ARM (Advanced Resource Managers)
Lead IT Security Manager Permanent Birmingham - 2 Days per week on site £48,900 - £61,140 per annum My client in the Rail industry are looking for a Lead IT Security Manager to join their fast-paced Operations team on a permanent basis. The Lead IT Security Manager is responsible for is the effective management of the Security Operations pillar within the IT Security, Compliance & Identity function. This includes Security technology and Security Operations Centre management. Key focus areas for this role, the ideal candidate will have experience in each of the below; Threat & Vulnerability Management Security Operations Centre - 24/7 Outsourced Web & Content Filtering - ProofPoint, Zscaler, etc. Endpoint Security Infrastructure Security Accountabilities * Lead the Security Operations pillar, determining and delivering requirements, methods, and tools to provide value and reduce risk across proactive monitoring, incident response, threat management and vulnerability management (among other activity) . * Lead the creation and maintenance of Security Operations policy, standards procedures, and documentation (including playbooks and guidance). * Manage the application and compliance of security operations procedures, reviewing actual and potential security breaches, and ensuring their investigation. * Lead the Security Operations team's response to incidents, recommending actions and appropriate control improvements. * Monitor the external environment to gather intelligence on emerging technologies, documenting impacts, threats, and opportunities to IT. * Provide expert advice on threat intelligence activities, identifying which threat categories are most dangerous to the organization and how to defend against them. * Manage vulnerability assessment activities within company IT, providing expert advice where necessary in the review of vulnerability assessment tools and techniques. * Develop, maintain, and test Security Operations' incident management procedures, investigating escalated incidents and facilitating recovery post-incident resolution. * Lead Security Operations risk management activities, leading on the identification of risks and vulnerabilities and assessment of their impacts. * Manage and oversee the day-to-day activity of the SOC supplier who will deliver security capabilities, communicating their activity to relevant teams. * Manage the design, delivery, maintenance, and continuous improvement of the IT Security Ops capabilities in line with business needs. * Manage the Security Operations Centre (SOC) capability, ensuring effective protection, defence, and response to IT security risks. * Promote the Security, Compliance & Identity function to develop and enhance the team profile to develop enduring relationships with stakeholders and teams. * Implement a multi-year Security roadmap that provides proactive capabilities which enable business objectives. * Actively promote and embed Equality Diversity and Inclusion (EDI) in all your work, and support and comply with all organisational initiatives, policies and procedures on EDI. Skills: * Relationship Building. Ability to develop and maintain strong relationships with internal and external stakeholders. * Security Operations. Ability provide leadership for live security incidents and helping conduct robust investigations in order to identify corrective actions and see them through to completion. * Threat Intelligence. Ability to provide guidance on proactive threat identification, analysis, and mitigation. Skilled in actionable intelligence, industry sources, and general awareness of threat landscape. * Vulnerability Assessment. Ability to identify and classify security vulnerabilities in networks, systems and applications and mitigating or eliminating their impact. * Risk Management. Ability to identify IT security operations risks and the delivery of audit remediation activities. * Emerging technology monitoring. Ability to identify and assess new and emerging technologies, products, services, methods and techniques. Knowledge: * Knowledge of IT Service Frameworks, methodologies, and best practice such as ITIL v4 and Agile. * Knowledge of day-to-day activities and best practice within a SOC. * Knowledge of technical security such as Firewalls, network security groups, and access controls. Type of Experience: * Experience of leading a team through the full IT service life cycle, enhancing security posture, and evolving capabilities via continual service improvement. * Experience of leading live cyber incidents and the remediation actions. * Experience of partnering with supplier teams for managed services delivery of improvements. * Experience across the full IT security spectrum (software, Servers, infrastructure, and networks). * Experience designing and implementing secure systems, leading review where necessary of complex security issues. * Experience of enabling and informing risk-based decisions. * Experience dealing with the security implications of transformation and day-to-day product changes. * Experience working with system architectures, displaying a strong understanding of the impact of vulnerabilities on varied systems Disclaimer: This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.
