IT Security Officer NCSC, ISO27001, CIPT, CISSP, CISM, CISA Up to 50k depending on skills and experience. Hybrid will need to be onsite when required. You need to live within commutable distance of Salisbury and due to the clients location, own transport is essential You must be eligible for SC clearance (lived and worked in UK for the last 5 years minimum) What does the company do: Our client provides infrastructure and support services to the armed forces. What You'll Be Doing: With a strong emphasis on Information Security and compliance, this role is fundamental in ensuring our client complies with its ongoing information security obligations, including but not limited to: MOD Accreditation, ISO27001 and Cyber Essentials Plus. This is a new opportunity which will give you scope to make the role your own and advance your career in the longer term. What You'll Need To Know: Minimum of 3 years of hands-on experience of delivering information security best practice Experience of owning and delivering information security initiatives, including awareness programmes, phishing simulations and training. Experience/understanding of National Cyber Security Centre (NCSC) best practices and guidance Experience of leading and conducting audits (especially ISO27001) is essential in this role. Familiar with principles of good data governance, cyber security and data protection. Ability to work across multiple technical projects simultaneously as required, delivering to deadlines Nice To Have: Experience of working in a MoD restricted environment and familiarity with MoD security standards A recognised information security certification (such as CIPT, CISSP, CISM, CISA, Lead Auditor for ISO27001 What You'll Get to mention a few: 25 days holiday plus bank holidays Holiday purchase to up to 35 days leave in one year 1-2 volunteering days Pension scheme Life assurance x 4 - SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
16/05/2024
Full time
IT Security Officer NCSC, ISO27001, CIPT, CISSP, CISM, CISA Up to 50k depending on skills and experience. Hybrid will need to be onsite when required. You need to live within commutable distance of Salisbury and due to the clients location, own transport is essential You must be eligible for SC clearance (lived and worked in UK for the last 5 years minimum) What does the company do: Our client provides infrastructure and support services to the armed forces. What You'll Be Doing: With a strong emphasis on Information Security and compliance, this role is fundamental in ensuring our client complies with its ongoing information security obligations, including but not limited to: MOD Accreditation, ISO27001 and Cyber Essentials Plus. This is a new opportunity which will give you scope to make the role your own and advance your career in the longer term. What You'll Need To Know: Minimum of 3 years of hands-on experience of delivering information security best practice Experience of owning and delivering information security initiatives, including awareness programmes, phishing simulations and training. Experience/understanding of National Cyber Security Centre (NCSC) best practices and guidance Experience of leading and conducting audits (especially ISO27001) is essential in this role. Familiar with principles of good data governance, cyber security and data protection. Ability to work across multiple technical projects simultaneously as required, delivering to deadlines Nice To Have: Experience of working in a MoD restricted environment and familiarity with MoD security standards A recognised information security certification (such as CIPT, CISSP, CISM, CISA, Lead Auditor for ISO27001 What You'll Get to mention a few: 25 days holiday plus bank holidays Holiday purchase to up to 35 days leave in one year 1-2 volunteering days Pension scheme Life assurance x 4 - SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
Technology Risk and Controls Analyst - Working with a dynamic financial organisation in the heart of the city, whilst not essential any previous Financial/Banking experience would be highly beneficial. The Technology Department delivers differentiation, scalability and security for the business. Reporting to the COO, Technology provides digital tools, software services and infrastructure globally to all business groups. Software development and support teams work in agile streams' aligned to specific business areas. Our other teams work enterprise-wide to provide critical services including our global service desk, network and system infrastructure, IT operations, security, enterprise architecture and design. Technology Governance is responsible for defining Technology-wide standards, controls and reporting to ensure the Technology business is operating effectively and meeting its financial, strategic, assurance and regulatory obligations. The area covers Technology Strategy & Planning, Risk and Controls, Business Resilience, IT Service Continuity and Enterprise Architecture. Overall Responsibilities Facilitating and improving the Technology Risk Management process. Ensuring Technology controls are appropriate, facilitating reporting on Compliance to relevant internal stakeholders Facilitate and support Internal and External Audits, their execution and the tracking of reporting of remediating actions Supporting the development and embedding of underpinning process and procedure documentation, including assisting service/business/process owners with compliance to new policies and operationalising new working practices and procedures. Monitor and report on the performance of these processes across the organisation, recommending and implementing enhancements, and closing coverage gaps. Work with Operational Risk to manage and track key Technology Risks, provide support as part of Entity-wide risk reviews and control gaps. Facilitate the Technology Supplier Management process, ensuring that internal stakeholders are compliant with the framework and the status of 3rd parties is managed. Skills and Experience Essential Excellent verbal and written communication skills Understanding of SOX 404 IT General Controls Experience of working in a regulated environment and with stakeholders across Operational Risk, Audit and Compliance. Desired Experience working in a regulated environment and knowledge of the risk and compliance requirements associated with this. Practical experience of working with Quality Management Systems, ideally with ISO27001 Foundation certification or above. Risk Management - experience of facilitating the management of risks, ideally with a formal accreditation (eg ISO31000 or Management of Risk). IT Service Management - understanding of the disciplines required to design, develop, transition and operate technology services, ideally with a formal ITIL v4 certification. Practical experience of managing small project deliveries and improvement roadmaps. Experience of authoring process and procedure documentation.
