This is an amazing opportunity for a Senior Security Consultant or a Cyber Security Manager to join a really fantastic business that offers an incredible amount of learning and development working with a fantastic IT Director to deliver the company's Cyber Security strategy . Interested? If so please read on. Client Details A fantastic business that operates within UK and EU. Description You will be overseeing a Security Analyst assisting with their learning and development as well as your own, whilst developing the growth of the team with future requirements. You will be working within a company that really invests in their team in terms of training and development long term. In this role you will be rewarded with a competitive salary of up to £60,000 per annum depending on experience with a host of further benefits including a generous pension, Life Assurance and 28 days annual leave plus much more! If this sounds interesting to you, please read on What you will bring to the role: You will be delivering ISO 27001 compliance in relation to Cyber Security. Exposure to compliance standards such as NIST, GDPR or ISO 27001. Working closely with the IT Director to deliver the Cyber Security strategy for the company. Developing the team, and future growth of the team as the Cyber Security team grows. Developing and maintaining the Cyber Security policies and procedures. Continuously monitoring Network traffic for any "out of the ordinary" activity and responding to security breaches accordingly. Maintaining and developing the incident response plan. Implementing new security technologies and solutions. Relevant certifications such as CISM, CISSP or CEH would be desirable. Profile The Successful Applicant: This would be a fantastic opportunity for someone looking to take their career to the next level. It would be ideal for someone who has exceptional leadership, abilities who is a real analytical thinker. Job Offer What's on offer: Salary up to £60,000 per annum. 28 days annual leave. Lots of on-the-job learning. Life Assurance. PLUS MUCH MORE! If this opportunity sounds exciting to you hit APPLY NOW before it's too late and this role is snapped up. We are looking to fill this quickly, so it will not be around for too long.
17/06/2024
Full time
This is an amazing opportunity for a Senior Security Consultant or a Cyber Security Manager to join a really fantastic business that offers an incredible amount of learning and development working with a fantastic IT Director to deliver the company's Cyber Security strategy . Interested? If so please read on. Client Details A fantastic business that operates within UK and EU. Description You will be overseeing a Security Analyst assisting with their learning and development as well as your own, whilst developing the growth of the team with future requirements. You will be working within a company that really invests in their team in terms of training and development long term. In this role you will be rewarded with a competitive salary of up to £60,000 per annum depending on experience with a host of further benefits including a generous pension, Life Assurance and 28 days annual leave plus much more! If this sounds interesting to you, please read on What you will bring to the role: You will be delivering ISO 27001 compliance in relation to Cyber Security. Exposure to compliance standards such as NIST, GDPR or ISO 27001. Working closely with the IT Director to deliver the Cyber Security strategy for the company. Developing the team, and future growth of the team as the Cyber Security team grows. Developing and maintaining the Cyber Security policies and procedures. Continuously monitoring Network traffic for any "out of the ordinary" activity and responding to security breaches accordingly. Maintaining and developing the incident response plan. Implementing new security technologies and solutions. Relevant certifications such as CISM, CISSP or CEH would be desirable. Profile The Successful Applicant: This would be a fantastic opportunity for someone looking to take their career to the next level. It would be ideal for someone who has exceptional leadership, abilities who is a real analytical thinker. Job Offer What's on offer: Salary up to £60,000 per annum. 28 days annual leave. Lots of on-the-job learning. Life Assurance. PLUS MUCH MORE! If this opportunity sounds exciting to you hit APPLY NOW before it's too late and this role is snapped up. We are looking to fill this quickly, so it will not be around for too long.