Lead IT Security Manager Permanent Birmingham - 2 Days per week on site £48,900 - £61,140 per annum My client in the Rail industry are looking for a Lead IT Security Manager to join their fast-paced Operations team on a permanent basis. The Lead IT Security Manager is responsible for is the effective management of the Security Operations pillar within the IT Security, Compliance & Identity function. This includes Security technology and Security Operations Centre management. Key focus areas for this role, the ideal candidate will have experience in each of the below; Threat & Vulnerability Management Security Operations Centre - 24/7 Outsourced Web & Content Filtering - ProofPoint, Zscaler, etc. Endpoint Security Infrastructure Security Accountabilities * Lead the Security Operations pillar, determining and delivering requirements, methods, and tools to provide value and reduce risk across proactive monitoring, incident response, threat management and vulnerability management (among other activity) . * Lead the creation and maintenance of Security Operations policy, standards procedures, and documentation (including playbooks and guidance). * Manage the application and compliance of security operations procedures, reviewing actual and potential security breaches, and ensuring their investigation. * Lead the Security Operations team's response to incidents, recommending actions and appropriate control improvements. * Monitor the external environment to gather intelligence on emerging technologies, documenting impacts, threats, and opportunities to IT. * Provide expert advice on threat intelligence activities, identifying which threat categories are most dangerous to the organization and how to defend against them. * Manage vulnerability assessment activities within company IT, providing expert advice where necessary in the review of vulnerability assessment tools and techniques. * Develop, maintain, and test Security Operations' incident management procedures, investigating escalated incidents and facilitating recovery post-incident resolution. * Lead Security Operations risk management activities, leading on the identification of risks and vulnerabilities and assessment of their impacts. * Manage and oversee the day-to-day activity of the SOC supplier who will deliver security capabilities, communicating their activity to relevant teams. * Manage the design, delivery, maintenance, and continuous improvement of the IT Security Ops capabilities in line with business needs. * Manage the Security Operations Centre (SOC) capability, ensuring effective protection, defence, and response to IT security risks. * Promote the Security, Compliance & Identity function to develop and enhance the team profile to develop enduring relationships with stakeholders and teams. * Implement a multi-year Security roadmap that provides proactive capabilities which enable business objectives. * Actively promote and embed Equality Diversity and Inclusion (EDI) in all your work, and support and comply with all organisational initiatives, policies and procedures on EDI. Skills: * Relationship Building. Ability to develop and maintain strong relationships with internal and external stakeholders. * Security Operations. Ability provide leadership for live security incidents and helping conduct robust investigations in order to identify corrective actions and see them through to completion. * Threat Intelligence. Ability to provide guidance on proactive threat identification, analysis, and mitigation. Skilled in actionable intelligence, industry sources, and general awareness of threat landscape. * Vulnerability Assessment. Ability to identify and classify security vulnerabilities in networks, systems and applications and mitigating or eliminating their impact. * Risk Management. Ability to identify IT security operations risks and the delivery of audit remediation activities. * Emerging technology monitoring. Ability to identify and assess new and emerging technologies, products, services, methods and techniques. Knowledge: * Knowledge of IT Service Frameworks, methodologies, and best practice such as ITIL v4 and Agile. * Knowledge of day-to-day activities and best practice within a SOC. * Knowledge of technical security such as Firewalls, network security groups, and access controls. Type of Experience: * Experience of leading a team through the full IT service life cycle, enhancing security posture, and evolving capabilities via continual service improvement. * Experience of leading live cyber incidents and the remediation actions. * Experience of partnering with supplier teams for managed services delivery of improvements. * Experience across the full IT security spectrum (software, Servers, infrastructure, and networks). * Experience designing and implementing secure systems, leading review where necessary of complex security issues. * Experience of enabling and informing risk-based decisions. * Experience dealing with the security implications of transformation and day-to-day product changes. * Experience working with system architectures, displaying a strong understanding of the impact of vulnerabilities on varied systems Disclaimer: This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.
Request Technology - Craig Johnson
Chicago, Illinois
*Position is bonus eligible* Prestigious Financial Company is currently seeking an Information Data Governance and Protection Analyst. Candidate will be responsible for supporting the development and implementation of the information governance, data protection, and privacy program. This includes supporting the development of strategies, policies, procedures, and controls related to the governance and protection of information throughout its life cycle. In addition, the role will work with stakeholders to define the information governance, data protection, and privacy requirements; will facilitate compliance with the identified requirements to control risk; will represent the program to internal and external stakeholders; and will support the development and implementation of training and awareness programs. This role will focus on compliance with applicable regulatory and legal rules and requirements (ie SEC-Regulation SCI, CFTC-System Safeguards, etc.) as they relate to information including support of regulatory exam and Internal Audit remediation planning, tracking, and mitigation. Responsibilities: Work with appropriate stakeholders and across the organization to create a culture that manages information as an enterprise asset Implementation of the information governance, data protection, and privacy program including the development of policies, procedures, and job aids Identification, implementation, and use of technologies to support program objectives and classification standards Execution of controls and risk assessments (eg, third-party risk, privacy, data protection) Responsible in performing the privacy impact assessment on data incidents and working with relevant stakeholders like Security Services and Legal to help closing the incident. Creation and execution of strategies to identify information across the organization and throughout its life cycle Preparation of program for regulatory and internal audits/examinations and timely remediation of any findings Use of technology/tools to track projects, manage deliverables and create reporting that support the program and its objectives Support of compliance assessments for information governance, data protection, and privacy including development of controls to measure risk Development and maintenance of the organization's Records and Information Management (RIM) program, ensuring information