16/05/2024
Full time
Technology Risk and Controls Analyst - Working with a dynamic financial organisation in the heart of the city, whilst not essential any previous Financial/Banking experience would be highly beneficial. The Technology Department delivers differentiation, scalability and security for the business. Reporting to the COO, Technology provides digital tools, software services and infrastructure globally to all business groups. Software development and support teams work in agile streams' aligned to specific business areas. Our other teams work enterprise-wide to provide critical services including our global service desk, network and system infrastructure, IT operations, security, enterprise architecture and design. Technology Governance is responsible for defining Technology-wide standards, controls and reporting to ensure the Technology business is operating effectively and meeting its financial, strategic, assurance and regulatory obligations. The area covers Technology Strategy & Planning, Risk and Controls, Business Resilience, IT Service Continuity and Enterprise Architecture. Overall Responsibilities Facilitating and improving the Technology Risk Management process. Ensuring Technology controls are appropriate, facilitating reporting on Compliance to relevant internal stakeholders Facilitate and support Internal and External Audits, their execution and the tracking of reporting of remediating actions Supporting the development and embedding of underpinning process and procedure documentation, including assisting service/business/process owners with compliance to new policies and operationalising new working practices and procedures. Monitor and report on the performance of these processes across the organisation, recommending and implementing enhancements, and closing coverage gaps. Work with Operational Risk to manage and track key Technology Risks, provide support as part of Entity-wide risk reviews and control gaps. Facilitate the Technology Supplier Management process, ensuring that internal stakeholders are compliant with the framework and the status of 3rd parties is managed. Skills and Experience Essential Excellent verbal and written communication skills Understanding of SOX 404 IT General Controls Experience of working in a regulated environment and with stakeholders across Operational Risk, Audit and Compliance. Desired Experience working in a regulated environment and knowledge of the risk and compliance requirements associated with this. Practical experience of working with Quality Management Systems, ideally with ISO27001 Foundation certification or above. Risk Management - experience of facilitating the management of risks, ideally with a formal accreditation (eg ISO31000 or Management of Risk). IT Service Management - understanding of the disciplines required to design, develop, transition and operate technology services, ideally with a formal ITIL v4 certification. Practical experience of managing small project deliveries and improvement roadmaps. Experience of authoring process and procedure documentation.
Location: London - 5 days on-site with occasional travel to Basignstoke Rate: Inside IR35 negotiable Clearance: Candidate must be DV cleared and have Defence experience Duration: 6 months Understanding client objectives and technical requirements, to design end-to-end solutions that address those needs, utilising a range of technologies and platforms. Working closely with engineering teams to ensure design is in alignment with project requirements. Develop solution architectures that consider security, scalability, performance, and maintainability. Provide technical guidance and expertise during the implementation and integration phases. Conduct testing and quality assurance to ensure the solution meets established standards. Troubleshoot and resolve any technical issues that arise during integration. Stay current with emerging technologies and industry best practices to drive innovation. Mandatory skills: Proven experience as a Solutions Architect in a secure environment. Strong knowledge of architecture principles, software development, and integration technologies. Strong problem-solving and analytical skills. Excellent communication and teamwork skills. Certification in relevant technologies or solution architecture is beneficial.