Robert Half have partnered on a retained basis with CMS Cepcor to recruit an ERP Manager on a permanent contract, to be based in Coalville, Leicestershire. The Organisation: The CMS Group is the leading aftermarket manufacturer and supplier of crusher spare parts. Trading for over 30 years this family owned business supplies customers in over 140 different countries with current revenues of £80m with ambitious export growth plans. It recently received the Kings award for International Trade. Their headquarters and manufacturing facilities are based in North Leicestershire and there are two further locations in the US plus plans to extend physical presence in other key geographies. They operate a heavily customised ERP system to manage stock, manufacturing, multiple currencies, multiple locations and intercompany trading. The UK operation is currently implementing Blue Yonder WMS which will complement its current ERP system. Role overview: The role holder will report to the Group Commercial Director and have significant input from the CFO and will business partner multiple stakeholders. Previous people management skills are required as the ERP Manage will manage one direct report, who has extensive experience with the current ERP system. Additional ad hoc support is also provided by the ERP provider. The ERP Manager would be responsible for making timely, effective decisions at a high level, effectively communicating those decisions with key stakeholders, therefore the ability to work under pressure, prioritise and work towards deadlines is essential within this role. The ERP Manager would have overall responsibility for the integration and maintenance of ERP applications and software within the CMS Cepcor Group. Key Responsibilities: Overseeing the planning, development, and integration of ERP systems Key stakeholder management, including senior management and external contractors, partnering closely with our finance function. Managing the functionality of ERP systems, as well as upgrades and modifications to current systems Responsible for overall ERP system cyber security Strategic responsibility to plan to meet the system needs for business growth, assessing risk and system capability Direct line Management of one report Optimise and improve current ERP System Tracking, analysing and resolving issues with ERP systems including, performing diagnostic tests. Communicating with key stakeholders on schedules, delays and work changes for ERP projects and system upgrades Designing and training users on new and upgraded systems Managing change across the organisation to ensure a gradual adoption of new systems Implement efficient ways of working within the current ERP system to create a streamlined approach to each process creating resilience throughout the systems. Consulting with business units to determine ERP requirements Design and implement simplified reporting structures for key business requirements Installing and integrating ERP software/apps Designing user-friendly interfaces and functionalities Key Skills, Qualifications and Experience Required: Previous experience in managing ERP Systems is essential. Proven experience partnering with users across various sites to solve business challenges and improve processes through ERP solutions. Background in gathering and translating business needs into functional specifications, test plans, and standard operating procedures. Expert knowledge creating and maintaining Business Intelligence reports using ERP tools such as Crystal Reports, Excel, and Power BI. Extensive background advocating for process simplification, standardization, and innovation. Demonstrable experience managing ERP system security, ensuring profiles and access controls are up to date. Demonstrable experience administering SQL databases, managing jobs, backups, and updates. Staying informed about the ERP solution roadmap to maximise future developments and business return on investment. Experience implementing system Extensive experience in SQL Extensive systems experience Finance background/Financial understanding, potentially have experience working across multicurrency systems. Previous project management experience and effective time management skills Strong influencing skills and ability to work at a high level, including collaborating directly with the board of directors Strong people management skills and experience Ability to analyse and manipulate data. Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to equal opportunity and diversity. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data: Security alert: scammers are currently targeting jobseekers. Robert Half do not ask candidates for a fee or request candidates to send applications through instant messaging services such as WhatsApp or Telegram. Learn how to protect yourself by visiting our website:
17/06/2024
Full time
Robert Half have partnered on a retained basis with CMS Cepcor to recruit an ERP Manager on a permanent contract, to be based in Coalville, Leicestershire. The Organisation: The CMS Group is the leading aftermarket manufacturer and supplier of crusher spare parts. Trading for over 30 years this family owned business supplies customers in over 140 different countries with current revenues of £80m with ambitious export growth plans. It recently received the Kings award for International Trade. Their headquarters and manufacturing facilities are based in North Leicestershire and there are two further locations in the US plus plans to extend physical presence in other key geographies. They operate a heavily customised ERP system to manage stock, manufacturing, multiple currencies, multiple locations and intercompany trading. The UK operation is currently implementing Blue Yonder WMS which will complement its current ERP system. Role overview: The role holder will report to the Group Commercial Director and have significant input from the CFO and will business partner multiple stakeholders. Previous people management skills are required as the ERP Manage will manage one direct report, who has extensive experience with the current ERP system. Additional ad hoc support is also provided by the ERP provider. The ERP Manager would be responsible for making timely, effective decisions at a high level, effectively communicating those decisions with key stakeholders, therefore the ability to work under pressure, prioritise and work towards deadlines is essential within this role. The ERP Manager would have overall responsibility for the integration and maintenance of ERP applications and software within the CMS Cepcor Group. Key Responsibilities: Overseeing the planning, development, and integration of ERP systems Key stakeholder management, including senior management and external contractors, partnering closely with our finance function. Managing the functionality of