CyberArk Architect - 6 Month Contract - Inside IR35 - Remote Are you a skilled CyberArk Architect with a passion for driving large-scale transformational programmes? We have an exciting opportunity for you to join a leading global consultancy renowned for delivering innovative solutions to high-profile clients. This role will place you at the heart of a major project within the Utilities industry, where your expertise will shape the future of identity and access management (IAM) and privileged access management (PAM). Our client is offering a 6-month contract with the flexibility of working remotely in the UK/Ireland. We are seeking candidates with extensive hands-on experience in architecture, design, and implementation of IAM/PAM tools, particularly CyberArk. Key Responsilbites: Develop comprehensive architectural blueprints for CyberArk solutions tailored to the client's requirements Design robust, scalable, and secure IAM/PAM systems with a primary focus on CyberArk Lead the deployment and configuration of CyberArk components Provide technical leadership and guidance throughout the project life cycle, from planning to execution and maintenance Integration of applications, Vsphere Integration, PTA Validations & PSM Connectivity Test with Load Balancer/s. What you Will Ideally Bring: Deep knowledge and hands-on experience with CyberArk Privileged Access Security (PAS) suite, including Enterprise Password Vault (EPV), Privileged Session Manager (PSM), and Privileged Threat Analytics (PTA). Previous experience working on v13.2 Proficiency in other IAM/PAM tools and technologies, demonstrating a broad understanding of the landscape and integration points Knowledge of PSM Session Error/Connectivity tests with Netscalar load balancers. Prior experience working on a full end to end greenfield implementation Capability to design secure, scalable, and robust IAM/PAM architectures tailored to organizational needs. In-depth understanding of security protocols, best practices, and regulatory requirements related to IAM/PAM Contract Details: Duration: 6 months (View to Extension for over 12 Months) Location: Remote Day Rate: Up to £800 Per Day CyberArk Architect - 6 Month Contract - Inside IR35 - Remote
18/06/2024
Project-based
CyberArk Architect - 6 Month Contract - Inside IR35 - Remote Are you a skilled CyberArk Architect with a passion for driving large-scale transformational programmes? We have an exciting opportunity for you to join a leading global consultancy renowned for delivering innovative solutions to high-profile clients. This role will place you at the heart of a major project within the Utilities industry, where your expertise will shape the future of identity and access management (IAM) and privileged access management (PAM). Our client is offering a 6-month contract with the flexibility of working remotely in the UK/Ireland. We are seeking candidates with extensive hands-on experience in architecture, design, and implementation of IAM/PAM tools, particularly CyberArk. Key Responsilbites: Develop comprehensive architectural blueprints for CyberArk solutions tailored to the client's requirements Design robust, scalable, and secure IAM/PAM systems with a primary focus on CyberArk Lead the deployment and configuration of CyberArk components Provide technical leadership and guidance throughout the project life cycle, from planning to execution and maintenance Integration of applications, Vsphere Integration, PTA Validations & PSM Connectivity Test with Load Balancer/s. What you Will Ideally Bring: Deep knowledge and hands-on experience with CyberArk Privileged Access Security (PAS) suite, including Enterprise Password Vault (EPV), Privileged Session Manager (PSM), and Privileged Threat Analytics (PTA). Previous experience working on v13.2 Proficiency in other IAM/PAM tools and technologies, demonstrating a broad understanding of the landscape and integration points Knowledge of PSM Session Error/Connectivity tests with Netscalar load balancers. Prior experience working on a full end to end greenfield implementation Capability to design secure, scalable, and robust IAM/PAM architectures tailored to organizational needs. In-depth understanding of security protocols, best practices, and regulatory requirements related to IAM/PAM Contract Details: Duration: 6 months (View to Extension for over 12 Months) Location: Remote Day Rate: Up to £800 Per Day CyberArk Architect - 6 Month Contract - Inside IR35 - Remote
Description: We are providing business critical services for the global finance organizations in a multinational environment. Billing and Payment services are provided to several countries globally. This includes the life cycle of the application including project changes, BAU changes, service and incident management as well as monitoring and maintenance of the SAP FSCD environment. Overview of the Team The positions will be part of a internal operations/project team that operates out of 3 countries: Switzerland, Spain and Germany. Key tasks and responsibilities - Understands customers' objectives, processes, and products in order to make educated recommendations for applicable FS-CD functionality - Ability to understand and transform business requirements into functional and technical specifications; prepares solution design documents - Provides estimates - Develop and maintain technical solutions - Operational monitoring of business processing and job automation - Analyze operational issues reported and propose solutions as part of change and service management - Supports application testing, implementation, and training activities Skills: ABAP Classic dynpro English German SAP FS-CD Smartforms Employee Value Proposition: This position offers an opportunity to support and create new functionality in FSCD and our custom built tax solution on SAP for Switzerland. The position is part of a motivated team of internals and externals with vast experience in the implementation of FSCD processes. The system implements a wide variety of life and non-life insurance processes for 12 countries offering many benefits for the company. Job Title: SAP IT Advisor Location: Zürich, Switzerland Job Type: Contract TEKsystems, an Allegis Group company. Allegis Group AG, Aeschengraben 20, CH-4051 Basel, Switzerland. Registration No. CHE-101.865.121. TEKsystems is a company within the Allegis Group network of companies (collectively referred to as "Allegis Group"). Aerotek, Aston Carter, EASi, TEKsystems, Stamford Consultants and The Stamford Group are Allegis Group brands. If you apply, your personal data will be processed as described in the Allegis Group Online Privacy Notice available at our website. To access our Online Privacy Notice, which explains what information we may collect, use, share, and store about you, and describes your rights and choices about this, please go our website. We are part of a global network of companies and as a result, the personal data you provide will be shared within Allegis Group and transferred and processed outside the UK, Switzerland and European Economic Area subject to the protections described in the Allegis Group Online Privacy Notice. We store personal data in the UK, EEA, Switzerland and the USA. If you would like to exercise your privacy rights, please visit the "Contacting Us" section of our Online Privacy Notice on our website for details on how to contact us. To protect your privacy and security, we may take steps to verify your identity, such as a password and user ID if there is an account associated with your request, or identifying information such as your address or date of birth, before proceeding with your request. commitments under the UK Data Protection Act, EU-U.S. Privacy Shield or the Swiss-U.S. Privacy Shield.