16/05/2024
Project-based
Location: London - 5 days on-site with occasional travel to Basignstoke Rate: Inside IR35 negotiable Clearance: Candidate must be DV cleared and have Defence experience Duration: 6 months Understanding client objectives and technical requirements, to design end-to-end solutions that address those needs, utilising a range of technologies and platforms. Working closely with engineering teams to ensure design is in alignment with project requirements. Develop solution architectures that consider security, scalability, performance, and maintainability. Provide technical guidance and expertise during the implementation and integration phases. Conduct testing and quality assurance to ensure the solution meets established standards. Troubleshoot and resolve any technical issues that arise during integration. Stay current with emerging technologies and industry best practices to drive innovation. Mandatory skills: Proven experience as a Solutions Architect in a secure environment. Strong knowledge of architecture principles, software development, and integration technologies. Strong problem-solving and analytical skills. Excellent communication and teamwork skills. Certification in relevant technologies or solution architecture is beneficial.
Job Title - SC Cleared Health and Safety Assurance Improvement Lead Location - Portsmouth OR Salisbury Salary - £55,000- £63,000 Clearance - SC Clearance is highly desirable Benefits - Exceptional Pension, Bonus, Learning & Development support, 25 days holiday, rising to 30, subsidised gym, discounts with retailers, rental deposit support, option to buy & sell holiday The Client - Curo are partnering with an organisation that delivers world class science and technology, and harness deep operational understanding of defence and security needs. Duties: Be accountable for ensuring that the health, safety and environmental protection Assurance Plan is implemented fully, and working with members of the Risk, Assurance and Governance (RAG) Group to ensure that necessary health, safety and environmental protection assurance and investigation activities are: Identified Understood Planned and resourced Undertaken, with outputs managed with actions closed - on time, in full Promote learning across the company supporting the organisation to become a learning organisation alongside the ongoing development of health, safety and environmental protection management systems to drive industry leading application and performance. Provide direction to the health, safety and environmental protection Data Analysts in the development and monitoring of the companies health, safety and environmental protection performance via the QPulse reporting system including collation of monthly performance data and dashboard management. Essential Experience: Safety, Health and Environmental Diploma or equivalent, eg NVQ Level 5 3 years related experience with a proven background in results driven assurance related activity, strategy, learning development and delivery using a project based mind set to develop performance improvement plans. Be familiar with stakeholder requirements including in particular JSP (Joint Services Publications) in relation to company operations and support strategy and management system design and implementation to these requirements. GradIOSH/CMIOSH, AIEMA or equivalent Desirable Experience: SC Clearance is highly Institute of Leadership and Management Level 5 GradIOSH/CMIOSH (preferred) or AIEMA/PIEMA (preferred) or equivalent We are looking to move swiftly on this one, so apply today. We look forward to receiving your application. To apply for this SC Cleared Health and Safety Assurance Improvement Lead permanent job, please click the button below and submit your latest CV. Curo Services endeavours to respond to all applications, however this may not always be possible during periods of high volume. Thank you for your patience. Curo Services is a trading name of Curo Resourcing Ltd and acts as an Employment Business for contract and temporary recruitment as well as an Employment Agency in relation to permanent vacancies.