ERP systems, as well as upgrades and modifications to current systems Responsible for overall ERP system cyber security Strategic responsibility to plan to meet the system needs for business growth, assessing risk and system capability Direct line Management of one report Optimise and improve current ERP System Tracking, analysing and resolving issues with ERP systems including, performing diagnostic tests. Communicating with key stakeholders on schedules, delays and work changes for ERP projects and system upgrades Designing and training users on new and upgraded systems Managing change across the organisation to ensure a gradual adoption of new systems Implement efficient ways of working within the current ERP system to create a streamlined approach to each process creating resilience throughout the systems. Consulting with business units to determine ERP requirements Design and implement simplified reporting structures for key business requirements Installing and integrating ERP software/apps Designing user-friendly interfaces and functionalities Key Skills, Qualifications and Experience Required: Previous experience in managing ERP Systems is essential. Proven experience partnering with users across various sites to solve business challenges and improve processes through ERP solutions. Background in gathering and translating business needs into functional specifications, test plans, and standard operating procedures. Expert knowledge creating and maintaining Business Intelligence reports using ERP tools such as Crystal Reports, Excel, and Power BI. Extensive background advocating for process simplification, standardization, and innovation. Demonstrable experience managing ERP system security, ensuring profiles and access controls are up to date. Demonstrable experience administering SQL databases, managing jobs, backups, and updates. Staying informed about the ERP solution roadmap to maximise future developments and business return on investment. Experience implementing system Extensive experience in SQL Extensive systems experience Finance background/Financial understanding, potentially have experience working across multicurrency systems. Previous project management experience and effective time management skills Strong influencing skills and ability to work at a high level, including collaborating directly with the board of directors Strong people management skills and experience Ability to analyse and manipulate data. Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to equal opportunity and diversity. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data: Security alert: scammers are currently targeting jobseekers. Robert Half do not ask candidates for a fee or request candidates to send applications through instant messaging services such as WhatsApp or Telegram. Learn how to protect yourself by visiting our website:
About the Role Our client is currently seeking a Cyber Issues Manager to join their team. As a Cyber Issues Manager, you will have the unique opportunity to work on and support groundbreaking cyber security and networking technologies on a national and international scale. Your role will involve working on research and development projects to secure telecommunications networks, making the UK the safest place to live and do business online. You will play a vital role in managing security-related issues across the telecommunications projects. This includes triaging these issues, communicating the results to relevant parties, and working with equipment vendors and others to resolve them. Your knowledge, experience, and networks will be crucial to ensure its relevance and representation. About You Significant experience in telecoms network environment, ideally in identifying and communicating security-related issues. Strong understanding of relevant legislation, such as the Telecommunications (Security) Act 2021. Technical leadership in telecoms security or equivalent cyber security. In-depth knowledge of network protocols, software workings, and security vulnerabilities. Experience working with telecoms infrastructure equipment vendors and UK Communications Service Providers. Understanding of hardware and software development life cycles. Applied knowledge of cryptographic algorithms/standards, data structures, and distributed systems. DV clearance with no restrictions or the ability to obtain DV clearance. About Us Our client aims to provide cutting-edge technology to secure telecommunications networks, accelerate the rollout of 5G, and diversify the supply chain market. As part of this initiative, our client, plays a crucial role in providing measurement science, engineering, and technology to ensure the highest standards of cyber security. If you want to be part of an innovative team and contribute to securing the UK's telecommunications networks, apply now!
17/06/2024
Full time
About the Role Our client is currently seeking a Cyber Issues Manager to join their team. As a Cyber Issues Manager, you will have the unique opportunity to work on and support groundbreaking cyber security and networking technologies on a national and international scale. Your role will involve working on research and development projects to secure telecommunications networks, making the UK the safest place to live and do business online. You will play a vital role in managing security-related issues across the telecommunications projects. This includes triaging these issues, communicating the results to relevant parties, and working with equipment vendors and others to resolve them. Your knowledge, experience, and networks will be crucial to ensure its relevance and representation. About You Significant experience in telecoms network environment, ideally in identifying and communicating security-related issues. Strong understanding of relevant legislation, such as the Telecommunications (Security) Act 2021. Technical leadership in telecoms security or equivalent cyber security. In-depth knowledge of network protocols, software workings, and security vulnerabilities. Experience working with telecoms infrastructure equipment vendors and UK Communications Service Providers. Understanding of hardware and software development life cycles. Applied knowledge of cryptographic algorithms/standards, data structures, and distributed systems. DV clearance with no restrictions or the ability to obtain DV clearance. About Us Our client aims to provide cutting-edge technology to secure telecommunications networks, accelerate the rollout of 5G, and diversify the supply chain market. As part of this initiative, our client, plays a crucial role in providing measurement science, engineering, and technology to ensure the highest standards of cyber security. If you want to be part of an innovative team and contribute to securing the UK's telecommunications networks, apply now!