across all media and formats is properly retained and disposed including remediation of Legacy information Ensure retention, disposition, protection, and classification are addressed in new applications, platforms, and systems Collaborate with internal and external stakeholders to implement information governance, data protection, and privacy policies and requirements Support and develop training and awareness programs for information governance, data protection, and privacy. Identify trends in privacy and regulatory requirements, compliance enforcement, and action the necessary changes in the program. Qualifications: Strong interest in understanding and solving data challenges with experience in information governance, data protection, and privacy policy Knowledge of and work experience with enterprise systems, networks, databases, and other technical domains Strong attention to detail, customer orientation, communication, and presentation skills including the ability to listen and quickly translate business needs into solutions and build effective working relationships Strong experience in building the capabilities for auto data classification, data security and data protection. Experience with classification standard definitions and settings Experience with Privacy requirements and work with personal information and its protection Strong strategic thinking, problem solving, and analytic skills Utilize metrics as means to improve performance Ability to adapt to change in emerging environments and work across multiple areas Experience in developing policies and procedures Experience in project management, project execution, and managing multiple priorities in a timeline driven environment Experience working in a highly regulated environment including an understanding of audit and compliance requirements Office 365 (Word, Excel, PowerPoint) Experience with systems supporting Compliance, Risk, Audit, Privacy, and Management such as ServiceNow, Archer, etc. Project/Program Management Business Intelligence tool experience Bachelor's degree or higher in information management, information systems, law, computer science or BA/BS in another discipline with equivalent experience Experience in the financial services industry Certifications Preferred: Certifications in Information, Data, Privacy Records or Security such as: Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), Certified Records Manager (CRM), and/or Certified Information Privacy Technologist (CIPT), Certified Information Systems Security Professional (CISSP), Information Governance Professional (IGP), Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA)
*Position is bonus eligible* Prestigious Financial Company is currently seeking an Information Data Governance and Protection Analyst. Candidate will be responsible for supporting the development and implementation of the information governance, data protection, and privacy program. This includes supporting the development of strategies, policies, procedures, and controls related to the governance and protection of information throughout its life cycle. In addition, the role will work with stakeholders to define the information governance, data protection, and privacy requirements; will facilitate compliance with the identified requirements to control risk; will represent the program to internal and external stakeholders; and will support the development and implementation of training and awareness programs. This role will focus on compliance with applicable regulatory and legal rules and requirements (ie SEC-Regulation SCI, CFTC-System Safeguards, etc.) as they relate to information including support of regulatory exam and Internal Audit remediation planning, tracking, and mitigation. Responsibilities: Work with appropriate stakeholders and across the organization to create a culture that manages information as an enterprise asset Implementation of the information governance, data protection, and privacy program including the development of policies, procedures, and job aids Identification, implementation, and use of technologies to support program objectives and classification standards Execution of controls and risk assessments (eg, third-party risk, privacy, data protection) Responsible in performing the privacy impact assessment on data incidents and working with relevant stakeholders like Security Services and Legal to help closing the incident. Creation and execution of strategies to identify information across the organization and throughout its life cycle Preparation of program for regulatory and internal audits/examinations and timely remediation of any findings Use of technology/tools to track projects, manage deliverables and create reporting that support the program and its objectives Support of compliance assessments for information governance, data protection, and privacy including development of controls to measure risk Development and maintenance of the organization's Records and Information Management (RIM) program, ensuring information across all media and formats is properly retained and disposed including remediation of Legacy information Ensure retention, disposition, protection, and classification are addressed in new applications, platforms, and systems Collaborate with internal and external stakeholders to implement information governance, data protection, and privacy policies and requirements Support and develop training and awareness programs for information governance, data protection, and privacy. Identify trends in privacy and regulatory requirements, compliance enforcement, and action the necessary changes in the program. Qualifications: Strong interest in understanding and solving data challenges with experience in information governance, data protection, and privacy policy Knowledge of and work experience with enterprise systems, networks, databases, and other technical domains Strong attention to detail, customer orientation, communication, and presentation skills including the ability to listen and quickly translate business needs into solutions and build effective working relationships Strong experience in building the capabilities for auto data classification, data security and data protection. Experience with classification standard definitions and settings Experience with Privacy requirements and work with personal information and its protection Strong strategic thinking, problem solving, and analytic skills Utilize metrics as means to improve performance Ability to adapt to change in emerging environments and work across multiple areas Experience in developing policies and procedures Experience in project management, project execution, and managing multiple priorities in a timeline driven environment Experience working in a highly regulated environment including an understanding of audit and compliance requirements Office 365 (Word, Excel, PowerPoint) Experience with systems supporting Compliance, Risk, Audit, Privacy, and Management such as ServiceNow, Archer, etc. Project/Program Management Business Intelligence tool experience Bachelor's degree or higher in information management, information systems, law, computer science or BA/BS in another discipline with equivalent experience Experience in the financial services industry Certifications Preferred: Certifications in Information, Data, Privacy Records or Security such as: Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), Certified Records Manager (CRM), and/or Certified Information Privacy Technologist (CIPT), Certified Information Systems Security Professional (CISSP), Information Governance Professional (IGP), Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA)