Skills & Experience Insurance expertise: You should have a strong understanding of the insurance industry. Data Management Expertise: Strong data management skills including: data governance, data quality assurance, data integration, and data architecture. Analytics and Data Science: Experience in in data analytics and data science is essential. Risk Management: you should be well-versed in assessing and mitigating data-related risks, especially those associated with underwriting and reinsurance. Regulatory Compliance: data related regulations experience is essential. Data Strategy experience: including, defining data KPIs, and creating a roadmap for data initiatives. Change Management: you should be skilled in change management to ensure the successful adoption of data initiatives. Vendor Management: Managing relationships with data-related vendors. Cybersecurity Awareness: yoi should be well-informed about cybersecurity practices and take measures to protect data from breaches. In summary, you will be a Data Management professionalin with deep insurance understanding, especially in underwriting and re-insurance with a combination of technical, business, and leadership skills. You are a data professional not a database professional. Primary Duties Provide vision and strategy for all data management initiatives. Champion for global data management, governance, quality, and vendor relationships across the enterprise. Responsible for data management activities, the business data stewards, and data service providers. Work with executives, data owners, and data stewards to achieve data accuracy and process requirement goals for all internal and external customers. Establish data policies, standards, organization, and enforcement of the concepts as established by the organization. Responsible for reporting on progress of enterprise data management governance, including metrics. Leads the creation of program business definitions and data management goals and principles. Oversee the monitoring of data quality efforts within the organization and provides a central authority for the resolution on data management issues. Establish data vendor management strategy and provides oversight to support implementation and coordinates with the IT organization through the CIO. Oversee the education of the organization on data management concepts, the appropriate usage of data, enterprise master data management and data quality concepts, enterprise decision-support concepts, data vendor capabilities, definition and appropriateness of data management, rules on data access, and other data-related issues. Bear executive responsibility for enterprise information/data management budget and data-related systems initiatives. Oversees evaluation of all data movement projects and ensures the enforcement of the data strategy.
21/05/2024
Full time
Skills & Experience Insurance expertise: You should have a strong understanding of the insurance industry. Data Management Expertise: Strong data management skills including: data governance, data quality assurance, data integration, and data architecture. Analytics and Data Science: Experience in in data analytics and data science is essential. Risk Management: you should be well-versed in assessing and mitigating data-related risks, especially those associated with underwriting and reinsurance. Regulatory Compliance: data related regulations experience is essential. Data Strategy experience: including, defining data KPIs, and creating a roadmap for data initiatives. Change Management: you should be skilled in change management to ensure the successful adoption of data initiatives. Vendor Management: Managing relationships with data-related vendors. Cybersecurity Awareness: yoi should be well-informed about cybersecurity practices and take measures to protect data from breaches. In summary, you will be a Data Management professionalin with deep insurance understanding, especially in underwriting and re-insurance with a combination of technical, business, and leadership skills. You are a data professional not a database professional. Primary Duties Provide vision and strategy for all data management initiatives. Champion for global data management, governance, quality, and vendor relationships across the enterprise. Responsible for data management activities, the business data stewards, and data service providers. Work with executives, data owners, and data stewards to achieve data accuracy and process requirement goals for all internal and external customers. Establish data policies, standards, organization, and enforcement of the concepts as established by the organization. Responsible for reporting on progress of enterprise data management governance, including metrics. Leads the creation of program business definitions and data management goals and principles. Oversee the monitoring of data quality efforts within the organization and provides a central authority for the resolution on data management issues. Establish data vendor management strategy and provides oversight to support implementation and coordinates with the IT organization through the CIO. Oversee the education of the organization on data management concepts, the appropriate usage of data, enterprise master data management and data quality concepts, enterprise decision-support concepts, data vendor capabilities, definition and appropriateness of data management, rules on data access, and other data-related issues. Bear executive responsibility for enterprise information/data management budget and data-related systems initiatives. Oversees evaluation of all data movement projects and ensures the enforcement of the data strategy.
We are IT Recruitment Specialists partnered with a prestigious Global Consultancy who required a Cyber Defence Engineer - Hereford Location fully onsite, the balance of time will be remote for one of their public sector Clients based in the UK. IR35: This role is inside of IR35 Initial duration: 6 months Clearance required: Must be DV cleared Role and tasks Cyber Defence Engineer Role Description: Cyber Defence Engineer will join a growing security team responsible for the testing, implementation, deployment, maintenance, configuration and troubleshooting of the SOC's technology stack (hardware and software). The engineer will also assist with the continued development and maintenance of data pipelines and signature updates and the professional development of the system engineering team. Tasks: Perform system administration on specific cyber defence applications and systems to include installation, configuration, maintenance, troubleshooting, backup and restoration. Manage system/server resources including performance, capacity, availability, serviceability, and recoverability. Diagnose and resolve customer reported system incidents, problems, and events to ensure continuing operability. Coordinate with SOC and CTI Analysts to assist in the development of signatures which can be implemented on cyber defence network tools in response to new or observed threats within the network environment or enclave. Manage the compilation, cataloguing, distribution, and retrieval of data from a range of enterprise networks and data sources. Implement data management standards, requirements, and specifications. Develop data standards, policies, and procedures. Analyse data sources to provide actionable recommendations and facilitate data-gathering methods. To share knowledge, skills and experience, create and improve documentation, and train new members of the data engineering team. Knowledge: Knowledge of big data technologies and ecosystems (eg, NiFi). Knowledge of current market and emerging leaders in data analytical and SIEM platforms. Knowledge of network security implementations (eg, host-based IDS, IPS), including their function and placement in a network. Knowledge of intrusion detection systems and signature development. Knowledge of Front End collection systems, including network traffic collection, filtering, and selection. Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems. Knowledge of cyber defence and information security policies, procedures and regulations. Knowledge of network security architecture concepts including topology, protocols, components and principles. Skills /Experience: Previous experience of Enterprise ICS/network architectures and technologies. Working with frameworks and technologies that support data-intensive distributed applications. Experience maintaining and administrating data analytical and SIEM platforms. Experience using host and network-based IDS/IPS Experience using packet capture solutions. Skill in developing and deploying signatures. Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Ability to provide technical and service leadership to junior SOC Engineers (mentor/coach). Desirable Qualifications/Certifications Red Hat System Administration I & II (RH124/RH134). Baseline Cyber Courses eg Cyber Foundation Pathway, SANS SEC 301 Intro to Information Security, SANS 401 Security Essentials Bootcamp. Certified engineer in a market leading data analysis/SIEM platform. SANS SEC501 Advanced Security Essentials Enterprise Defender. SANS SEC 511 Continuous Monitoring & Security Operations. SANS SEC555: SIEM with Tactical Analytics If you are interested in this position and would like to learn more, please send through your CV and we will get in touch with you as soon as possible. Please note, candidates are often Shortlisted within 48 hours.