Conexus has partnered with a Global Pharmaceutical Company to source an Information Security Risk Manager who will be responsible for assessing, reporting, and managing information security risks identified in our systems and data, business processes, and third-party service providers. You will work closely with IT colleagues and business stakeholders based at multiple locations in Europe, USA, and Japan. As this is a remote role, we are seeking a candidate with exceptional time management skills and the ability to work independently. The Team: You will be delivering your services supporting a recently created Information Security, Risk and Compliance Management (ISRM) Team. This team is accountable for the design and implementation of our information security, risk management, and compliance strategy and program globally. Responsibilities: Support the design and improvement of the information security framework (ISF): policies, controls, and procedures using the NIST Cyber Security Framework, including third-party risk management. Assess new and existing systems, data flows, business processes, and third-party provider engagements to implement and verify compliance with the ISF, reporting identified risks and issues. Perform information security risk assessments, including security business impact analysis (BIA), business dependency analysis, security controls plan, controls maturity assessments, and third-party provider risk profiling, assessments, and audits. Maintain the information security risks and issues registers, deliver high-quality reports, and run information security committee meetings with business and IT management to manage risks. Support the design and improvement of third-party information risk management policies, controls, and procedures. Assist or lead assessment of information security risks arising from engagements with third-party providers and drive remediation efforts. Drive the design and implementation of a GRC platform, including functional requirements, reviewing process designs, rolling out new processes to the business and IT teams, and supporting the administration and maintenance of the GRC tool. Design, improve, and periodically report security key risk indicators and metrics to IT and business management to support continuous improvements and increase security maturity. Design and deliver the security education training awareness program (SETA) across all business functions. Manage external resources supporting the security awareness activities. Desirable Experience: Implementing controls and managing compliance risks regarding GXP regulated systems, data protection regulations such as EU and UK GDPR, CCPA, and cybersecurity regulations such as the EU NIS2 and USA SEC Disclosure Requirements. Education, Certifications, and Skills Required: Minimum of 10 years of professional experience in information technology, with at least 3 years as an information security risk manager, preferably in pharmaceutical, biotechnology, or other manufacturing organizations. Bachelor's or master's degree in information security or Information Technology. Relevant information security professional certifications, eg, CISSP, CISM, CRISC, CISA, GSEC-GIAC, ISO 27001 auditor/practitioner. Desirable: Training and/or certifications in GRC platforms such as ServiceNow GRC, Archer, Metricstream; and the NIST Cyber Security Framework. If this position is of interest, apply here or contact me directly for more details.
17/06/2024
Full time
Conexus has partnered with a Global Pharmaceutical Company to source an Information Security Risk Manager who will be responsible for assessing, reporting, and managing information security risks identified in our systems and data, business processes, and third-party service providers. You will work closely with IT colleagues and business stakeholders based at multiple locations in Europe, USA, and Japan. As this is a remote role, we are seeking a candidate with exceptional time management skills and the ability to work independently. The Team: You will be delivering your services supporting a recently created Information Security, Risk and Compliance Management (ISRM) Team. This team is accountable for the design and implementation of our information security, risk management, and compliance strategy and program globally. Responsibilities: Support the design and improvement of the information security framework (ISF): policies, controls, and procedures using the NIST Cyber Security Framework, including third-party risk management. Assess new and existing systems, data flows, business processes, and third-party provider engagements to implement and verify compliance with the ISF, reporting identified risks and issues. Perform information security risk assessments, including security business impact analysis (BIA), business dependency analysis, security controls plan, controls maturity assessments, and third-party provider risk profiling, assessments, and audits. Maintain the information security risks and issues registers, deliver high-quality reports, and run information security committee meetings with business and IT management to manage risks. Support the design and improvement of third-party information risk management policies, controls, and procedures. Assist or lead assessment of information security risks arising from engagements with third-party providers and drive remediation efforts. Drive the design and implementation of a GRC platform, including functional requirements, reviewing process designs, rolling out new processes to the business and IT teams, and supporting the administration and maintenance of the GRC tool. Design, improve, and periodically report security key risk indicators and metrics to IT and business management to support continuous improvements and increase security maturity. Design and deliver the security education training awareness program (SETA) across all business functions. Manage external resources supporting the security awareness activities. Desirable Experience: Implementing controls and managing compliance risks regarding GXP regulated systems, data protection regulations such as EU and UK GDPR, CCPA, and cybersecurity regulations such as the EU NIS2 and USA SEC Disclosure Requirements. Education, Certifications, and Skills Required: Minimum of 10 years of professional experience in information technology, with at least 3 years as an information security risk manager, preferably in pharmaceutical, biotechnology, or other manufacturing organizations. Bachelor's or master's degree in information security or Information Technology. Relevant information security professional certifications, eg, CISSP, CISM, CRISC, CISA, GSEC-GIAC, ISO 27001 auditor/practitioner. Desirable: Training and/or certifications in GRC platforms such as ServiceNow GRC, Archer, Metricstream; and the NIST Cyber Security Framework. If this position is of interest, apply here or contact me directly for more details.
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
14/06/2024
Full time
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Technology Services Security Manager Security Operations, Cybersecurity, CISSP, Azure Certified, Agile, ITIL, CSIRT, Incident Management, Continuous Service Improvement, Risk Management, IT/OT Technologies, Infrastructure Development, Operations, Third-Party Contracts, MSP, APMP, SAFE Leadership, Scrum, Kanban Warrington - 3 days per week Competitive salary We are looking for a Technology Services Security Manager to lead the Security Operations function within our client's IT department. This role involves managing both internal and external specialist 3rd party support to deliver security operations activities across our digital estate. The successful candidate will oversee the security of our enterprise/IT and OT estate, ensuring continuous service improvement and risk reduction. Day to Day of the role: Improve performance and security of the digital estate through proactive continuous service improvement. Manage the security operations of the Technology estates, ensuring 24/7/365 availability where applicable. Collaborate with the wider Technology Services and Information Security teams, providing SME capability to align development activity with operational and strategic requirements. Own the Incident Management process for cyber-related incidents, working closely with the Information Security team. Plan and deliver resources (people, tools, and technology) to create an effective Security Operations function that addresses risk and aligns with business plans. Contribute security insights to infrastructure technology maintenance and change plans. Offer technical security/cyber information to ensure optimal commercial arrangements. Identify security trends, assess risks and opportunities, and prioritize activities to minimize risks and add value. Manage day-to-day third-party contracts underpinning the security operations function, ensuring alignment with business requirements. Required Skills & Qualifications: CISSP (or equivalent) qualification and Azure Certified. SAFE leadership or other Agile qualification (such as Kanban or Scrum). Considerable experience operating ITIL and CSIRT processes and standards. Detailed understanding of IT/OT technologies, market trends, products, and services. Extensive working knowledge of technologies and defining strategies for efficient and effective solutions and services. Considerable experience in an IT managerial position with responsibilities for operations, planning, people, and relationship management. Broad IT Management/Contracts experience, including infrastructure development, delivery, and operational management. Managing Successful Programmes (MSP)/APMP qualification. Benefits: 20% Bonus - 80% company performance 20% individual Pension - double the amount that individual puts in up to 7%. So if they contribute 7% - total is 21% 5k Car allowance Edenred package EV Car Scheme In the first instance, please submit your CV.
14/06/2024
Full time
Technology Services Security Manager Security Operations, Cybersecurity, CISSP, Azure Certified, Agile, ITIL, CSIRT, Incident Management, Continuous Service Improvement, Risk Management, IT/OT Technologies, Infrastructure Development, Operations, Third-Party Contracts, MSP, APMP, SAFE Leadership, Scrum, Kanban Warrington - 3 days per week Competitive salary We are looking for a Technology Services Security Manager to lead the Security Operations function within our client's IT department. This role involves managing both internal and external specialist 3rd party support to deliver security operations activities across our digital estate. The successful candidate will oversee the security of our enterprise/IT and OT estate, ensuring continuous service improvement and risk reduction. Day to Day of the role: Improve performance and security of the digital estate through proactive continuous service improvement. Manage the security operations of the Technology estates, ensuring 24/7/365 availability where applicable. Collaborate with the wider Technology Services and Information Security teams, providing SME capability to align development activity with operational and strategic requirements. Own the Incident Management process for cyber-related incidents, working closely with the Information Security team. Plan and deliver resources (people, tools, and technology) to create an effective Security Operations function that addresses risk and aligns with business plans. Contribute security insights to infrastructure technology maintenance and change plans. Offer technical security/cyber information to ensure optimal commercial arrangements. Identify security trends, assess risks and opportunities, and prioritize activities to minimize risks and add value. Manage day-to-day third-party contracts underpinning the security operations function, ensuring alignment with business requirements. Required Skills & Qualifications: CISSP (or equivalent) qualification and Azure Certified. SAFE leadership or other Agile qualification (such as Kanban or Scrum). Considerable experience operating ITIL and CSIRT processes and standards. Detailed understanding of IT/OT technologies, market trends, products, and services. Extensive working knowledge of technologies and defining strategies for efficient and effective solutions and services. Considerable experience in an IT managerial position with responsibilities for operations, planning, people, and relationship management. Broad IT Management/Contracts experience, including infrastructure development, delivery, and operational management. Managing Successful Programmes (MSP)/APMP qualification. Benefits: 20% Bonus - 80% company performance 20% individual Pension - double the amount that individual puts in up to 7%. So if they contribute 7% - total is 21% 5k Car allowance Edenred package EV Car Scheme In the first instance, please submit your CV.
Lynx Recruitment are working with a successful Managed Security Services Provider who are seeking a Sales Development Representative to identify and pursue prospective clients to book and attend meetings for the Business Development Manager. Upon being a success in this Sales Development Representative role, the position has a clear path to further your career progression in the business. Below are the essential skills and experience: Minimum of 1 year experience in a cyber security sales Experienced making outbound calls Lead Generation experience Excellent communication skills If this Sales Development Representative position is of interest, please apply ASAP.
14/06/2024
Full time
Lynx Recruitment are working with a successful Managed Security Services Provider who are seeking a Sales Development Representative to identify and pursue prospective clients to book and attend meetings for the Business Development Manager. Upon being a success in this Sales Development Representative role, the position has a clear path to further your career progression in the business. Below are the essential skills and experience: Minimum of 1 year experience in a cyber security sales Experienced making outbound calls Lead Generation experience Excellent communication skills If this Sales Development Representative position is of interest, please apply ASAP.
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
13/06/2024
Full time
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
12/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate will be responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is highly preferred Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
12/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate will be responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is highly preferred Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
12/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate will be responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is highly preferred Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
11/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate will be responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is highly preferred Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
11/06/2024
Full time
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
Your new company A well established organisation within the public sector. The organisation has over 50 sites across Wales. Your new role ICT is undergoing rapid change, with several interesting projects set to roll out in the coming years. These initiatives promise to bring about significant positive transformations, and ICT will play a central role in their success. Part of the role would be delivering IT services across all sites which would cover most of Wales. Due to covering all sites, it may require some extensive travel and staying away from home for periods of time during the working week. A full driving licence is therefore essential, as well as having your own vehicle. What you'll need to succeed High level understanding of Networking, Servers (Physical/On-Prem/Hybrid), software, hardware and cybersecurity. As this is a senior role, you will need strong leadership skills. Although this role is a managerial role, there will still be a strong aspect of the role being hands-on. As part of your responsibilities, you'll need to demonstrate strong project management skills, utilizing diverse methodologies. Additionally, you should be adept at developing work plans that align with appropriate timeframes and budgets. What you'll get in return Competitive Pay Government Pension Scheme (Currently 15.1%) Generous Annual Leave of 26 Days Plus bank holidays, going up to 33 days after 5 years of employment Flexible Working - Opportunity to flex your working hours to help accommodate life outside of work. What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
11/06/2024
Full time
Your new company A well established organisation within the public sector. The organisation has over 50 sites across Wales. Your new role ICT is undergoing rapid change, with several interesting projects set to roll out in the coming years. These initiatives promise to bring about significant positive transformations, and ICT will play a central role in their success. Part of the role would be delivering IT services across all sites which would cover most of Wales. Due to covering all sites, it may require some extensive travel and staying away from home for periods of time during the working week. A full driving licence is therefore essential, as well as having your own vehicle. What you'll need to succeed High level understanding of Networking, Servers (Physical/On-Prem/Hybrid), software, hardware and cybersecurity. As this is a senior role, you will need strong leadership skills. Although this role is a managerial role, there will still be a strong aspect of the role being hands-on. As part of your responsibilities, you'll need to demonstrate strong project management skills, utilizing diverse methodologies. Additionally, you should be adept at developing work plans that align with appropriate timeframes and budgets. What you'll get in return Competitive Pay Government Pension Scheme (Currently 15.1%) Generous Annual Leave of 26 Days Plus bank holidays, going up to 33 days after 5 years of employment Flexible Working - Opportunity to flex your working hours to help accommodate life outside of work. What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
10/06/2024
Full time
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.