16/05/2024
Full time
Job Title - SC Cleared Health and Safety Assurance Improvement Lead Location - Portsmouth OR Salisbury Salary - £55,000- £63,000 Clearance - SC Clearance is highly desirable Benefits - Exceptional Pension, Bonus, Learning & Development support, 25 days holiday, rising to 30, subsidised gym, discounts with retailers, rental deposit support, option to buy & sell holiday The Client - Curo are partnering with an organisation that delivers world class science and technology, and harness deep operational understanding of defence and security needs. Duties: Be accountable for ensuring that the health, safety and environmental protection Assurance Plan is implemented fully, and working with members of the Risk, Assurance and Governance (RAG) Group to ensure that necessary health, safety and environmental protection assurance and investigation activities are: Identified Understood Planned and resourced Undertaken, with outputs managed with actions closed - on time, in full Promote learning across the company supporting the organisation to become a learning organisation alongside the ongoing development of health, safety and environmental protection management systems to drive industry leading application and performance. Provide direction to the health, safety and environmental protection Data Analysts in the development and monitoring of the companies health, safety and environmental protection performance via the QPulse reporting system including collation of monthly performance data and dashboard management. Essential Experience: Safety, Health and Environmental Diploma or equivalent, eg NVQ Level 5 3 years related experience with a proven background in results driven assurance related activity, strategy, learning development and delivery using a project based mind set to develop performance improvement plans. Be familiar with stakeholder requirements including in particular JSP (Joint Services Publications) in relation to company operations and support strategy and management system design and implementation to these requirements. GradIOSH/CMIOSH, AIEMA or equivalent Desirable Experience: SC Clearance is highly Institute of Leadership and Management Level 5 GradIOSH/CMIOSH (preferred) or AIEMA/PIEMA (preferred) or equivalent We are looking to move swiftly on this one, so apply today. We look forward to receiving your application. To apply for this SC Cleared Health and Safety Assurance Improvement Lead permanent job, please click the button below and submit your latest CV. Curo Services endeavours to respond to all applications, however this may not always be possible during periods of high volume. Thank you for your patience. Curo Services is a trading name of Curo Resourcing Ltd and acts as an Employment Business for contract and temporary recruitment as well as an Employment Agency in relation to permanent vacancies.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
16/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
16/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Senior GRC Specialist Salary: $120k-$135k + 10% bonus Location: Chicago, IL or Austin, TX Hybrid: 3 days in-office, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC Technical writing experience 4+ years of Information Security experience Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of Privileged Access Management technologies Responsibilities Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards, and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and life cycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes roadmap development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards.
15/05/2024
Full time
Senior GRC Specialist Salary: $120k-$135k + 10% bonus Location: Chicago, IL or Austin, TX Hybrid: 3 days in-office, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC Technical writing experience 4+ years of Information Security experience Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of Privileged Access Management technologies Responsibilities Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards, and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and life cycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes roadmap development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards.
Senior GRC Specialist Salary: $120k-$135k + 10% bonus Location: Chicago, IL or Austin, TX Hybrid: 3 days in-office, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC Technical writing experience 4+ years of Information Security experience Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of Privileged Access Management technologies Responsibilities Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards, and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and life cycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes roadmap development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards.
15/05/2024
Full time
Senior GRC Specialist Salary: $120k-$135k + 10% bonus Location: Chicago, IL or Austin, TX Hybrid: 3 days in-office, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC Technical writing experience 4+ years of Information Security experience Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of Privileged Access Management technologies Responsibilities Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards, and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and life cycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes roadmap development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards.
SC Cleared Software Engineer Salary: up to £74,000 D.O.E Location: West Midlands (Onsite) Our client, a rapidly growing defence company, are looking for a SC Cleared Software Engineer who's with Python and Networking experience to join them on a permanent basis. They offer world class technological and scientific knowledge to provide global security. As a software engineer, you'll be part of a highly motivated, skilled and multi-disciplinary team delivering to enhance national security , in sectors such as crypt-key , cyber assurance and other complex programmes! Key Tech: Python, Linux, Networking What you get: Flexible, adaptive working Health Cash Plan, Private Medical Insurance and Dental Insurance Matched contribution pension scheme, with life assurance Employee discount portal: Personal Accident Insurance, Travel Insurance, Restaurants, Cinema Tickets and much more Holiday Trading is a benefit that allows most employees to buy up to 5 days' additional leave. We are proud to support the Armed Forces community by honouring the Armed Forces Covenant And more! Our client has a 2 stage interview process and for the right candidate will interview as early as this week! If you're interested in this role, or know anyone who would be, then please apply to this advert with your latest CV.