18/06/2024
Project-based
Description: We are providing business critical services for the global finance organizations in a multinational environment. Billing and Payment services are provided to several countries globally. This includes the life cycle of the application including project changes, BAU changes, service and incident management as well as monitoring and maintenance of the SAP FSCD environment. Overview of the Team The positions will be part of a internal operations/project team that operates out of 3 countries: Switzerland, Spain and Germany. Key tasks and responsibilities - Understands customers' objectives, processes, and products in order to make educated recommendations for applicable FS-CD functionality - Ability to understand and transform business requirements into functional and technical specifications; prepares solution design documents - Provides estimates - Develop and maintain technical solutions - Operational monitoring of business processing and job automation - Analyze operational issues reported and propose solutions as part of change and service management - Supports application testing, implementation, and training activities Skills: ABAP Classic dynpro English German SAP FS-CD Smartforms Employee Value Proposition: This position offers an opportunity to support and create new functionality in FSCD and our custom built tax solution on SAP for Switzerland. The position is part of a motivated team of internals and externals with vast experience in the implementation of FSCD processes. The system implements a wide variety of life and non-life insurance processes for 12 countries offering many benefits for the company. Job Title: SAP IT Advisor Location: Zürich, Switzerland Job Type: Contract TEKsystems, an Allegis Group company. Allegis Group AG, Aeschengraben 20, CH-4051 Basel, Switzerland. Registration No. CHE-101.865.121. TEKsystems is a company within the Allegis Group network of companies (collectively referred to as "Allegis Group"). Aerotek, Aston Carter, EASi, TEKsystems, Stamford Consultants and The Stamford Group are Allegis Group brands. If you apply, your personal data will be processed as described in the Allegis Group Online Privacy Notice available at our website. To access our Online Privacy Notice, which explains what information we may collect, use, share, and store about you, and describes your rights and choices about this, please go our website. We are part of a global network of companies and as a result, the personal data you provide will be shared within Allegis Group and transferred and processed outside the UK, Switzerland and European Economic Area subject to the protections described in the Allegis Group Online Privacy Notice. We store personal data in the UK, EEA, Switzerland and the USA. If you would like to exercise your privacy rights, please visit the "Contacting Us" section of our Online Privacy Notice on our website for details on how to contact us. To protect your privacy and security, we may take steps to verify your identity, such as a password and user ID if there is an account associated with your request, or identifying information such as your address or date of birth, before proceeding with your request. commitments under the UK Data Protection Act, EU-U.S. Privacy Shield or the Swiss-U.S. Privacy Shield.
SOC Engineer (with Elastic Experience) - On-site 5 days per week. Contract Type: Inside IR35 - £635 Security Clearance: Active SC is a must-have Methods has a leading cybersecurity function dedicated to safeguarding businesses from evolving digital threats. We are seeking a talented and motivated Security Operations Center (SOC) Engineer with essential experience in Elastic to join our team. If you're passionate about protecting critical data and infrastructure while leveraging cutting-edge technologies, we want to hear from you. Key Responsibilities: SIEM Management : Utilize your expertise in Security Information and Event Management (SIEM) systems, especially Elastic, to configure, monitor, and manage security alerts and incidents. Leverage Elastic's capabilities to analyze and correlate security data for rapid threat detection and response. Elastic Stack Proficiency: Demonstrate deep knowledge and hands-on experience with the Elastic Stack (Elasticsearch, Logstash, Kibana) for security data analysis and threat intelligence. KQL Query Development: Create advanced Kusto Query Language (KQL) queries to proactively identify potential security threats within Azure environments. Harness the power of data analytics to enhance our security posture and provide Real Time threat intelligence. Networking Security: Implement and maintain network security controls and protocols to protect against unauthorized access, data breaches, and network anomalies. Collaborate with network teams to ensure the security of critical infrastructure. Syslog Management: Configure and maintain syslog Servers to collect and analyze logs from various systems and devices. Identify and investigate security incidents leveraging syslog data to enhance threat detection and incident response capabilities. Azure Security Expertise: Work closely with Azure security tools and services to enhance cloud security, including Identity and Access Management (IAM), Network Security Groups (NSG), and Azure Firewall. Continuously improve security policies and practices in line with Azure best practices. Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field. Proven experience in a SOC role, demonstrating strong analytical and problem-solving skills. Deep knowledge of SIEM solutions, with a focus on Elastic and KQL. Familiarity with Azure security and networking principles. Understanding of syslog and log management. Relevant certifications such as CompTIA Security+, CISSP, or Microsoft Certified: Azure Security Engineer Associate are a bonus.
18/06/2024
Project-based
SOC Engineer (with Elastic Experience) - On-site 5 days per week. Contract Type: Inside IR35 - £635 Security Clearance: Active SC is a must-have Methods has a leading cybersecurity function dedicated to safeguarding businesses from evolving digital threats. We are seeking a talented and motivated Security Operations Center (SOC) Engineer with essential experience in Elastic to join our team. If you're passionate about protecting critical data and infrastructure while leveraging cutting-edge technologies, we want to hear from you. Key Responsibilities: SIEM Management : Utilize your expertise in Security Information and Event Management (SIEM) systems, especially Elastic, to configure, monitor, and manage security alerts and incidents. Leverage Elastic's capabilities to analyze and correlate security data for rapid threat detection and response. Elastic Stack Proficiency: Demonstrate deep knowledge and hands-on experience with the Elastic Stack (Elasticsearch, Logstash, Kibana) for security data analysis and threat intelligence. KQL Query Development: Create advanced Kusto Query Language (KQL) queries to proactively identify potential security threats within Azure environments. Harness the power of data analytics to enhance our security posture and provide Real Time threat intelligence. Networking Security: Implement and maintain network security controls and protocols to protect against unauthorized access, data breaches, and network anomalies. Collaborate with network teams to ensure the security of critical infrastructure. Syslog Management: Configure and maintain syslog Servers to collect and analyze logs from various systems and devices. Identify and investigate security incidents leveraging syslog data to enhance threat detection and incident response capabilities. Azure Security Expertise: Work closely with Azure security tools and services to enhance cloud security, including Identity and Access Management (IAM), Network Security Groups (NSG), and Azure Firewall. Continuously improve security policies and practices in line with Azure best practices. Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field. Proven experience in a SOC role, demonstrating strong analytical and problem-solving skills. Deep knowledge of SIEM solutions, with a focus on Elastic and KQL. Familiarity with Azure security and networking principles. Understanding of syslog and log management. Relevant certifications such as CompTIA Security+, CISSP, or Microsoft Certified: Azure Security Engineer Associate are a bonus.
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
18/06/2024
Full time
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
Senior Cyber Security Architect Salary upto £80,000 Description: Since our establishment in 1990, Methods has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Our mission is to improve and safeguard public-facing services. We apply digital thinking to ensure the future of our public services is centred around our citizens. Our human touch sets us apart from other consultancies, system integrators and software houses - we have a customer-centric value system whereby we focus on delivering what is right for our clients. We passionately support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them. Methods are experts in delivering secure, resilient cyber and information services - keeping systems and data safe. We help reduce risk and vulnerabilities from cyber-attacks by developing a security road-map tailored to your unique needs. We help organisations improve processes such as threat management by building an identity management programme, and establishing prevention, detection and response capabilities to cyber-attacks. Requirements Ability to research, articulate, pitch complex and innovative security advice, at both business and technical levels, for new or existing problems, with the objective to justify and communicate decisions directly to key customer stakeholders including senior management. Able to understand and comprehend the impact of decisions, balancing requirements and deciding between approaches Develop vision, principles and strategy for security for multiple projects or technologies; working in a particular field as subject matter expert, to support a team in delivering engagements at scale, which may require subtle security needs and requirements, contributing to development of information security policy, standards, procedures and guidelines. Effective business acumen and an understanding of the cyber security challenges faced by client, with the objective to develop our cyber assurance practice, by supporting business development and practice management. Experience of identifying and applying security risk and familiarity with common control frameworks, with the ability investigating major breaches of security and recommending appropriate control improvements. Maintaining awareness of key business and industry trends and understanding how they impact responses to cyber risk, with the contribution of the development of our team through training and coaching. Managing, delivering, leading cyber security and cyber risk assignments, with the management of portfolio of clients, across a variety of sectors and locations, including producing documentation, presentation, reports, recommendations and quality assuring, for the work produced by team members and being the point of escalation for lower grade roles. Providing our clients with trusted advice, rooted in a pragmatic and agnostic understanding of their business situation and objectives, to help them navigate complex, risk-driven cyber decisions. Working as a subject matter expert in your particular field, owning and delivering initiatives to embed quality through learning and other activity, working seamlessly and collaboratively with colleagues and clients from other service lines, supporting a team or colleagues to deliver engagements at scale, with the appropriate reach and influence across the teams and communities. Managing diverse teams within an inclusive team culture where people are recognised and encouraged for their contribution. Essential Skills and Experience: An experienced consultant with a background in Cyber Security Minimum 5-7 years of experience in Information Security related positions Minimum 3-5 years of experience in security architecture Cyber Security Certification eg ISC2 CISSP, ISC2 CCSP, ISACA CISM or similar Certification in AWS or Azure for Architecture and Security or similar IASME/Cyber Essentials Plus Certified Expert knowledge of secure network architecture and technical design Experience in creating secure architecture in either AWS and/or Azure Experience providing expert strategy, risk and technical advice, guidance and support on cyber security, both in business-as-usual and for live and planned projects within our clients' business. Expected to be the point of escalation for architects in lower grade roles and lead technical design of systems and services Broad range of cyber and information security skills, knowledge and experience such as security threats and vulnerabilities that impact/and/or emanate from system hardware, software and other infrastructure components, and relevant strategies, controls and activities to prevent, mitigate, detect and resolve security incidents affecting system hardware, software and other infrastructure components. Experience in gap analysis for specific domains, identify gaps in existing capabilities, service maturity. Identify missing cybersecurity and cyber-resiliency capabilities in alignment with changing business needs, threat land scape and technical requirements to increase the quality of the selected solutions also including topics such as products' convergence over time and products decommissioning. Expert knowledge of identifying, developing and communicating threat modelling and understanding the impact of decisions, balancing requirements and deciding between approaches Research and apply innovative security architecture solutions to new or existing problems and be able to justify and communicate subtle design decisions Able to develop vision, principles and strategy for security architects for projects or technologies Demonstrably experienced in working as an effective member of a multi-disciplinary team and reach & influence a wide range of people across larger teams and communities. Excellent stakeholder management, presentation and communication skills, with the ability to interact with senior stakeholders across department and clients Pro-active approach to personal and professional development. Work closely with your peers in the security architecture group, service and solution architects, engineers, project teams. Must hold, or be able to hold, an HMG Security Check (SC) clearance. Ability to apply standards, practices, codes and assessment of certification programmes relevant to the IT industry and the specific organisation or business domain. Experience in writing and creating Cyber Security documents ie Risk Assessments, ESRM, DPIA etc and produce particular patterns and support quality assurance Knowledge of the IT/IS infrastructure (eg databases and LANs) and the IT applications and service processes used within own organisation, including those associated with sustainability and efficiency. Ability to use any tool or system which provides security access control (eg Active Directory) Showing proficiency in the principles and application of cloud/virtualisation (including ownership responsibilities and security implications) and be able to use tools and systems to manage virtualised environments eg Server/desktop virtualisation and SDDC (Software Defined Data Centre). Benefits Holiday: 25 days a year, plus bank holidays, with the option to buy 5 extra days each year Pension: 4% employer contribution and 5% employee contribution Discretionary bonus: based on company and individual performance Life assurance: 4 times base salary Private medical insurance: non-contributory (spouse and dependants included) Worldwide travel insurance: non-contributory (spouse and dependants included) Enhanced maternity and paternity leave after 18 months service Wellness: 24/7 confidential employee assistance programme, including counselling Social: Parties and social events, and commitment to charitable causes Professional development: access to LinkedIn Learning, and discretionary training budget Travel: season ticket loan, cycle to work scheme Development access to LinkedIn Learning, a management development programme and training Wellness 24/7 Confidential employee assistance programme
18/06/2024
Full time
Senior Cyber Security Architect Salary upto £80,000 Description: Since our establishment in 1990, Methods has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Our mission is to improve and safeguard public-facing services. We apply digital thinking to ensure the future of our public services is centred around our citizens. Our human touch sets us apart from other consultancies, system integrators and software houses - we have a customer-centric value system whereby we focus on delivering what is right for our clients. We passionately support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them. Methods are experts in delivering secure, resilient cyber and information services - keeping systems and data safe. We help reduce risk and vulnerabilities from cyber-attacks by developing a security road-map tailored to your unique needs. We help organisations improve processes such as threat management by building an identity management programme, and establishing prevention, detection and response capabilities to cyber-attacks. Requirements Ability to research, articulate, pitch complex and innovative security advice, at both business and technical levels, for new or existing problems, with the objective to justify and communicate decisions directly to key customer stakeholders including senior management. Able to understand and comprehend the impact of decisions, balancing requirements and deciding between approaches Develop vision, principles and strategy for security for multiple projects or technologies; working in a particular field as subject matter expert, to support a team in delivering engagements at scale, which may require subtle security needs and requirements, contributing to development of information security policy, standards, procedures and guidelines. Effective business acumen and an understanding of the cyber security challenges faced by client, with the objective to develop our cyber assurance practice, by supporting business development and practice management. Experience of identifying and applying security risk and familiarity with common control frameworks, with the ability investigating major breaches of security and recommending appropriate control improvements. Maintaining awareness of key business and industry trends and understanding how they impact responses to cyber risk, with the contribution of the development of our team through training and coaching. Managing, delivering, leading cyber security and cyber risk assignments, with the management of portfolio of clients, across a variety of sectors and locations, including producing documentation, presentation, reports, recommendations and quality assuring, for the work produced by team members and being the point of escalation for lower grade roles. Providing our clients with trusted advice, rooted in a pragmatic and agnostic understanding of their business situation and objectives, to help them navigate complex, risk-driven cyber decisions. Working as a subject matter expert in your particular field, owning and delivering initiatives to embed quality through learning and other activity, working seamlessly and collaboratively with colleagues and clients from other service lines, supporting a team or colleagues to deliver engagements at scale, with the appropriate reach and influence across the teams and communities. Managing diverse teams within an inclusive team culture where people are recognised and encouraged for their contribution. Essential Skills and Experience: An experienced consultant with a background in Cyber Security Minimum 5-7 years of experience in Information Security related positions Minimum 3-5 years of experience in security architecture Cyber Security Certification eg ISC2 CISSP, ISC2 CCSP, ISACA CISM or similar Certification in AWS or Azure for Architecture and Security or similar IASME/Cyber Essentials Plus Certified Expert knowledge of secure network architecture and technical design Experience in creating secure architecture in either AWS and/or Azure Experience providing expert strategy, risk and technical advice, guidance and support on cyber security, both in business-as-usual and for live and planned projects within our clients' business. Expected to be the point of escalation for architects in lower grade roles and lead technical design of systems and services Broad range of cyber and information security skills, knowledge and experience such as security threats and vulnerabilities that impact/and/or emanate from system hardware, software and other infrastructure components, and relevant strategies, controls and activities to prevent, mitigate, detect and resolve security incidents affecting system hardware, software and other infrastructure components. Experience in gap analysis for specific domains, identify gaps in existing capabilities, service maturity. Identify missing cybersecurity and cyber-resiliency capabilities in alignment with changing business needs, threat land scape and technical requirements to increase the quality of the selected solutions also including topics such as products' convergence over time and products decommissioning. Expert knowledge of identifying, developing and communicating threat modelling and understanding the impact of decisions, balancing requirements and deciding between approaches Research and apply innovative security architecture solutions to new or existing problems and be able to justify and communicate subtle design decisions Able to develop vision, principles and strategy for security architects for projects or technologies Demonstrably experienced in working as an effective member of a multi-disciplinary team and reach & influence a wide range of people across larger teams and communities. Excellent stakeholder management, presentation and communication skills, with the ability to interact with senior stakeholders across department and clients Pro-active approach to personal and professional development. Work closely with your peers in the security architecture group, service and solution architects, engineers, project teams. Must hold, or be able to hold, an HMG Security Check (SC) clearance. Ability to apply standards, practices, codes and assessment of certification programmes relevant to the IT industry and the specific organisation or business domain. Experience in writing and creating Cyber Security documents ie Risk Assessments, ESRM, DPIA etc and produce particular patterns and support quality assurance Knowledge of the IT/IS infrastructure (eg databases and LANs) and the IT applications and service processes used within own organisation, including those associated with sustainability and efficiency. Ability to use any tool or system which provides security access control (eg Active Directory) Showing proficiency in the principles and application of cloud/virtualisation (including ownership responsibilities and security implications) and be able to use tools and systems to manage virtualised environments eg Server/desktop virtualisation and SDDC (Software Defined Data Centre). Benefits Holiday: 25 days a year, plus bank holidays, with the option to buy 5 extra days each year Pension: 4% employer contribution and 5% employee contribution Discretionary bonus: based on company and individual performance Life assurance: 4 times base salary Private medical insurance: non-contributory (spouse and dependants included) Worldwide travel insurance: non-contributory (spouse and dependants included) Enhanced maternity and paternity leave after 18 months service Wellness: 24/7 confidential employee assistance programme, including counselling Social: Parties and social events, and commitment to charitable causes Professional development: access to LinkedIn Learning, and discretionary training budget Travel: season ticket loan, cycle to work scheme Development access to LinkedIn Learning, a management development programme and training Wellness 24/7 Confidential employee assistance programme
IT Engineer/Normalization Engineer | Long-Term Project | Financial Enterprise We are seeking an experienced IT Engineer for a long-term project in the financial sector. The candidate will play a crucial role in identifying and implementing the most effective approaches to enforce containment actions during cybersecurity crises within our infrastructure. This role involves designing and developing both technical and procedural implementations for manual execution, conducting feasibility studies, and identifying prerequisites and stakeholders. The candidate will also develop and document processes/procedures, conduct simulated testing, and ensure effective execution of these processes during cybersecurity incidents. Key Responsibilities: Containment Action Planning: Identify the most effective approaches to enforce containment actions in case of a cybersecurity crisis. Feasibility Studies: Conduct feasibility studies and identify prerequisites and stakeholders for containment actions. Process Design: Design technical and procedural implementations for manual execution of containment actions. Process Development: Develop processes and procedures for containment action execution, ensuring these are discussed and agreed upon with major stakeholders. Simulated Testing: Conduct simulated testing of developed processes and procedures to ensure effective execution during cybersecurity crises. Documentation: Ensure process/procedure documentation is agreed upon and approved by all stakeholders. Required Knowledge, Skills, and Competences: Enterprise Architecture: Good general knowledge of enterprise architecture across different domains such as Networks, Network Security, Identity and Access Management, Virtualized and BareMetal Infrastructures. Infrastructure Management: Practical experience in managing and administering infrastructure components (eg, Firewalls, Proxies, Active Directory, VMWare ESXi). Process Development: Experience in developing and documenting operational processes and procedures. Analytical Skills: Strong analytical thinking and a structured approach to problem-solving. Stakeholder Management: Excellent stakeholder management and communication skills. Problem-Solving: Critical mindset and problem-solving abilities. Adaptability: Ability to quickly adapt to changing environments and input requirements. Autonomy: Ability to work autonomously without step-by-step guidance. Cybersecurity: Strong cybersecurity mindset. Languages: Fluent in English. Technical Skills and Experience: Normalization Expertise: Experience with normalization, including field formatting, regular expressions (RegEx), inspection rules, and ACIM normalization schemas. Tools: Proficiency with tools such as MS Sentinel, KQL (Kusto Query Language), parsing, and large dataset onboarding. Automation: Experience in automating security incident response activities, integrating large sets of systems, and designing and engineering automation for actions such as isolating laptops, blocking websites/domains, and managing connectivity and permissions. System Integration: Deep knowledge of systems and the ability to connect and communicate with various stakeholders. Engineering & Design: Strong capabilities in engineering and designing systems with a focus on automation and scalability. Specific Tools: Proficiency with the Microsoft stack, Logic Apps, Service Bus, Python, network and Firewall configurations, proxies, Identity and Access Management concepts, Azure AD, and application gateways. Team Structure: Large team consisting of five subteams with specific focus areas, including incident response and detection engineering. Collaborate with the Product Owner (PO) and other stakeholders at both the architectural and engineering levels. Stakeholder Management: Engage with system owners to discuss and manage system limitations, blocking orders, and rule implementations. Conduct discussions and negotiations with various stakeholders to ensure the successful execution of cybersecurity measures. Education and Experience: Relevant education level in IT or a related field. Extensive experience in IT engineering, architecture, and cybersecurity. About Levy Professionals Since 2000 we provide professional solutions to organizations ranging from tech start-ups to global players. From our offices in Amsterdam and London we have built an international and local network of skilled employed professionals and contractors fuelled by our passion for connecting skills with projects. Over the years we have fulfilled over 1700 requirements and nowadays we consistently have 250+ professionals recruited and relocated from 14 countries allocated to various projects. Our strength is the way that we see and treat people. This will always be a key factor in our strategy for many years to come.
17/06/2024
Project-based
IT Engineer/Normalization Engineer | Long-Term Project | Financial Enterprise We are seeking an experienced IT Engineer for a long-term project in the financial sector. The candidate will play a crucial role in identifying and implementing the most effective approaches to enforce containment actions during cybersecurity crises within our infrastructure. This role involves designing and developing both technical and procedural implementations for manual execution, conducting feasibility studies, and identifying prerequisites and stakeholders. The candidate will also develop and document processes/procedures, conduct simulated testing, and ensure effective execution of these processes during cybersecurity incidents. Key Responsibilities: Containment Action Planning: Identify the most effective approaches to enforce containment actions in case of a cybersecurity crisis. Feasibility Studies: Conduct feasibility studies and identify prerequisites and stakeholders for containment actions. Process Design: Design technical and procedural implementations for manual execution of containment actions. Process Development: Develop processes and procedures for containment action execution, ensuring these are discussed and agreed upon with major stakeholders. Simulated Testing: Conduct simulated testing of developed processes and procedures to ensure effective execution during cybersecurity crises. Documentation: Ensure process/procedure documentation is agreed upon and approved by all stakeholders. Required Knowledge, Skills, and Competences: Enterprise Architecture: Good general knowledge of enterprise architecture across different domains such as Networks, Network Security, Identity and Access Management, Virtualized and BareMetal Infrastructures. Infrastructure Management: Practical experience in managing and administering infrastructure components (eg, Firewalls, Proxies, Active Directory, VMWare ESXi). Process Development: Experience in developing and documenting operational processes and procedures. Analytical Skills: Strong analytical thinking and a structured approach to problem-solving. Stakeholder Management: Excellent stakeholder management and communication skills. Problem-Solving: Critical mindset and problem-solving abilities. Adaptability: Ability to quickly adapt to changing environments and input requirements. Autonomy: Ability to work autonomously without step-by-step guidance. Cybersecurity: Strong cybersecurity mindset. Languages: Fluent in English. Technical Skills and Experience: Normalization Expertise: Experience with normalization, including field formatting, regular expressions (RegEx), inspection rules, and ACIM normalization schemas. Tools: Proficiency with tools such as MS Sentinel, KQL (Kusto Query Language), parsing, and large dataset onboarding. Automation: Experience in automating security incident response activities, integrating large sets of systems, and designing and engineering automation for actions such as isolating laptops, blocking websites/domains, and managing connectivity and permissions. System Integration: Deep knowledge of systems and the ability to connect and communicate with various stakeholders. Engineering & Design: Strong capabilities in engineering and designing systems with a focus on automation and scalability. Specific Tools: Proficiency with the Microsoft stack, Logic Apps, Service Bus, Python, network and Firewall configurations, proxies, Identity and Access Management concepts, Azure AD, and application gateways. Team Structure: Large team consisting of five subteams with specific focus areas, including incident response and detection engineering. Collaborate with the Product Owner (PO) and other stakeholders at both the architectural and engineering levels. Stakeholder Management: Engage with system owners to discuss and manage system limitations, blocking orders, and rule implementations. Conduct discussions and negotiations with various stakeholders to ensure the successful execution of cybersecurity measures. Education and Experience: Relevant education level in IT or a related field. Extensive experience in IT engineering, architecture, and cybersecurity. About Levy Professionals Since 2000 we provide professional solutions to organizations ranging from tech start-ups to global players. From our offices in Amsterdam and London we have built an international and local network of skilled employed professionals and contractors fuelled by our passion for connecting skills with projects. Over the years we have fulfilled over 1700 requirements and nowadays we consistently have 250+ professionals recruited and relocated from 14 countries allocated to various projects. Our strength is the way that we see and treat people. This will always be a key factor in our strategy for many years to come.
We are currently looking on behalf of one of our important clients for an IAM Systems Engineer. This role is permanent position based in Zürich Canton & comes with good home office allowance. Your Role: As an Identity Access Management Systems Engineer; hold responsibility for the planning, implementation & operation of IAM solutions. Support an IAM Product Owner in the strategic development of an IAM product & hold responsibility for the identity life cycle management process. Develop IAM solutions based on product backlog requirements. Integrate IAM solutions into an existing application landscape & implement the necessary technical security solutions. Ensure smooth functionality & comply with security guidelines & legal requirements. Create & update technical documentation of IAM solutions & processes. Carry out topic-specific projects if necessary. Your Skills: At least 3 years of professional experience in IT System Engineering in IAM environments. A very good knowledge of IAM Concepts, Architectures & Technologies. A good understanding in the field of Identity Management (SSO, identity encouragement, role-based access control, etc.). Experienced in IAM tools such as Identity Management, Access Management, Directory Services & Federations. Your Profile: Completed University Degree in the area of Computer Science or similar, ideally with focus on Cyber Security/IAM. High self-motivated, analytical, methodical, structured & quality, solution & goal-oriented. Fluent in English & very good German language skills (to at least B2 Level) are mandatory requirements.
