration.
Looking for a tech enthusiast who specializes in enhancing the highly secure PKI services. They seek someone to fill the DevOps role within the Development wing of the PKI service extension. Together, you'll ensure the PKI services remain finely tuned to the rapidly evolving cybersecurity landscape. As a Senior Technical Consultant PKI, your role revolves around ensuring their clients receive top-notch PKI services. Key responsibilities include Strengthening Windows security Establishing standards for securing Windows Servers Deploying BlueX on these Servers To streamline Windows management, the following configurations are essential Implementing Active Directory for enhanced security measures Employing Ivanti for automated patch management Developing Ansible roles for Windows/BlueX administration (Note: Ansible is primarily for Linux Servers)
27/03/2024
Project-based
Looking for a tech enthusiast who specializes in enhancing the highly secure PKI services. They seek someone to fill the DevOps role within the Development wing of the PKI service extension. Together, you'll ensure the PKI services remain finely tuned to the rapidly evolving cybersecurity landscape. As a Senior Technical Consultant PKI, your role revolves around ensuring their clients receive top-notch PKI services. Key responsibilities include Strengthening Windows security Establishing standards for securing Windows Servers Deploying BlueX on these Servers To streamline Windows management, the following configurations are essential Implementing Active Directory for enhanced security measures Employing Ivanti for automated patch management Developing Ansible roles for Windows/BlueX administration (Note: Ansible is primarily for Linux Servers)
Cyber Security Engineer -Luxemburg - 60 - 85k + Car Allowance/Bonus Global IT Services provider are recruiting for multiple mid level and senior security engineers to work on a security cleared project based in Luxemburg. The client is happy to consider people relocating from anywhere in the UK, EU or US. you will be responsible for designing, implementing, and managing security solutions to safeguard the network, applications, and digital assets. Key Responsibilities Replace/upgrade the current infrastructure with new versions or solutions. Recommend and implement new cyber security technologies and solutions. Monitor operational infrastructure - you will leverage standard tools and processes to respond and resolve incidents and requests. Incident Response - Monitor security events, investigate and respond to security incidents, and assist in post-incident analysis and remediation. Documentation: Create and maintain comprehensive documentation related to security configurations, policies, procedures, and incidents. Collaboration: Work closely with cross-functional teams, including IT, Network, and Application Development, to ensure the integration of security measures across the organization. Research and Innovation: Stay up-to-date with emerging security threats, technologies, and best practices, and provide recommendations where appropriate. Qualifications Bachelor's degree in Computer Science, Information Security, or a related field. At least 6 years of field experience in the networking and security area with solutions. Proven experience in network and application security, with expertise in Palo Alto, Bluecoat, F5 (LTM, ASM, APM), ASA VPN or Splunk. Knowledge of Firewall management, intrusion detection, content filtering, web application security, and VPN technologies. Proficiency in PKI design and management, digital certificate issuance, and secure key management. Strong communication skills and the ability to collaborate with diverse teams. A proactive approach to identifying and mitigating security vulnerabilities and risks. Demonstrated ability to work in a fast-paced and dynamic environment. Fluent in English Key Skills Automation Tools, Cloud Security, Firewalls, Local Area Network (LAN), Palo Alto Networks Prisma Access Secure Access Service Edge (SASE), Security Technologies, TCP/IP Networking, Threat Management Cyber Security Engineer -Luxemburg - 60 - 85k + Car Allowance/Bonus
26/03/2024
Full time
Cyber Security Engineer -Luxemburg - 60 - 85k + Car Allowance/Bonus Global IT Services provider are recruiting for multiple mid level and senior security engineers to work on a security cleared project based in Luxemburg. The client is happy to consider people relocating from anywhere in the UK, EU or US. you will be responsible for designing, implementing, and managing security solutions to safeguard the network, applications, and digital assets. Key Responsibilities Replace/upgrade the current infrastructure with new versions or solutions. Recommend and implement new cyber security technologies and solutions. Monitor operational infrastructure - you will leverage standard tools and processes to respond and resolve incidents and requests. Incident Response - Monitor security events, investigate and respond to security incidents, and assist in post-incident analysis and remediation. Documentation: Create and maintain comprehensive documentation related to security configurations, policies, procedures, and incidents. Collaboration: Work closely with cross-functional teams, including IT, Network, and Application Development, to ensure the integration of security measures across the organization. Research and Innovation: Stay up-to-date with emerging security threats, technologies, and best practices, and provide recommendations where appropriate. Qualifications Bachelor's degree in Computer Science, Information Security, or a related field. At least 6 years of field experience in the networking and security area with solutions. Proven experience in network and application security, with expertise in Palo Alto, Bluecoat, F5 (LTM, ASM, APM), ASA VPN or Splunk. Knowledge of Firewall management, intrusion detection, content filtering, web application security, and VPN technologies. Proficiency in PKI design and management, digital certificate issuance, and secure key management. Strong communication skills and the ability to collaborate with diverse teams. A proactive approach to identifying and mitigating security vulnerabilities and risks. Demonstrated ability to work in a fast-paced and dynamic environment. Fluent in English Key Skills Automation Tools, Cloud Security, Firewalls, Local Area Network (LAN), Palo Alto Networks Prisma Access Secure Access Service Edge (SASE), Security Technologies, TCP/IP Networking, Threat Management Cyber Security Engineer -Luxemburg - 60 - 85k + Car Allowance/Bonus
Network Risk and Compliance Analyst: Primary responsibilities will include: Develop and manage monitoring activities to ensure compliance with Information Security and Technology regulatory requirements and internal policies and standards Identify, develop and maintain key risk indicators to track and ensure compliance with established policies and standards Lead global and complex compliance remediation projects with cross-functional teams Conduct targeted reviews to identify risks, opportunities, and areas for improvement Lead development of management action plans; propose resolution options, identify responsible owners, and closure dates Proactively identify and report Information Security and Technology compliance risks Ensure risks are effectively identified, quantified, prioritized, communicated, and managed, including recommendations for risk mitigation, and identifying the root cause/key themes Effectively communicate findings and recommendations to management in detailed and organized format/process via presentations to stakeholders and senior management Manage Audit, Regulatory and Third-Part audits/risk assessments Lead development of formal responses to Audit and Regulatory inquiries or assessments. This may be comprised of documentation gathering, drafting of documents, and researching past activity and reports Centralize compliance responses/data to improve audit response time and create consistent responses across teams Interact with Auditors and Regulators as needed Develop and conduct ongoing risk and compliance training and education Role Requirements: Bachelor's degree in Computer Science, Cyber Security, Information Security, Information Systems Management, Information Technology Auditing or related relevant field Strong technical background in order to communicate effectively with Network Engineers Experience in leading projects, preferably global projects Experience with audits and/or compliance assessments/monitoring. PMI, CISSP, CISM, CISA a plus Ability to operate in a fast-paced global environment. Ability to work under pressure, meet tight deadlines and embrace change. Ability to communicate clearly to various levels of management (including executive management), across various business functions (including engineering)
25/03/2024
Full time
Network Risk and Compliance Analyst: Primary responsibilities will include: Develop and manage monitoring activities to ensure compliance with Information Security and Technology regulatory requirements and internal policies and standards Identify, develop and maintain key risk indicators to track and ensure compliance with established policies and standards Lead global and complex compliance remediation projects with cross-functional teams Conduct targeted reviews to identify risks, opportunities, and areas for improvement Lead development of management action plans; propose resolution options, identify responsible owners, and closure dates Proactively identify and report Information Security and Technology compliance risks Ensure risks are effectively identified, quantified, prioritized, communicated, and managed, including recommendations for risk mitigation, and identifying the root cause/key themes Effectively communicate findings and recommendations to management in detailed and organized format/process via presentations to stakeholders and senior management Manage Audit, Regulatory and Third-Part audits/risk assessments Lead development of formal responses to Audit and Regulatory inquiries or assessments. This may be comprised of documentation gathering, drafting of documents, and researching past activity and reports Centralize compliance responses/data to improve audit response time and create consistent responses across teams Interact with Auditors and Regulators as needed Develop and conduct ongoing risk and compliance training and education Role Requirements: Bachelor's degree in Computer Science, Cyber Security, Information Security, Information Systems Management, Information Technology Auditing or related relevant field Strong technical background in order to communicate effectively with Network Engineers Experience in leading projects, preferably global projects Experience with audits and/or compliance assessments/monitoring. PMI, CISSP, CISM, CISA a plus Ability to operate in a fast-paced global environment. Ability to work under pressure, meet tight deadlines and embrace change. Ability to communicate clearly to various levels of management (including executive management), across various business functions (including engineering)
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
22/03/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
22/03/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Request Technology - Craig Johnson
San Francisco, California
*We are unable to sponsor for this Remote contract role* Prestigious Enterprise Company is currently seeking a Senior CyberArk Engineer. Candidate will be responsible for the implementation and management of CyberArk and other Privileged Management solutions. Candidate will have familiarity working with most CyberArk products, including but not limited to: Privileged Access Manager, Vendor Privileged Access Manager, Cloud Entitlements Manager, Endpoint Privilege Manager, Privileged Session Manager, Privileged Threat Analytics, and Privileged Cloud. Responsibilities: Identifies and leads privileged access management improvements and projects to improve our overall security posture Manages the end-to-end CyberArk environment/application from maintenance to administration Manages all privileged credentials across a hybrid environment Works collaboratively across the business to define and create CyberArk policies, platforms, safes Responsible for utilizing KPI's and metrics to report out on CyberArk system health Actively protects the integrity and confidentiality of our information assets while enabling business functionality in all systems and environments by supporting applicable security solutions Supports departmental and corporate goals by meeting key performance indicators and defined metrics Supports and follows Change Management processes and procedures Serves as a technical escalation resource to less experienced team members Participates in and supports Compliance processes, providing leadership and support to Analysts. Recommends and implements new functionality to enhance compliance processes while ensuring compliance controls are followed and effective. Responsible for 24x7x365 on-call escalation rotational support Qualifications: Deep understanding of CyberArk and its components Prior utilization of representational state transfer application programming interface (REST API) Experience with PAM related architecture and best practices Strong understanding of Cloud Service Providers and relevant experience with integration and configuration of PAM platforms into the cloud Operational experience helping manage CyberArk and Hashi Vault infrastructure Knowledge or usage of Terraform/Hashicorp Configuration language (HCL) Strong understanding of modern deployment technologies including CICD, Terraform, Ansible, and Docker Proficiency in cryptography. Experience with Windows, Unix, Cisco, platforms, and controls. 3-5+ Years' direct experience with CyberArk or Hashi at an Engineering level 5+ Years' experience in PAM management and platforms PAM related certifications (CyberArk Defender OR Sentry/Hashi Administrator)
04/03/2024
Project-based
*We are unable to sponsor for this Remote contract role* Prestigious Enterprise Company is currently seeking a Senior CyberArk Engineer. Candidate will be responsible for the implementation and management of CyberArk and other Privileged Management solutions. Candidate will have familiarity working with most CyberArk products, including but not limited to: Privileged Access Manager, Vendor Privileged Access Manager, Cloud Entitlements Manager, Endpoint Privilege Manager, Privileged Session Manager, Privileged Threat Analytics, and Privileged Cloud. Responsibilities: Identifies and leads privileged access management improvements and projects to improve our overall security posture Manages the end-to-end CyberArk environment/application from maintenance to administration Manages all privileged credentials across a hybrid environment Works collaboratively across the business to define and create CyberArk policies, platforms, safes Responsible for utilizing KPI's and metrics to report out on CyberArk system health Actively protects the integrity and confidentiality of our information assets while enabling business functionality in all systems and environments by supporting applicable security solutions Supports departmental and corporate goals by meeting key performance indicators and defined metrics Supports and follows Change Management processes and procedures Serves as a technical escalation resource to less experienced team members Participates in and supports Compliance processes, providing leadership and support to Analysts. Recommends and implements new functionality to enhance compliance processes while ensuring compliance controls are followed and effective. Responsible for 24x7x365 on-call escalation rotational support Qualifications: Deep understanding of CyberArk and its components Prior utilization of representational state transfer application programming interface (REST API) Experience with PAM related architecture and best practices Strong understanding of Cloud Service Providers and relevant experience with integration and configuration of PAM platforms into the cloud Operational experience helping manage CyberArk and Hashi Vault infrastructure Knowledge or usage of Terraform/Hashicorp Configuration language (HCL) Strong understanding of modern deployment technologies including CICD, Terraform, Ansible, and Docker Proficiency in cryptography. Experience with Windows, Unix, Cisco, platforms, and controls. 3-5+ Years' direct experience with CyberArk or Hashi at an Engineering level 5+ Years' experience in PAM management and platforms PAM related certifications (CyberArk Defender OR Sentry/Hashi Administrator)