15/05/2024
Full time
SC Cleared Software Engineer Salary: up to £74,000 D.O.E Location: West Midlands (Onsite) Our client, a rapidly growing defence company, are looking for a SC Cleared Software Engineer who's with Python and Networking experience to join them on a permanent basis. They offer world class technological and scientific knowledge to provide global security. As a software engineer, you'll be part of a highly motivated, skilled and multi-disciplinary team delivering to enhance national security , in sectors such as crypt-key , cyber assurance and other complex programmes! Key Tech: Python, Linux, Networking What you get: Flexible, adaptive working Health Cash Plan, Private Medical Insurance and Dental Insurance Matched contribution pension scheme, with life assurance Employee discount portal: Personal Accident Insurance, Travel Insurance, Restaurants, Cinema Tickets and much more Holiday Trading is a benefit that allows most employees to buy up to 5 days' additional leave. We are proud to support the Armed Forces community by honouring the Armed Forces Covenant And more! Our client has a 2 stage interview process and for the right candidate will interview as early as this week! If you're interested in this role, or know anyone who would be, then please apply to this advert with your latest CV.
IT Infrastructure Engineer Derbyshire Permanent to £35,000 (DOE) + Benefits IT Infrastructure Engineer needed for a permanent career opportunity based near Derby. Start ideally in June/July 2024. A chance to join an established and growing business with scope to work remotely from home (WFH) on a part time hybrid basis. Benefits include: 25 days holiday (plus an extra day every 3 years) + Pension + Life Assurance + Medical Insurance + Training & Development + Flexible Benefits Scheme. Key skills, experience + tasks: IT Infrastructure Engineer needed to build, implement + support the live IT Infrastructure environment. Technical Environment: Windows Server 2016/2019, Active Directory (AD), DNS/DHCP, Group Policies, SCCM, O365 + Azure Cloud. Ensuring the smooth running of the IT infrastructure with minimal downtime + preventative maintenance. Delivering IT infrastructure deployment + upgrade projects with the support of the wider team. Liaising with 3rd party IT suppliers + updating IT documentation. Networking: TCP/IP, VLANs, Switches, Routers, Cisco, Meraki, Virtualisation (Nutanix), Microsoft NPS, Duo MFA + Rapid7. Advantageous Skills: Firewalls, Endpoint Backup/Security, Mimecast Email Security, Cloud File Server, Egnyte, Nasuni, Meraki WiFi, SD-WAN infrastructure.
15/05/2024
Full time
IT Infrastructure Engineer Derbyshire Permanent to £35,000 (DOE) + Benefits IT Infrastructure Engineer needed for a permanent career opportunity based near Derby. Start ideally in June/July 2024. A chance to join an established and growing business with scope to work remotely from home (WFH) on a part time hybrid basis. Benefits include: 25 days holiday (plus an extra day every 3 years) + Pension + Life Assurance + Medical Insurance + Training & Development + Flexible Benefits Scheme. Key skills, experience + tasks: IT Infrastructure Engineer needed to build, implement + support the live IT Infrastructure environment. Technical Environment: Windows Server 2016/2019, Active Directory (AD), DNS/DHCP, Group Policies, SCCM, O365 + Azure Cloud. Ensuring the smooth running of the IT infrastructure with minimal downtime + preventative maintenance. Delivering IT infrastructure deployment + upgrade projects with the support of the wider team. Liaising with 3rd party IT suppliers + updating IT documentation. Networking: TCP/IP, VLANs, Switches, Routers, Cisco, Meraki, Virtualisation (Nutanix), Microsoft NPS, Duo MFA + Rapid7. Advantageous Skills: Firewalls, Endpoint Backup/Security, Mimecast Email Security, Cloud File Server, Egnyte, Nasuni, Meraki WiFi, SD-WAN infrastructure.
Lead Security Architect - Application £80,000 - £95,000 + 10% bonus + benefits West Yorkshire/Hybrid Fruition IT are partnering with a UK national services provider who are going through change, and looking to bring in a skilled Architect to help them set direction and architecture roadmaps for Security. This is a newly created role within a structure of SME domain specialists. This a fantastic opportunity to really take ownership of the application security domain and really be autonomous within that space, own the process and the business unit. The role: Setting the direction and implementing architecture roadmaps. Be the SME specialist for Application Security. Be autonomous within Application Security, take true ownership! Establish and advocate for security best practices. Take a lead, own the process and business unit. Act as the go-to expert, leveraging internal and external resources to deliver top-tier solutions at the highest standard. Experience: Software/Application focused security Migration to Cloud would be ideal Offer: Base Salary: £80,000 - £95,000 (negotiable depending on experience) Bonus: 10% Benefits: Pension, Healthcare, Life Assurance, etc Role requires the chosen individual to be present one day every two weeks in the West Yorkshire head office. We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age.
15/05/2024
Full time
Lead Security Architect - Application £80,000 - £95,000 + 10% bonus + benefits West Yorkshire/Hybrid Fruition IT are partnering with a UK national services provider who are going through change, and looking to bring in a skilled Architect to help them set direction and architecture roadmaps for Security. This is a newly created role within a structure of SME domain specialists. This a fantastic opportunity to really take ownership of the application security domain and really be autonomous within that space, own the process and the business unit. The role: Setting the direction and implementing architecture roadmaps. Be the SME specialist for Application Security. Be autonomous within Application Security, take true ownership! Establish and advocate for security best practices. Take a lead, own the process and business unit. Act as the go-to expert, leveraging internal and external resources to deliver top-tier solutions at the highest standard. Experience: Software/Application focused security Migration to Cloud would be ideal Offer: Base Salary: £80,000 - £95,000 (negotiable depending on experience) Bonus: 10% Benefits: Pension, Healthcare, Life Assurance, etc Role requires the chosen individual to be present one day every two weeks in the West Yorkshire head office. We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age.
NO SPONSORSHIP Manager, Internal Audit Information Technology & Security SALARY: $130k - $165k plus 15% bonus LOCATION: Dallas, TX 3 days in office 2 days remote Looking for a Manager of audit of information technology and security. You will manage a staff over Microsoft applications, archer and GRC. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Qualifications Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). Consulting and/or accounting firm experience. Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software Familiarity with: CyberArk, Splunk, SailPoint Familiarity with: ServiceNow, Jira, Confluence, GitHub Bachelor's degree 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
14/05/2024
Full time
NO SPONSORSHIP Manager, Internal Audit Information Technology & Security SALARY: $130k - $165k plus 15% bonus LOCATION: Dallas, TX 3 days in office 2 days remote Looking for a Manager of audit of information technology and security. You will manage a staff over Microsoft applications, archer and GRC. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Qualifications Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). Consulting and/or accounting firm experience. Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software Familiarity with: CyberArk, Splunk, SailPoint Familiarity with: ServiceNow, Jira, Confluence, GitHub Bachelor's degree 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
NO SPONSORSHIP Manager, Internal Audit Information Technology & Security SALARY: $130k - $165k plus 15% bonus LOCATION: Chicago, IL 3 days in office 2 days remote Looking for a Manager of audit of information technology and security. You will manage a staff over Microsoft applications, archer and GRC. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Qualifications Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). Consulting and/or accounting firm experience. Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software Familiarity with: CyberArk, Splunk, SailPoint Familiarity with: ServiceNow, Jira, Confluence, GitHub Bachelor's degree 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
14/05/2024
Full time
NO SPONSORSHIP Manager, Internal Audit Information Technology & Security SALARY: $130k - $165k plus 15% bonus LOCATION: Chicago, IL 3 days in office 2 days remote Looking for a Manager of audit of information technology and security. You will manage a staff over Microsoft applications, archer and GRC. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Qualifications Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). Consulting and/or accounting firm experience. Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software Familiarity with: CyberArk, Splunk, SailPoint Familiarity with: ServiceNow, Jira, Confluence, GitHub Bachelor's degree 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
Sanderson Government & Defence
Stoke-on-trent, Staffordshire
Security Assurance Coordinator £60,000 - £80,000 Location: Stoke-on-Trent (Fully on-site) I'm currently collaborating with a defence sector-focused consultancy in search of an experienced Security Assurance Coordinator. The role entails overseeing and managing security assurance activities within the organisation. Requirements - Experience in risk and regulatory frameworks and standards such as NIST, ISO27001, MOD JSP440, JSP604. Proven track record in Information Security and Assurance Willing to work x5 days per week on site in Stoke-on-Trent *Candidates must hold an active DV clearance* If this opportunity aligns with your expertise and aspirations, please connect with me at (see below) or call.
13/05/2024
Full time
Security Assurance Coordinator £60,000 - £80,000 Location: Stoke-on-Trent (Fully on-site) I'm currently collaborating with a defence sector-focused consultancy in search of an experienced Security Assurance Coordinator. The role entails overseeing and managing security assurance activities within the organisation. Requirements - Experience in risk and regulatory frameworks and standards such as NIST, ISO27001, MOD JSP440, JSP604. Proven track record in Information Security and Assurance Willing to work x5 days per week on site in Stoke-on-Trent *Candidates must hold an active DV clearance* If this opportunity aligns with your expertise and aspirations, please connect with me at (see below) or call.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
10/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
10/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
We are currently looking on behalf of one of our important clients for an IT Quality Assurance & CSV Manager (German Speaking). The role is a permanent position based in Solothurn Canton & comes with some home office allowance. Your Role: Carry out personnel, technical & people life cycle management of a IT QA & CSV team. Act as a key contact person & all-rounder in the field of IT Quality Assurance & Computer Systems Validation. Advise & support system owners, project managers or suppliers in the validation of computer systems according to internal & external GxP/GAMP specifications (eg in the field of production systems SW, SW development, MES or database systems). Independently prepare the necessary documentation & execution of tests. Support the continuous development of IT processes (eg further development of internal CSV processes or certification of IT service areas according to ISO 27001: Information Security). Act as a key contact person as a CSV expert for customers & audits. Review & approval CSV & system documentation. Your Skills: At least 5 years of relevant professional experience including experience in IT Quality Assurance, Computer Systems Validation & Computer Software Assurance. A sound knowledge of IT Security, GDPR & IT Systems & Infrastructure. Experienced with Q-Systems (eg EU: Annex 11/FDA: 21CFR Part 11). Ideally experienced in the Medical Technology Sector. A knowledge of important IT Standards & Methods (eg ISO27001, ISO 80002-2, ITIL) or ISO 13485:2016 QMS for Medical Devices. Your Profile: Completed relevant Scientific or Technical University Degree. Strong communication skills, assertive & highly quality-oriented. Fluent English & good German language skills (to at least B2 Level) are a mandatory requirement.
10/05/2024
Full time
We are currently looking on behalf of one of our important clients for an IT Quality Assurance & CSV Manager (German Speaking). The role is a permanent position based in Solothurn Canton & comes with some home office allowance. Your Role: Carry out personnel, technical & people life cycle management of a IT QA & CSV team. Act as a key contact person & all-rounder in the field of IT Quality Assurance & Computer Systems Validation. Advise & support system owners, project managers or suppliers in the validation of computer systems according to internal & external GxP/GAMP specifications (eg in the field of production systems SW, SW development, MES or database systems). Independently prepare the necessary documentation & execution of tests. Support the continuous development of IT processes (eg further development of internal CSV processes or certification of IT service areas according to ISO 27001: Information Security). Act as a key contact person as a CSV expert for customers & audits. Review & approval CSV & system documentation. Your Skills: At least 5 years of relevant professional experience including experience in IT Quality Assurance, Computer Systems Validation & Computer Software Assurance. A sound knowledge of IT Security, GDPR & IT Systems & Infrastructure. Experienced with Q-Systems (eg EU: Annex 11/FDA: 21CFR Part 11). Ideally experienced in the Medical Technology Sector. A knowledge of important IT Standards & Methods (eg ISO27001, ISO 80002-2, ITIL) or ISO 13485:2016 QMS for Medical Devices. Your Profile: Completed relevant Scientific or Technical University Degree. Strong communication skills, assertive & highly quality-oriented. Fluent English & good German language skills (to at least B2 Level) are a mandatory requirement.