17/06/2024
Full time
We are currently looking on behalf of one of our important clients for an IAM Systems Engineer. This role is permanent position based in Zürich Canton & comes with good home office allowance. Your Role: As an Identity Access Management Systems Engineer; hold responsibility for the planning, implementation & operation of IAM solutions. Support an IAM Product Owner in the strategic development of an IAM product & hold responsibility for the identity life cycle management process. Develop IAM solutions based on product backlog requirements. Integrate IAM solutions into an existing application landscape & implement the necessary technical security solutions. Ensure smooth functionality & comply with security guidelines & legal requirements. Create & update technical documentation of IAM solutions & processes. Carry out topic-specific projects if necessary. Your Skills: At least 3 years of professional experience in IT System Engineering in IAM environments. A very good knowledge of IAM Concepts, Architectures & Technologies. A good understanding in the field of Identity Management (SSO, identity encouragement, role-based access control, etc.). Experienced in IAM tools such as Identity Management, Access Management, Directory Services & Federations. Your Profile: Completed University Degree in the area of Computer Science or similar, ideally with focus on Cyber Security/IAM. High self-motivated, analytical, methodical, structured & quality, solution & goal-oriented. Fluent in English & very good German language skills (to at least B2 Level) are mandatory requirements.
Senior Systems Engineer/Junior Technical Architect - Cloud/IAM Hertfordshire - 3 days in the office £65-68k pa + good benefits package Working as part of a global IT team this role is responsible for ensuring that internal and external cloud, web and mobile applications meet IT technical and business requirements. Main responsibilities : Leading the liaison with 3rd party solution providers for new projects or changes to cloud, web and mobile applications Ensure designs adhere to good data practices, compliance, regulatory standards and security frameworks Identifying and capturing non-functional requirements Shaping and evolving technical standards and principles relating to cloud, web and mobile applications Required skills and experience : Cloud (including AWS), web and mobile application technologies Infrastructure and Network understanding, how systems and technology integrate Knowledge of single sign-on, identity and access management (IAM), plus application role-based access Reviewing and advising on third parties' technical designs This is an excellent opportunity for a Senior Systems Engineer/Junior Architect to move in to a more senior position. Please send a CV detailing the required skills and experience for consideration. Senior Systems Engineer/Junior Technical Architect Hertfordshire - 3 days in the office £65-68k pa + good benefits package
14/06/2024
Full time
Senior Systems Engineer/Junior Technical Architect - Cloud/IAM Hertfordshire - 3 days in the office £65-68k pa + good benefits package Working as part of a global IT team this role is responsible for ensuring that internal and external cloud, web and mobile applications meet IT technical and business requirements. Main responsibilities : Leading the liaison with 3rd party solution providers for new projects or changes to cloud, web and mobile applications Ensure designs adhere to good data practices, compliance, regulatory standards and security frameworks Identifying and capturing non-functional requirements Shaping and evolving technical standards and principles relating to cloud, web and mobile applications Required skills and experience : Cloud (including AWS), web and mobile application technologies Infrastructure and Network understanding, how systems and technology integrate Knowledge of single sign-on, identity and access management (IAM), plus application role-based access Reviewing and advising on third parties' technical designs This is an excellent opportunity for a Senior Systems Engineer/Junior Architect to move in to a more senior position. Please send a CV detailing the required skills and experience for consideration. Senior Systems Engineer/Junior Technical Architect Hertfordshire - 3 days in the office £65-68k pa + good benefits package
Solutions Engineer/System Architect - Cloud Hertfordshire - 3 days in the office £65k pa + good benefits package Working as part of a global IT team this role is responsible for ensuring that internal and external cloud, web and mobile applications meet IT technical and business requirements. Main responsibilities : Leading the liaison with 3rd party solution providers for new projects or changes to cloud, web and mobile applications Ensure designs adhere to good data practices, compliance, regulatory standards and security frameworks Identifying and capturing non-functional requirements Shaping and evolving technical standards and principles relating to cloud, web and mobile applications Required skills and experience : Cloud (including AWS), web and mobile application technologies Infrastructure and Network understanding, how systems and technology integrate Knowledge of single sign-on, identity and access management (IAM), plus application role-based access Reviewing and advising on third parties' technical designs This is an excellent opportunity for a Senior Systems Engineer/Junior Architect to move in to a more senior position. Please send a CV detailing the required skills and experience for consideration. Solutions Engineer/System Architect - Cloud Hertfordshire - 3 days in the office £65k pa + good benefits package
14/06/2024
Full time
Solutions Engineer/System Architect - Cloud Hertfordshire - 3 days in the office £65k pa + good benefits package Working as part of a global IT team this role is responsible for ensuring that internal and external cloud, web and mobile applications meet IT technical and business requirements. Main responsibilities : Leading the liaison with 3rd party solution providers for new projects or changes to cloud, web and mobile applications Ensure designs adhere to good data practices, compliance, regulatory standards and security frameworks Identifying and capturing non-functional requirements Shaping and evolving technical standards and principles relating to cloud, web and mobile applications Required skills and experience : Cloud (including AWS), web and mobile application technologies Infrastructure and Network understanding, how systems and technology integrate Knowledge of single sign-on, identity and access management (IAM), plus application role-based access Reviewing and advising on third parties' technical designs This is an excellent opportunity for a Senior Systems Engineer/Junior Architect to move in to a more senior position. Please send a CV detailing the required skills and experience for consideration. Solutions Engineer/System Architect - Cloud Hertfordshire - 3 days in the office £65k pa + good benefits package
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate will be responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is highly preferred Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
12/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate will be responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is highly preferred Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Senior CyberArk Consultant Candidates need SC Clearance and will need to be a UK resident. £550 (Inside IR35) 3 month contract Corsham, primarily remote Essential Responsibilities and Requirements: * Proven "Hands on" experience and technical abilities associated with BAU support activities for CyberArk's Privileged Identity and Privileged Session Management Suites (EPV, CPM, PVWA, PSM, HTML5GW, and DR). * Proven experience in extending existing CyberArk technologies/practices (EPV) and providing recommendations to optimise or enhance BAU services offerings. * Good knowledge and expertise in PAM processes, procedures, and onboarding of accounts into a PAM (ideally CyberArk) solution. Required Experience & Qualifications: * Familiarity with major operating systems such as Microsoft Windows, UNIX, Linux, and applications/Middleware technologies/platforms. * Familiarity with Active Directory structures and Identity Management policies and processes * Familiarity with PAM aspects for major RDBMS such as Microsoft SQL, Oracle, etc. * Experience facilitating business process design as it relates to managing identities and access privileges. * Experience in the Industry acting as a BAU Support Engineer for a PAM (CyberArk) solution. Key skills, behaviours: * Flexible approach and ability to work co-operatively within a newly created team environment. * Should be a self-starter and be able to perform quality assurance and control to create technical deliverables that are error free/with minimal non-functional defects. * Experience in operationally supporting large, complex technical environment. * Methodical and structured in their approach to tasks. * Capability to organise and prioritise tasks. * Strong interpersonal skills to establish/maintain relationships and interact with team members. *Strong organisation and time management skills. * Strong analytical and problem solving skills. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
12/06/2024
Project-based
Senior CyberArk Consultant Candidates need SC Clearance and will need to be a UK resident. £550 (Inside IR35) 3 month contract Corsham, primarily remote Essential Responsibilities and Requirements: * Proven "Hands on" experience and technical abilities associated with BAU support activities for CyberArk's Privileged Identity and Privileged Session Management Suites (EPV, CPM, PVWA, PSM, HTML5GW, and DR). * Proven experience in extending existing CyberArk technologies/practices (EPV) and providing recommendations to optimise or enhance BAU services offerings. * Good knowledge and expertise in PAM processes, procedures, and onboarding of accounts into a PAM (ideally CyberArk) solution. Required Experience & Qualifications: * Familiarity with major operating systems such as Microsoft Windows, UNIX, Linux, and applications/Middleware technologies/platforms. * Familiarity with Active Directory structures and Identity Management policies and processes * Familiarity with PAM aspects for major RDBMS such as Microsoft SQL, Oracle, etc. * Experience facilitating business process design as it relates to managing identities and access privileges. * Experience in the Industry acting as a BAU Support Engineer for a PAM (CyberArk) solution. Key skills, behaviours: * Flexible approach and ability to work co-operatively within a newly created team environment. * Should be a self-starter and be able to perform quality assurance and control to create technical deliverables that are error free/with minimal non-functional defects. * Experience in operationally supporting large, complex technical environment. * Methodical and structured in their approach to tasks. * Capability to organise and prioritise tasks. * Strong interpersonal skills to establish/maintain relationships and interact with team members. *Strong organisation and time management skills. * Strong analytical and problem solving skills. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate will be responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is highly preferred Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
11/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate will be responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is highly preferred Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
11/06/2024
Full time
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
Your Profile Key skills/knowledge/experience: Strong knowledge of cryptographic concepts, HSMs, key management. Hands-on experience in implementing and operating Thales SafeNet HSMs. Hands-on experience in designing and implementing key management solutions for enterprises. Hands-on experience in HSM, Cryptography related fields. Knowledge of Networking and Network Security concepts. Experience working on PKI/key management solutions for connected vehicle systems. Programming knowledge in C/C++ (preferred),Java,.NET. Experience integrating cryptographic libraries and HSMs with applications. Understanding of Information Security Architecture and ecosystem technologies and concepts required like Firewalls, monitoring tools, encryption, web proxies and Identity & access management.
11/06/2024
Full time
Your Profile Key skills/knowledge/experience: Strong knowledge of cryptographic concepts, HSMs, key management. Hands-on experience in implementing and operating Thales SafeNet HSMs. Hands-on experience in designing and implementing key management solutions for enterprises. Hands-on experience in HSM, Cryptography related fields. Knowledge of Networking and Network Security concepts. Experience working on PKI/key management solutions for connected vehicle systems. Programming knowledge in C/C++ (preferred),Java,.NET. Experience integrating cryptographic libraries and HSMs with applications. Understanding of Information Security Architecture and ecosystem technologies and concepts required like Firewalls, monitoring tools, encryption, web proxies and Identity & access management.