21/05/2024
Project-based
We are IT Recruitment Specialists partnered with a prestigious Global Consultancy who required a Cyber Defence Engineer - Hereford Location fully onsite, the balance of time will be remote for one of their public sector Clients based in the UK. IR35: This role is inside of IR35 Initial duration: 6 months Clearance required: Must be DV cleared Role and tasks Cyber Defence Engineer Role Description: Cyber Defence Engineer will join a growing security team responsible for the testing, implementation, deployment, maintenance, configuration and troubleshooting of the SOC's technology stack (hardware and software). The engineer will also assist with the continued development and maintenance of data pipelines and signature updates and the professional development of the system engineering team. Tasks: Perform system administration on specific cyber defence applications and systems to include installation, configuration, maintenance, troubleshooting, backup and restoration. Manage system/server resources including performance, capacity, availability, serviceability, and recoverability. Diagnose and resolve customer reported system incidents, problems, and events to ensure continuing operability. Coordinate with SOC and CTI Analysts to assist in the development of signatures which can be implemented on cyber defence network tools in response to new or observed threats within the network environment or enclave. Manage the compilation, cataloguing, distribution, and retrieval of data from a range of enterprise networks and data sources. Implement data management standards, requirements, and specifications. Develop data standards, policies, and procedures. Analyse data sources to provide actionable recommendations and facilitate data-gathering methods. To share knowledge, skills and experience, create and improve documentation, and train new members of the data engineering team. Knowledge: Knowledge of big data technologies and ecosystems (eg, NiFi). Knowledge of current market and emerging leaders in data analytical and SIEM platforms. Knowledge of network security implementations (eg, host-based IDS, IPS), including their function and placement in a network. Knowledge of intrusion detection systems and signature development. Knowledge of Front End collection systems, including network traffic collection, filtering, and selection. Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems. Knowledge of cyber defence and information security policies, procedures and regulations. Knowledge of network security architecture concepts including topology, protocols, components and principles. Skills /Experience: Previous experience of Enterprise ICS/network architectures and technologies. Working with frameworks and technologies that support data-intensive distributed applications. Experience maintaining and administrating data analytical and SIEM platforms. Experience using host and network-based IDS/IPS Experience using packet capture solutions. Skill in developing and deploying signatures. Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Ability to provide technical and service leadership to junior SOC Engineers (mentor/coach). Desirable Qualifications/Certifications Red Hat System Administration I & II (RH124/RH134). Baseline Cyber Courses eg Cyber Foundation Pathway, SANS SEC 301 Intro to Information Security, SANS 401 Security Essentials Bootcamp. Certified engineer in a market leading data analysis/SIEM platform. SANS SEC501 Advanced Security Essentials Enterprise Defender. SANS SEC 511 Continuous Monitoring & Security Operations. SANS SEC555: SIEM with Tactical Analytics If you are interested in this position and would like to learn more, please send through your CV and we will get in touch with you as soon as possible. Please note, candidates are often Shortlisted within 48 hours.
Senior Azure Architect Up to £110,000 + Car Allowance & Bonus Remote Working with Weekly Client Visits/Midlands 2 Stage Interview Process An award winning IT services organisation who are focused on utilising the latest advancements in Cloud, Cyber Security & Networking technology, are looking for an experienced Azure Architect to help manage the increasing project pipeline, due to natural growth. As a Senior Azure Architect, you will be collaborating with clients, developers, and engineers. Designing and delivering end to end cloud-based solutions across various industries, whilst having the opportunity to innovate process and technology best suited to each business. Experience and knowledge required: Full Azure Platform knowledge Experience across the project life cycle (presales to handover) Proven ability to design and deliver secure cloud solutions Provide technical leadership & mentoring for implementation teams, whilst defining standards & practices. Staying current with the latest innovations with the Microsoft cloud platform. A background in On-prem infrastructure would be beneficial Full Package includes: Performance Bonus, Extensive Private Healthcare cover, 26 days holiday & Company Laptop. If you are an Azure Architect; passionate towards Azure technology and wanting to join an innovative IT solutions company. Then this is role is for you, apply now below.
21/05/2024
Full time
Senior Azure Architect Up to £110,000 + Car Allowance & Bonus Remote Working with Weekly Client Visits/Midlands 2 Stage Interview Process An award winning IT services organisation who are focused on utilising the latest advancements in Cloud, Cyber Security & Networking technology, are looking for an experienced Azure Architect to help manage the increasing project pipeline, due to natural growth. As a Senior Azure Architect, you will be collaborating with clients, developers, and engineers. Designing and delivering end to end cloud-based solutions across various industries, whilst having the opportunity to innovate process and technology best suited to each business. Experience and knowledge required: Full Azure Platform knowledge Experience across the project life cycle (presales to handover) Proven ability to design and deliver secure cloud solutions Provide technical leadership & mentoring for implementation teams, whilst defining standards & practices. Staying current with the latest innovations with the Microsoft cloud platform. A background in On-prem infrastructure would be beneficial Full Package includes: Performance Bonus, Extensive Private Healthcare cover, 26 days holiday & Company Laptop. If you are an Azure Architect; passionate towards Azure technology and wanting to join an innovative IT solutions company. Then this is role is for you, apply now below.
Cyber Security Team Lead Location: Leeds City Centre Hybrid: 2 days office, 3 remote Salary: £70,000 - £80,000 Are you a seasoned Cyber Security professional seeking a leadership opportunity that will elevate your career to new heights? Join a leading global law firm as their Cyber Security Team Lead and take charge of safeguarding their digital infrastructure while nurturing a high-performing team. The role only requires you to be in the Leeds office 2 days per week with the rest working from home, giving you a great work/life balance! Responsibilities You will be responsible for the day to day running of the IT Security team, including managing rotas, dealing with escalations, performance reviews and setting tasks. In this exciting position, you will remain hands on technically, managing the security cloud migration process and developing, maintaining and managing the security of the firms' IT services. Skills required: A proven track record in leading/team leading a technical security team A demonstrated history of planning, development and implementation of Azure security-related technologies An excellent understanding of infrastructure and application technologies An excellent understanding of security technologies: SIEM, Firewalls, intrusion detection/prevention systems, anti-virus software, authentication systems, log management, content filtering, etc. An excellent understanding of security approaches: ISMS, risk analysis and assessments, the CIA triad, attack vectors including social engineering, cryptography, confidentiality issues and cyber security incident response best practices, including triage and chain of custody Security certifications are highly advantageous Click 'Apply' Now
21/05/2024
Full time
Cyber Security Team Lead Location: Leeds City Centre Hybrid: 2 days office, 3 remote Salary: £70,000 - £80,000 Are you a seasoned Cyber Security professional seeking a leadership opportunity that will elevate your career to new heights? Join a leading global law firm as their Cyber Security Team Lead and take charge of safeguarding their digital infrastructure while nurturing a high-performing team. The role only requires you to be in the Leeds office 2 days per week with the rest working from home, giving you a great work/life balance! Responsibilities You will be responsible for the day to day running of the IT Security team, including managing rotas, dealing with escalations, performance reviews and setting tasks. In this exciting position, you will remain hands on technically, managing the security cloud migration process and developing, maintaining and managing the security of the firms' IT services. Skills required: A proven track record in leading/team leading a technical security team A demonstrated history of planning, development and implementation of Azure security-related technologies An excellent understanding of infrastructure and application technologies An excellent understanding of security technologies: SIEM, Firewalls, intrusion detection/prevention systems, anti-virus software, authentication systems, log management, content filtering, etc. An excellent understanding of security approaches: ISMS, risk analysis and assessments, the CIA triad, attack vectors including social engineering, cryptography, confidentiality issues and cyber security incident response best practices, including triage and chain of custody Security certifications are highly advantageous Click 'Apply' Now
We are currently looking on behalf of one of our important clients for an IAM Product Owner. This role is permanent position based in Zürich Canton & comes with good home office allowance. Your Role: Work closely with customers, lead a development team & prioritize & manage a product backlog. Create & communicate the long-term strategy & further development of the product. Collect, analyze & prioritize the requirements of customers & stakeholders & combine them into a comprehensive product backlog. Monitor product quality & commission troubleshooting measures. Evaluate existing & new technologies & tools regarding the selection of an IAM service offering. Plan & coordinate product releases & ensure the smooth introduction of new features. Your Skills: At least 3 years of professional experience as a Product Owner or Team Leader in IAM environments. Strong experience in Agile Development Methods including Scrum. A very good knowledge of IAM Concepts, Architectures & Technologies. A good understanding in the field of Identity Management (SSO, identity encouragement, role-based access control, etc.). Your Profile: Completed University Degree in the area of Computer Science or similar, ideally with focus on Cyber Security/IAM. High self-motivated, analytical, methodical, structured & quality, solution & goal-oriented. Fluent in English & very good German language skills (to at least B2 Level) are mandatory requirements.
20/05/2024
Full time
We are currently looking on behalf of one of our important clients for an IAM Product Owner. This role is permanent position based in Zürich Canton & comes with good home office allowance. Your Role: Work closely with customers, lead a development team & prioritize & manage a product backlog. Create & communicate the long-term strategy & further development of the product. Collect, analyze & prioritize the requirements of customers & stakeholders & combine them into a comprehensive product backlog. Monitor product quality & commission troubleshooting measures. Evaluate existing & new technologies & tools regarding the selection of an IAM service offering. Plan & coordinate product releases & ensure the smooth introduction of new features. Your Skills: At least 3 years of professional experience as a Product Owner or Team Leader in IAM environments. Strong experience in Agile Development Methods including Scrum. A very good knowledge of IAM Concepts, Architectures & Technologies. A good understanding in the field of Identity Management (SSO, identity encouragement, role-based access control, etc.). Your Profile: Completed University Degree in the area of Computer Science or similar, ideally with focus on Cyber Security/IAM. High self-motivated, analytical, methodical, structured & quality, solution & goal-oriented. Fluent in English & very good German language skills (to at least B2 Level) are mandatory requirements.
Compliance Manager - EdTech Schools shape young minds and build foundations for the future. Yet the education sector faces immense pressures. Overworked teachers, endless administrative tasks, and the constant need to do more with less. As Compliance Manager for this EdTech company, you'll play a crucial part in alleviating these pressures for schools. You'll help develop tools that free teachers and school staff to focus on what truly matters - fostering a learning environment that achieves great outcomes for all students. About the Job: Working alongside ex-teachers and EdTech engineers, you'll be part of a team that truly cares about improving education standards for everyone. As the first person to step into this role, you'll have total ownership and the full backing of senior leadership. You'll be given full autonomy to build the compliance framework from scratch. This includes creating and implementing policies/procedures, leading audits (ISO27001, ISO9001, PCI-DSS, Cyber Essentials Plus), and developing company-wide standards. Collaborating across product and engineering teams - you'll ensure the platform and product security is robust, and staff are suitably trained. You'll also handle due diligence for seamless integration as the company moves into an exciting new phase. About You: You're an experienced compliance professional with deep expertise in relevant frameworks. With excellent leadership, analytical, decision-making, and communication abilities, you thrive in fast-paced environments and can prioritise effectively. In particular, you'll need: Proven track record in compliance or infosec management roles In-depth mastery of ISO27001, ISO9001, PCI-DSS, Cyber Essentials Plus Prior experience with compliance tooling like SecureFrame is a plus In return, you'll get: 32 days of annual holiday (25 days leave + 7 company-wide days off) Enhanced parental leave - 20 weeks full pay for maternity/adoption, 6 weeks paternity A dedicated wellbeing team championing mindfulness, training, mental health, and more Flexible working arrangements tailored to you Social events, celebrations, community-building, and dog-friendly offices Professional development budget for training courses, memberships, financial coaching, and more Paid time to volunteer with charities of your choice Above all, your work will positively impact students and educators across the nation - paving the way to a better future for all. If you're ready to transform education for good, apply now. Everyone will get a response.
20/05/2024
Full time
Compliance Manager - EdTech Schools shape young minds and build foundations for the future. Yet the education sector faces immense pressures. Overworked teachers, endless administrative tasks, and the constant need to do more with less. As Compliance Manager for this EdTech company, you'll play a crucial part in alleviating these pressures for schools. You'll help develop tools that free teachers and school staff to focus on what truly matters - fostering a learning environment that achieves great outcomes for all students. About the Job: Working alongside ex-teachers and EdTech engineers, you'll be part of a team that truly cares about improving education standards for everyone. As the first person to step into this role, you'll have total ownership and the full backing of senior leadership. You'll be given full autonomy to build the compliance framework from scratch. This includes creating and implementing policies/procedures, leading audits (ISO27001, ISO9001, PCI-DSS, Cyber Essentials Plus), and developing company-wide standards. Collaborating across product and engineering teams - you'll ensure the platform and product security is robust, and staff are suitably trained. You'll also handle due diligence for seamless integration as the company moves into an exciting new phase. About You: You're an experienced compliance professional with deep expertise in relevant frameworks. With excellent leadership, analytical, decision-making, and communication abilities, you thrive in fast-paced environments and can prioritise effectively. In particular, you'll need: Proven track record in compliance or infosec management roles In-depth mastery of ISO27001, ISO9001, PCI-DSS, Cyber Essentials Plus Prior experience with compliance tooling like SecureFrame is a plus In return, you'll get: 32 days of annual holiday (25 days leave + 7 company-wide days off) Enhanced parental leave - 20 weeks full pay for maternity/adoption, 6 weeks paternity A dedicated wellbeing team championing mindfulness, training, mental health, and more Flexible working arrangements tailored to you Social events, celebrations, community-building, and dog-friendly offices Professional development budget for training courses, memberships, financial coaching, and more Paid time to volunteer with charities of your choice Above all, your work will positively impact students and educators across the nation - paving the way to a better future for all. If you're ready to transform education for good, apply now. Everyone will get a response.
Role Title: SIEM/Incident SME Duration: 6 months Location: Hybrid/Corsham, Portsmouth or Northallerton - 2/3 days per week at ONE site Rate: £700/d - Umbrella only PLEASE NOTE: Applicants must hold active DV Clearance to be considered for this role Would you like to join a global leader in consulting, technology services and digital transformation? Our client is at the forefront of innovation to address the entire breadth of opportunities in the evolving world of cloud, digital and platforms. Role purpose/summary The Cyber role is to join a growing security team responsible for designing, delivering and maintaining operational cybersecurity capabilities. Conducting pro-active, risk-based, protective monitoring on priority C4IS/networks to identify internal and external cyber-threats/attacks. This position involves a broad range of skills, including the development and mentoring of Junior Analysts, monitoring networks to actively remediate unauthorised activities. Your role Develop and integrate security event monitoring and incident management services. Respond to security incidents as they occur as part of an incident response team. Implement metrics and dashboards to give visibility of the Enterprise infrastructure. Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools. Produce documentation to ensure the repeatability and standardisation of security operating procedures. Develop additional investigative methods using the SOC's software toolsets to enhance recognition opportunities for specific analysis. Maintain a baseline of system security according to latest threat intelligence and evolving trends. Participate in root cause analysis of incidents in conjunction with engineers across the enterprise. Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices. Offer strategic and tactical security guidance including valuation requirement of technical controls. Be part of the CRM process Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident. Document, validate and create operational processes and procedures to help develop the SOC. Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources. Build, install, configure, and test dedicated cyber defence hardware. Support Junior Analysts to manage SOC systems. Previous experience of Enterprise ICS/network architectures and technologies Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning. Experience as a mentor/coach to Junior Analysts Key Skills/requirements Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks Skilled in maintaining Microsoft directory services. Skilled in using virtualisation software. Knowledge of key security frameworks (eg ISO, NIST 800-53, 800-171, 800-172, C2M2) Excellent communication skills Experience of writing Defence/Government documentation Desirable Qualifications : Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent) SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent) Advanced Analyst Course (SANS SEC503 or equivalent) All profiles will be reviewed against the required skills and experience. Due to the high number of applications, we will only be able to respond to successful applicants in the first instance. We thank you for your interest and the time taken to apply!
20/05/2024
Project-based
Role Title: SIEM/Incident SME Duration: 6 months Location: Hybrid/Corsham, Portsmouth or Northallerton - 2/3 days per week at ONE site Rate: £700/d - Umbrella only PLEASE NOTE: Applicants must hold active DV Clearance to be considered for this role Would you like to join a global leader in consulting, technology services and digital transformation? Our client is at the forefront of innovation to address the entire breadth of opportunities in the evolving world of cloud, digital and platforms. Role purpose/summary The Cyber role is to join a growing security team responsible for designing, delivering and maintaining operational cybersecurity capabilities. Conducting pro-active, risk-based, protective monitoring on priority C4IS/networks to identify internal and external cyber-threats/attacks. This position involves a broad range of skills, including the development and mentoring of Junior Analysts, monitoring networks to actively remediate unauthorised activities. Your role Develop and integrate security event monitoring and incident management services. Respond to security incidents as they occur as part of an incident response team. Implement metrics and dashboards to give visibility of the Enterprise infrastructure. Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools. Produce documentation to ensure the repeatability and standardisation of security operating procedures. Develop additional investigative methods using the SOC's software toolsets to enhance recognition opportunities for specific analysis. Maintain a baseline of system security according to latest threat intelligence and evolving trends. Participate in root cause analysis of incidents in conjunction with engineers across the enterprise. Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices. Offer strategic and tactical security guidance including valuation requirement of technical controls. Be part of the CRM process Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident. Document, validate and create operational processes and procedures to help develop the SOC. Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources. Build, install, configure, and test dedicated cyber defence hardware. Support Junior Analysts to manage SOC systems. Previous experience of Enterprise ICS/network architectures and technologies Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning. Experience as a mentor/coach to Junior Analysts Key Skills/requirements Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks Skilled in maintaining Microsoft directory services. Skilled in using virtualisation software. Knowledge of key security frameworks (eg ISO, NIST 800-53, 800-171, 800-172, C2M2) Excellent communication skills Experience of writing Defence/Government documentation Desirable Qualifications : Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent) SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent) Advanced Analyst Course (SANS SEC503 or equivalent) All profiles will be reviewed against the required skills and experience. Due to the high number of applications, we will only be able to respond to successful applicants in the first instance. We thank you for your interest and the time taken to apply!
Source Group are working with a Leading Bank in Switzerland who are looking to hire a Security Specialist - Cyber Automation and Engineering. The perfect candidate will be able to script in both Python and Powershell and understands modern development practices such as version control and CI/CD pipelines, and has a background in Cyber security. They will have a passion for clean code and be passionate about improving customer's "day to day" through automation and customer driven requirements. The successful candidate for this role must be based in Switzerland or be able to relocate full time. We are looking for a Security Specialist - Cyber Automation and Engineering who will assist the team with the following tasks: Tasks: Improving the alert and case management workflows, improving enrichment, "responders" and other automation. Assisting as required with advanced detections and filtering. Providing platform support when required (patching applications, etc). Other duties as required, as the team works with changing priorities and in response to internal customer demands. Responsibilities: Implement python code to enrich alerts prior to being ingested into the Bank's alert management system/queue. Implement python code to create "responders" in the Bank's alert/case management system to perform repetitive tasks. Integrate the alert/case management system with additional corporate and security systems. Implement queries (SQL or similar) to extract relevant data for reporting and alerting. Perform application patching of the Bank's cyber applications (alert/case management, vulnerability management platforms, etc). Assist with Scripting to enable custom reporting and querying of systems like Active Directory, the Bank's SIEM, etc. Must Haves: Excellent python skills and ideally experience with Powershell as well; experience with integration work, processing structured data such as Jason or CSV. Experience as a Developer ideally in Cybersecurity, IT automation or experience as business application developer could also be considered. Experience working with version control systems (eg git) and pipelines (eg Azure DevOps and Github). Understanding of and experience working with modern development practices such as version control and CI/CD pipelines Ability to digest and understand user requirements and implement them "properly" in an existing tech stack.
20/05/2024
Project-based
Source Group are working with a Leading Bank in Switzerland who are looking to hire a Security Specialist - Cyber Automation and Engineering. The perfect candidate will be able to script in both Python and Powershell and understands modern development practices such as version control and CI/CD pipelines, and has a background in Cyber security. They will have a passion for clean code and be passionate about improving customer's "day to day" through automation and customer driven requirements. The successful candidate for this role must be based in Switzerland or be able to relocate full time. We are looking for a Security Specialist - Cyber Automation and Engineering who will assist the team with the following tasks: Tasks: Improving the alert and case management workflows, improving enrichment, "responders" and other automation. Assisting as required with advanced detections and filtering. Providing platform support when required (patching applications, etc). Other duties as required, as the team works with changing priorities and in response to internal customer demands. Responsibilities: Implement python code to enrich alerts prior to being ingested into the Bank's alert management system/queue. Implement python code to create "responders" in the Bank's alert/case management system to perform repetitive tasks. Integrate the alert/case management system with additional corporate and security systems. Implement queries (SQL or similar) to extract relevant data for reporting and alerting. Perform application patching of the Bank's cyber applications (alert/case management, vulnerability management platforms, etc). Assist with Scripting to enable custom reporting and querying of systems like Active Directory, the Bank's SIEM, etc. Must Haves: Excellent python skills and ideally experience with Powershell as well; experience with integration work, processing structured data such as Jason or CSV. Experience as a Developer ideally in Cybersecurity, IT automation or experience as business application developer could also be considered. Experience working with version control systems (eg git) and pipelines (eg Azure DevOps and Github). Understanding of and experience working with modern development practices such as version control and CI/CD pipelines Ability to digest and understand user requirements and implement them "properly" in an existing tech stack.
DevSecOps Senior & Team Lead (Public Transport) 50% remote, 50% on-site in Brussels Do you want to lead a high-performing DevSecOps team and make a real impact in the public transport sector? We are looking for a talented and experienced DevSecOps Senior & Team Lead to join my client's team. In this role, you will be responsible for leading a team of technical professionals and driving innovation in our DevSecOps practices. About the role Lead and motivate a team of 6-10 engineers (junior, mid-level, and senior) Foster a collaborative and positive work environment Ensure efficient and timely delivery of projects Manage budgets and resources effectively Possess excellent communication and interpersonal skills Be able to work effectively under pressure and prioritize tasks Work with a customer-centric approach and maintain confidentiality Technical Skills and Experience Master's degree in engineering or computer science (or equivalent experience) Proven experience leading a technical team Experience with Agile methodologies Strong understanding of Linux operating systems (Red Hat) and Scripting (Bash, Python) Fluency in Dutch, French, and English Solid experience with cybersecurity for OT infrastructure Experience working in a production environment Basic knowledge of Javascript and Java Basic understanding of network administration (Routers, Switches, VPNs, Firewalls) A plus: Certifications: CISSP, CISM, ISO 27001 Experience with DevSecOps tools: Puppet (open source), Ansible Monitoring tools: Zabbix, Nagios Logging and analytics: Elastic Stack (including Kibana) Database technologies: MySQL, PostgreSQL Atlassian suite (Jira, Confluence, Git) VMWare (vCenter) Git version control Configuration Management Databases (CMDBs) like GLPI For immediate consideration, please forward your latest CV.
20/05/2024
Project-based
DevSecOps Senior & Team Lead (Public Transport) 50% remote, 50% on-site in Brussels Do you want to lead a high-performing DevSecOps team and make a real impact in the public transport sector? We are looking for a talented and experienced DevSecOps Senior & Team Lead to join my client's team. In this role, you will be responsible for leading a team of technical professionals and driving innovation in our DevSecOps practices. About the role Lead and motivate a team of 6-10 engineers (junior, mid-level, and senior) Foster a collaborative and positive work environment Ensure efficient and timely delivery of projects Manage budgets and resources effectively Possess excellent communication and interpersonal skills Be able to work effectively under pressure and prioritize tasks Work with a customer-centric approach and maintain confidentiality Technical Skills and Experience Master's degree in engineering or computer science (or equivalent experience) Proven experience leading a technical team Experience with Agile methodologies Strong understanding of Linux operating systems (Red Hat) and Scripting (Bash, Python) Fluency in Dutch, French, and English Solid experience with cybersecurity for OT infrastructure Experience working in a production environment Basic knowledge of Javascript and Java Basic understanding of network administration (Routers, Switches, VPNs, Firewalls) A plus: Certifications: CISSP, CISM, ISO 27001 Experience with DevSecOps tools: Puppet (open source), Ansible Monitoring tools: Zabbix, Nagios Logging and analytics: Elastic Stack (including Kibana) Database technologies: MySQL, PostgreSQL Atlassian suite (Jira, Confluence, Git) VMWare (vCenter) Git version control Configuration Management Databases (CMDBs) like GLPI For immediate consideration, please forward your latest CV.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
17/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
17/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
Manager, Internal Audit - IT/Security Salary: open + bonus Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 5+ years of experience in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software. Security tools such as: CyberArk, Splunk, SailPoint Change management tools such as: ServiceNow, Jira, Confluence, GitHub Preferred Databases such as: Oracle, DB2, SQL Cloud-based solutions: AWS, Azure, Oracle Cloud, Workday Relevant Certifications Responsibilities Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience.
17/05/2024
Full time
Manager, Internal Audit - IT/Security Salary: open + bonus Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 5+ years of experience in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software. Security tools such as: CyberArk, Splunk, SailPoint Change management tools such as: ServiceNow, Jira, Confluence, GitHub Preferred Databases such as: Oracle, DB2, SQL Cloud-based solutions: AWS, Azure, Oracle Cloud, Workday Relevant Certifications Responsibilities Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience.
Manager, Internal Audit - IT/Security Salary: open + bonus Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 5+ years of experience in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software. Security tools such as: CyberArk, Splunk, SailPoint Change management tools such as: ServiceNow, Jira, Confluence, GitHub Preferred Databases such as: Oracle, DB2, SQL Cloud-based solutions: AWS, Azure, Oracle Cloud, Workday Relevant Certifications Responsibilities Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience.
17/05/2024
Full time
Manager, Internal Audit - IT/Security Salary: open + bonus Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 5+ years of experience in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software. Security tools such as: CyberArk, Splunk, SailPoint Change management tools such as: ServiceNow, Jira, Confluence, GitHub Preferred Databases such as: Oracle, DB2, SQL Cloud-based solutions: AWS, Azure, Oracle Cloud, Workday Relevant Certifications Responsibilities Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience.
Corsham location - Full time on-site Must hold active DV clearance £80-103k DoE plus clearance bonus High priority role for client - 2 stage interview process Essential experience required in cybersecurity frameworks, SOC operations, stakeholder engagement What Will You Be Doing? As a Lead Consultant, you will act as a primary point of contact for our end client and coordinate delivery for multiple teams. You will address client priorities and provide subject matter expertise to advanced SOC services. You will also engage with a range of stakeholders and lead documentation processes. We Need You To Have? Active UKSV DV security clearance Willingness to be on-site in Corsham 5 days per week Experience required: SOC transformations and operations Developing security operation processes and procedures Vulnerability Management - using Tripwire and Tanium Incident Management - using DCC and Elastic Stack Endpoint security - using vSphere, SolarWinds, Trend Intelligence Driven Defence, Cyber Kill Chain, Unified Enterprise Defence NIST Cyber Security Framework and C2M2 Awareness of the current market - SIEM platforms, data analytics, Network Security implementations To Be Considered Please either apply by clicking online or emailing me directly at (see below) For further information please call me. If unavailable, please leave a message and either myself or one of my colleagues will respond. By applying for this role, you give express consent for us to process & submit (subject to required skills) your application to our client in conjunction with this vacancy only. I look forward to hearing from you. CYBER SECURITY CONSULTANT/CYBER CONSULTANT/SECURITY CONSULTANT/CYBER SECURITY/LEAD/LEAD CONSULTANT/LEAD CYBER CONSULTANT/LEAD CYBER SECURITY CONSULTANT/SOC/SOC OPERATIONS/VULNERABILITY MANAGEMENT/INCIDENT MANAGEMENT/NIST/ENDPOINT SECURITY/CORSHAM/BRISTOL/SOUTHWEST/DV/DV CLEARED/DV CLEARANCE/SECURITY CLEARANCE
17/05/2024
Full time
Corsham location - Full time on-site Must hold active DV clearance £80-103k DoE plus clearance bonus High priority role for client - 2 stage interview process Essential experience required in cybersecurity frameworks, SOC operations, stakeholder engagement What Will You Be Doing? As a Lead Consultant, you will act as a primary point of contact for our end client and coordinate delivery for multiple teams. You will address client priorities and provide subject matter expertise to advanced SOC services. You will also engage with a range of stakeholders and lead documentation processes. We Need You To Have? Active UKSV DV security clearance Willingness to be on-site in Corsham 5 days per week Experience required: SOC transformations and operations Developing security operation processes and procedures Vulnerability Management - using Tripwire and Tanium Incident Management - using DCC and Elastic Stack Endpoint security - using vSphere, SolarWinds, Trend Intelligence Driven Defence, Cyber Kill Chain, Unified Enterprise Defence NIST Cyber Security Framework and C2M2 Awareness of the current market - SIEM platforms, data analytics, Network Security implementations To Be Considered Please either apply by clicking online or emailing me directly at (see below) For further information please call me. If unavailable, please leave a message and either myself or one of my colleagues will respond. By applying for this role, you give express consent for us to process & submit (subject to required skills) your application to our client in conjunction with this vacancy only. I look forward to hearing from you. CYBER SECURITY CONSULTANT/CYBER CONSULTANT/SECURITY CONSULTANT/CYBER SECURITY/LEAD/LEAD CONSULTANT/LEAD CYBER CONSULTANT/LEAD CYBER SECURITY CONSULTANT/SOC/SOC OPERATIONS/VULNERABILITY MANAGEMENT/INCIDENT MANAGEMENT/NIST/ENDPOINT SECURITY/CORSHAM/BRISTOL/SOUTHWEST/DV/DV CLEARED/DV CLEARANCE/SECURITY CLEARANCE
IT Service Team Leader An exciting new opportunity has become available for an IT Support Supervisor/Senior IT Support Analyst to come on board working for a leading law firm in Crawley on permanent basis. IT Service Team Leader -Working closely with the outsourced IT Support desk to provide first and second line user IT support -Supervision of the IT Support team, allocating resources and coordinating across the team to ensure that the highest level of service is provided -Stay in regular contact with users across the firm -Responsible for the day to day supervision of the outsourced IT Support desk and the internal IT Support team, focusing on service delivery and excellence -Where appropriate, and with guidance from the IT Service Manager, address minor performance issues within the internal IT Support team in the first instance, and escalate further to the IT Service Manager if required -Run a daily stand-up with the IT Support team to align internal resourcing with business priorities -Attend a daily stand-up with the outsourced IT Support desk -Provide guidance and advice to the internal IT Support team where required -Regularly review tickets and performance dashboards to ensure support levels are maintained to satisfactory levels -Ensure calls to the internal IT Support team are answered promptly -Coordinate the deployment of end user equipment such as laptops, including any Intune configuration required -A strong knowledge of Windows 10/11 and Microsoft Office - in particular Word and Outlook -Exchange Online -Active Directory -A knowledge of ITIL and Cyber Security would be beneficial IT Service Team Leader In accordance with the Employment Agencies and Employment Businesses Regulations 2003, this position is advertised based upon DGH Recruitment Limited having first sought approval of its client to find candidates for this position. DGH Recruitment Limited acts as both an Employment Agency and Employment Business
17/05/2024
Full time
IT Service Team Leader An exciting new opportunity has become available for an IT Support Supervisor/Senior IT Support Analyst to come on board working for a leading law firm in Crawley on permanent basis. IT Service Team Leader -Working closely with the outsourced IT Support desk to provide first and second line user IT support -Supervision of the IT Support team, allocating resources and coordinating across the team to ensure that the highest level of service is provided -Stay in regular contact with users across the firm -Responsible for the day to day supervision of the outsourced IT Support desk and the internal IT Support team, focusing on service delivery and excellence -Where appropriate, and with guidance from the IT Service Manager, address minor performance issues within the internal IT Support team in the first instance, and escalate further to the IT Service Manager if required -Run a daily stand-up with the IT Support team to align internal resourcing with business priorities -Attend a daily stand-up with the outsourced IT Support desk -Provide guidance and advice to the internal IT Support team where required -Regularly review tickets and performance dashboards to ensure support levels are maintained to satisfactory levels -Ensure calls to the internal IT Support team are answered promptly -Coordinate the deployment of end user equipment such as laptops, including any Intune configuration required -A strong knowledge of Windows 10/11 and Microsoft Office - in particular Word and Outlook -Exchange Online -Active Directory -A knowledge of ITIL and Cyber Security would be beneficial IT Service Team Leader In accordance with the Employment Agencies and Employment Businesses Regulations 2003, this position is advertised based upon DGH Recruitment Limited having first sought approval of its client to find candidates for this position. DGH Recruitment Limited acts as both an Employment Agency and Employment Business
Technology Resilience Lead - Disaster Recovery - London Salary £60-70k - 2 Day per week office based Bonus Scheme Technology Resilience Lead required for a leading client based in London. My client is currently seeking a suitable candidate to Support the capacity and capability of our clients' collective, including their operational entities and subsidiaries, to prepare for, respond to, and rebound from disruptions to our global technology infrastructure and operational environments. We seek a highly skilled IT professional with expertise in one or more of the following areas: infrastructure, cybersecurity, engineering, testing, and project management. Your dedication lies in ensuring our clients maintain a robust and resilient technological ecosystem, mitigating risks, and enhancing operational readiness. Your commitment extends to ensuring the continuity of critical business functions and technology systems despite disruptions or challenges. Your role entails defining the standards of technology resilience and overseeing the Group-wide Disaster Recovery program. This program emphasizes testing the resilience, continuity, and recoverability of our critical applications and systems. Key skills: -Display unwavering dedication to our clients' core values by adhering to our standards of business conduct, ensuring compliance with Group policies and procedures, and setting a precedent through personal example. -Your duties will encompass delineating the criteria for robust technology resilience and overseeing the Group-wide Disaster Recovery program, concentrating on assessing the resilience, continuity, and recoverability of vital applications and systems. -You'll collaborate with Technology Service Owners and broader Group IT and Operating Business teams to facilitate data restoration exercises and execute backups. This involves maintaining and testing existing backups to uphold data integrity and availability. -Conducting operational assessments of defined Disaster Recovery plans will be part of your responsibilities. This entails utilizing various methods such as checklists, walk-throughs, tabletop exercises, simulations (parallel or full interrupt), and comprehensive exercises, coordinated with related plans like IT DR plans and crisis management plans. -Furthermore, you'll integrate cybersecurity scenarios, analyse test outcomes, implement lessons learned, and incorporate necessary improvements or corrective actions into IT DR and Cyber Resilience plans. -By conducting post-incident reviews and analysing pre-planned testing outcomes, you'll continuously monitor and assess key performance indicators (KPIs) like recovery time objectives (RTOs) and recovery point objectives (RPOs). This process aims to continually enhance the efficiency and effectiveness of the disaster recovery program. -Foster a work environment that emphasizes the significance of employees acting with integrity and ethics, aligning with the Group Code of Conduct. -Serve as a subject matter expert, forging trusted partnerships with the business and staying abreast of the latest advancements and innovations in the field. -Assume responsibility for overseeing the implementation of the clients' disaster recovery plan in the event of a crisis, facilitating swift responses to potential disruptions such as cyberattacks or infrastructure damage. -Possessing one of the following certifications is advantageous: CompTIA Network +, CompTIA Security +, CISM, CISSP, or COBIT 5. -Demonstrate a fundamental understanding of frameworks such as NIST CSF, ISO 27001/27002, and COBIT. -Experience in Operational Technology Security, with the ability to identify and address IT and operational vulnerabilities, is preferred. Interested? Please submit your updated CV to Dean Parkes at Crimson for immediate consideration. Not interested? Do you know someone who might be a perfect fit for this role? Refer a friend and earn £250 worth of vouchers! Crimson is acting as an employment agency regarding this vacancy
16/05/2024
Full time
Technology Resilience Lead - Disaster Recovery - London Salary £60-70k - 2 Day per week office based Bonus Scheme Technology Resilience Lead required for a leading client based in London. My client is currently seeking a suitable candidate to Support the capacity and capability of our clients' collective, including their operational entities and subsidiaries, to prepare for, respond to, and rebound from disruptions to our global technology infrastructure and operational environments. We seek a highly skilled IT professional with expertise in one or more of the following areas: infrastructure, cybersecurity, engineering, testing, and project management. Your dedication lies in ensuring our clients maintain a robust and resilient technological ecosystem, mitigating risks, and enhancing operational readiness. Your commitment extends to ensuring the continuity of critical business functions and technology systems despite disruptions or challenges. Your role entails defining the standards of technology resilience and overseeing the Group-wide Disaster Recovery program. This program emphasizes testing the resilience, continuity, and recoverability of our critical applications and systems. Key skills: -Display unwavering dedication to our clients' core values by adhering to our standards of business conduct, ensuring compliance with Group policies and procedures, and setting a precedent through personal example. -Your duties will encompass delineating the criteria for robust technology resilience and overseeing the Group-wide Disaster Recovery program, concentrating on assessing the resilience, continuity, and recoverability of vital applications and systems. -You'll collaborate with Technology Service Owners and broader Group IT and Operating Business teams to facilitate data restoration exercises and execute backups. This involves maintaining and testing existing backups to uphold data integrity and availability. -Conducting operational assessments of defined Disaster Recovery plans will be part of your responsibilities. This entails utilizing various methods such as checklists, walk-throughs, tabletop exercises, simulations (parallel or full interrupt), and comprehensive exercises, coordinated with related plans like IT DR plans and crisis management plans. -Furthermore, you'll integrate cybersecurity scenarios, analyse test outcomes, implement lessons learned, and incorporate necessary improvements or corrective actions into IT DR and Cyber Resilience plans. -By conducting post-incident reviews and analysing pre-planned testing outcomes, you'll continuously monitor and assess key performance indicators (KPIs) like recovery time objectives (RTOs) and recovery point objectives (RPOs). This process aims to continually enhance the efficiency and effectiveness of the disaster recovery program. -Foster a work environment that emphasizes the significance of employees acting with integrity and ethics, aligning with the Group Code of Conduct. -Serve as a subject matter expert, forging trusted partnerships with the business and staying abreast of the latest advancements and innovations in the field. -Assume responsibility for overseeing the implementation of the clients' disaster recovery plan in the event of a crisis, facilitating swift responses to potential disruptions such as cyberattacks or infrastructure damage. -Possessing one of the following certifications is advantageous: CompTIA Network +, CompTIA Security +, CISM, CISSP, or COBIT 5. -Demonstrate a fundamental understanding of frameworks such as NIST CSF, ISO 27001/27002, and COBIT. -Experience in Operational Technology Security, with the ability to identify and address IT and operational vulnerabilities, is preferred. Interested? Please submit your updated CV to Dean Parkes at Crimson for immediate consideration. Not interested? Do you know someone who might be a perfect fit for this role? Refer a friend and earn £250 worth of vouchers! Crimson is acting as an employment agency regarding this vacancy
Senior Cloud Network Engineer Permanent, 3 days in office in London Overview: The Company is a leading financial services firm. The technology is being transformed to a Cloud-First, Cloud-Native architectural model, utilizing DevSecOps processes and adoption of systems-thinking concepts to enhance productivity. The Cloud Network Engineer are responsible for delivering modern end user solutions that are fully automated through code, ensuring scalability and optimize availability and reliability 24/7. Responsibilities: Engineer and secure core Azure platform services across global footprint. Go deep on Cloud Network Engineer, adopting Zero Trust Architecture principles. Engineer and maintain Cloud Secure Web Gateways, Next-Gen CASB solutions Advance branch/SD-WAN solution to optimise network performance and connectivity. Colloborate with other areas of engineering and Service operations to ensure the successful integration of SSE/SASE Automate every operational aspect of infrastructure and systems life cycle Respond to incidents. Run Infrastructure with Python/PowerShell, Ansible, Terraform, Azure DevOps, CI/CD, Kubernetes. Design, build and maintain core infrastructure. Debub production issues Requirements: Strong experience in Windows Servers, Virtulisation, Containerisation tech on Azure Proficiency in Object Oriented programming and developing automated solutions through code. Experience in configuration management systems like Ansible Passion for network security and desire to protect organisations from cyber threats. Keen on Open Source development. Collaborative and able to communicate effectively and asynchronously.
16/05/2024
Full time
Senior Cloud Network Engineer Permanent, 3 days in office in London Overview: The Company is a leading financial services firm. The technology is being transformed to a Cloud-First, Cloud-Native architectural model, utilizing DevSecOps processes and adoption of systems-thinking concepts to enhance productivity. The Cloud Network Engineer are responsible for delivering modern end user solutions that are fully automated through code, ensuring scalability and optimize availability and reliability 24/7. Responsibilities: Engineer and secure core Azure platform services across global footprint. Go deep on Cloud Network Engineer, adopting Zero Trust Architecture principles. Engineer and maintain Cloud Secure Web Gateways, Next-Gen CASB solutions Advance branch/SD-WAN solution to optimise network performance and connectivity. Colloborate with other areas of engineering and Service operations to ensure the successful integration of SSE/SASE Automate every operational aspect of infrastructure and systems life cycle Respond to incidents. Run Infrastructure with Python/PowerShell, Ansible, Terraform, Azure DevOps, CI/CD, Kubernetes. Design, build and maintain core infrastructure. Debub production issues Requirements: Strong experience in Windows Servers, Virtulisation, Containerisation tech on Azure Proficiency in Object Oriented programming and developing automated solutions through code. Experience in configuration management systems like Ansible Passion for network security and desire to protect organisations from cyber threats. Keen on Open Source development. Collaborative and able to communicate effectively and asynchronously.
IT Security Officer NCSC, ISO27001, CIPT, CISSP, CISM, CISA Up to 50k depending on skills and experience. Hybrid will need to be onsite when required. You need to live within commutable distance of Salisbury and due to the clients location, own transport is essential You must be eligible for SC clearance (lived and worked in UK for the last 5 years minimum) What does the company do: Our client provides infrastructure and support services to the armed forces. What You'll Be Doing: With a strong emphasis on Information Security and compliance, this role is fundamental in ensuring our client complies with its ongoing information security obligations, including but not limited to: MOD Accreditation, ISO27001 and Cyber Essentials Plus. This is a new opportunity which will give you scope to make the role your own and advance your career in the longer term. What You'll Need To Know: Minimum of 3 years of hands-on experience of delivering information security best practice Experience of owning and delivering information security initiatives, including awareness programmes, phishing simulations and training. Experience/understanding of National Cyber Security Centre (NCSC) best practices and guidance Experience of leading and conducting audits (especially ISO27001) is essential in this role. Familiar with principles of good data governance, cyber security and data protection. Ability to work across multiple technical projects simultaneously as required, delivering to deadlines Nice To Have: Experience of working in a MoD restricted environment and familiarity with MoD security standards A recognised information security certification (such as CIPT, CISSP, CISM, CISA, Lead Auditor for ISO27001 What You'll Get to mention a few: 25 days holiday plus bank holidays Holiday purchase to up to 35 days leave in one year 1-2 volunteering days Pension scheme Life assurance x 4 - SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
16/05/2024
Full time
IT Security Officer NCSC, ISO27001, CIPT, CISSP, CISM, CISA Up to 50k depending on skills and experience. Hybrid will need to be onsite when required. You need to live within commutable distance of Salisbury and due to the clients location, own transport is essential You must be eligible for SC clearance (lived and worked in UK for the last 5 years minimum) What does the company do: Our client provides infrastructure and support services to the armed forces. What You'll Be Doing: With a strong emphasis on Information Security and compliance, this role is fundamental in ensuring our client complies with its ongoing information security obligations, including but not limited to: MOD Accreditation, ISO27001 and Cyber Essentials Plus. This is a new opportunity which will give you scope to make the role your own and advance your career in the longer term. What You'll Need To Know: Minimum of 3 years of hands-on experience of delivering information security best practice Experience of owning and delivering information security initiatives, including awareness programmes, phishing simulations and training. Experience/understanding of National Cyber Security Centre (NCSC) best practices and guidance Experience of leading and conducting audits (especially ISO27001) is essential in this role. Familiar with principles of good data governance, cyber security and data protection. Ability to work across multiple technical projects simultaneously as required, delivering to deadlines Nice To Have: Experience of working in a MoD restricted environment and familiarity with MoD security standards A recognised information security certification (such as CIPT, CISSP, CISM, CISA, Lead Auditor for ISO27001 What You'll Get to mention a few: 25 days holiday plus bank holidays Holiday purchase to up to 35 days leave in one year 1-2 volunteering days Pension scheme Life assurance x 4 - SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
16/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
16/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.