NEW CONTRACT OPPORTUNITY AVAILABLE FOR AN ILS ENGINEER IN SOUTHAMPTON Searchability NS&D has a contract opportunity for an ILS Engineer to work across an exciting range of projects Must have active SC Clearance £765pd Inside IR35 For more details please call me or email (see below) WHAT WILL THE ILS ENGINEER BE DOING? To carry out new and in-service product and system supportability analysis. Produce high-quality supporting design documentation. Actively collaborate with project, engineering, production, and other business areas to ensure that supportability and support-related design factors are fully considered during the design process to optimise through life support and provide system supportability assurance. To provide high levels of confidence in our capability to meet the internal and external customer ILS support requirements. Support customers and products. Production and amendment of Technical Manuals to various formats, ie ASEP's, COTS manuals Adhere to Business Unit governance and reporting, and active compliance with relevant policies and procedures Support customers and products. SKILLS & EXPERIENCE REQUIRED: Experience in applying ILS methodologies to low volume, high value products and systems in a highly regulated environment. Knowledge and experience of the application of through-life support standards such as ASD S-Series Specifications, DEF STAN 00-600, 00-40, 00-42, Mil Std 217F and KiD Framework. Experience in working with customers in a Matrix managed team Good knowledge of MOD support frameworks and experience in their application as a supplier Experience as a technical author Experience in using industry recognised ILS/ARM modelling software Successful applicant must hold active SC Security Clearance. TO BE CONSIDERED Please either apply by clicking online or emailing me directly to (see below) - I can make myself available outside of normal working hours to suit from 7am until 10pm. If unavailable, please leave a message and either myself or one of my colleagues will respond. By applying for this role, you express consent for us to process & submit (subject to required skills) your application to our client in conjunction with this vacancy only. ILS ENGINEER KEY SKILLS: INTEGRATED LOGISTICS Support Engineer/ILS/ARM/ MODELLING/SUPPORT/FRAMEKWORKS/NATIONAL SECURITY/DEFENCE/GOVERNMENT/SECURITY CLEARED/SECURITY CLEARANCE/SECURITY CHECK/SC CLEARED/SC CLEARANCE
10/05/2024
Project-based
NEW CONTRACT OPPORTUNITY AVAILABLE FOR AN ILS ENGINEER IN SOUTHAMPTON Searchability NS&D has a contract opportunity for an ILS Engineer to work across an exciting range of projects Must have active SC Clearance £765pd Inside IR35 For more details please call me or email (see below) WHAT WILL THE ILS ENGINEER BE DOING? To carry out new and in-service product and system supportability analysis. Produce high-quality supporting design documentation. Actively collaborate with project, engineering, production, and other business areas to ensure that supportability and support-related design factors are fully considered during the design process to optimise through life support and provide system supportability assurance. To provide high levels of confidence in our capability to meet the internal and external customer ILS support requirements. Support customers and products. Production and amendment of Technical Manuals to various formats, ie ASEP's, COTS manuals Adhere to Business Unit governance and reporting, and active compliance with relevant policies and procedures Support customers and products. SKILLS & EXPERIENCE REQUIRED: Experience in applying ILS methodologies to low volume, high value products and systems in a highly regulated environment. Knowledge and experience of the application of through-life support standards such as ASD S-Series Specifications, DEF STAN 00-600, 00-40, 00-42, Mil Std 217F and KiD Framework. Experience in working with customers in a Matrix managed team Good knowledge of MOD support frameworks and experience in their application as a supplier Experience as a technical author Experience in using industry recognised ILS/ARM modelling software Successful applicant must hold active SC Security Clearance. TO BE CONSIDERED Please either apply by clicking online or emailing me directly to (see below) - I can make myself available outside of normal working hours to suit from 7am until 10pm. If unavailable, please leave a message and either myself or one of my colleagues will respond. By applying for this role, you express consent for us to process & submit (subject to required skills) your application to our client in conjunction with this vacancy only. ILS ENGINEER KEY SKILLS: INTEGRATED LOGISTICS Support Engineer/ILS/ARM/ MODELLING/SUPPORT/FRAMEKWORKS/NATIONAL SECURITY/DEFENCE/GOVERNMENT/SECURITY CLEARED/SECURITY CLEARANCE/SECURITY CHECK/SC CLEARED/SC CLEARANCE