*3 days working from London office* Manage the Cyber Test and Validation process, Support Cyber Risk Assessment and drive Cyber Assurance programme across the bank through: Conduct cyber assessment of projects helping to drive adoption of application and infrastructure security controls and best practices. Advise on leading edge engineering to protect the bank's network from security risks related to web, mobile, web services, and Client Server architectures. Conduct risk reviews of 3rd party systems and applications to assess the standard and proprietary application security controls used by the application (eg authentication, authorization, input validation, output sanitization, error handling, application resilience) against bank policies and standards. Work with different teams in various jurisdictions where specific technology and cybersecurity regulations create requirements that are not directly supported by our global framework. Drive implementation of security controls in various platforms by working with technology infrastructure teams. Demonstrate deep understanding, passion and thought leadership for Information and Cybersecurity and its impact of new technologies, services and solutions. Investigate, coordinate and address Information and Cybersecurity incidents Act as liaison for global team in coordinating collection and preservation of forensic evidence in support of security event investigation. Analyse potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach. Collaborate with stakeholders to continually operate and improve a world-class cyber program by providing input into the uplift of sensory tools, detection tuning, and access to data sources to increase detection effectiveness. Convey complicated technical analysis to management via investigation synopses, graphical depictions of attacks, and comprehensive presentations. Act as a liaison to stakeholders, including those outside of the technology team(s), during security investigations and incidents Respond to regulatory requests regarding security incidents, as well as the relevant protective and detective security measures. Report the status of ongoing incidents, as well as the follow-up actions for resolved incidents to management Support Compliance, regulatory, or litigation related investigations by coordinating e-discovery, evidence collection and other such activities. Communicating status and risks in a succinct, direct and open manner for proper issue management life cycle tracking. Drafting responses to requests for information from regulators in the jurisdictions in which the bank operates Coordinating engagements with regulators, including periodic reporting, preparation of presentations and written deliverables Conducting analysis to identify potential gaps and issues from ongoing changes of regulatory requirement of relevance to the bank's business and risk environments Preparing presentations and written products on regulatory trends and issues to inform leadership decisions Coordinating with counterparts in other jurisdictions and regional stakeholders (eg Legal, Compliance, Preferred Qualifications and Experience A minimum of 10+ years of experience with a mix of Cybersecurity, Systems, Infrastructure, Network, and Cloud experience. Broad technical security skills in multiple technology areas such as applications deployments, endpoints, data, infrastructure, cloud, DNS, PKI, Email, OS (Windows, MAC,.NIX), SDN, encryption, forensics, authentication, Firewalls, proxies, identity and access control, BC/DR, remote access, and cryptography. Extensive experience in architecting and engineering complex security solutions utilizing and interpreting models to implement company policies, standards globally. Familiarity with techniques/methodologies such as "Attack and Defensive" methods, Threat Hunting, Threat modelling, Reverse engineering, Vulnerability Management, Data modelling, Evaluation of security products/services, Metrics development, etc. Proficiency and experience in automation and Scripting using Python, Shell, Ansible, Jenkins, etc. Demonstrated experience with utilizing and migrating to one or more cloud technologies such as Microsoft Azure, and AWS. Knowledge of Google Cloud Platform, Alibaba Cloud, and Microsoft Office 365 is a plus. Information Security and/or Information Technology industry certification (CISSP, CISM, CISSP-ISSMP, CRISC, GIAC, Azure and AWS equivalent) preferred. Ability to synthesize data, conceptualize and get to the root cause of processes that created the risk. Experience working in a multi-vendor and outsourced IT environment. Good understanding of COBIT and ITIL processes including change, incident and problem management. Experience in Financial Services is a nice to have but not mandatory. Our Recruitment Delivery Team are committed to offering an inclusive recruitment experience to all candidates. If you require any accommodations or adjustments as a result of disability, impairment, or health condition, please do not hesitate to let me know by emailing
03/05/2024
Full time
*3 days working from London office* Manage the Cyber Test and Validation process, Support Cyber Risk Assessment and drive Cyber Assurance programme across the bank through: Conduct cyber assessment of projects helping to drive adoption of application and infrastructure security controls and best practices. Advise on leading edge engineering to protect the bank's network from security risks related to web, mobile, web services, and Client Server architectures. Conduct risk reviews of 3rd party systems and applications to assess the standard and proprietary application security controls used by the application (eg authentication, authorization, input validation, output sanitization, error handling, application resilience) against bank policies and standards. Work with different teams in various jurisdictions where specific technology and cybersecurity regulations create requirements that are not directly supported by our global framework. Drive implementation of security controls in various platforms by working with technology infrastructure teams. Demonstrate deep understanding, passion and thought leadership for Information and Cybersecurity and its impact of new technologies, services and solutions. Investigate, coordinate and address Information and Cybersecurity incidents Act as liaison for global team in coordinating collection and preservation of forensic evidence in support of security event investigation. Analyse potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach. Collaborate with stakeholders to continually operate and improve a world-class cyber program by providing input into the uplift of sensory tools, detection tuning, and access to data sources to increase detection effectiveness. Convey complicated technical analysis to management via investigation synopses, graphical depictions of attacks, and comprehensive presentations. Act as a liaison to stakeholders, including those outside of the technology team(s), during security investigations and incidents Respond to regulatory requests regarding security incidents, as well as the relevant protective and detective security measures. Report the status of ongoing incidents, as well as the follow-up actions for resolved incidents to management Support Compliance, regulatory, or litigation related investigations by coordinating e-discovery, evidence collection and other such activities. Communicating status and risks in a succinct, direct and open manner for proper issue management life cycle tracking. Drafting responses to requests for information from regulators in the jurisdictions in which the bank operates Coordinating engagements with regulators, including periodic reporting, preparation of presentations and written deliverables Conducting analysis to identify potential gaps and issues from ongoing changes of regulatory requirement of relevance to the bank's business and risk environments Preparing presentations and written products on regulatory trends and issues to inform leadership decisions Coordinating with counterparts in other jurisdictions and regional stakeholders (eg Legal, Compliance, Preferred Qualifications and Experience A minimum of 10+ years of experience with a mix of Cybersecurity, Systems, Infrastructure, Network, and Cloud experience. Broad technical security skills in multiple technology areas such as applications deployments, endpoints, data, infrastructure, cloud, DNS, PKI, Email, OS (Windows, MAC,.NIX), SDN, encryption, forensics, authentication, Firewalls, proxies, identity and access control, BC/DR, remote access, and cryptography. Extensive experience in architecting and engineering complex security solutions utilizing and interpreting models to implement company policies, standards globally. Familiarity with techniques/methodologies such as "Attack and Defensive" methods, Threat Hunting, Threat modelling, Reverse engineering, Vulnerability Management, Data modelling, Evaluation of security products/services, Metrics development, etc. Proficiency and experience in automation and Scripting using Python, Shell, Ansible, Jenkins, etc. Demonstrated experience with utilizing and migrating to one or more cloud technologies such as Microsoft Azure, and AWS. Knowledge of Google Cloud Platform, Alibaba Cloud, and Microsoft Office 365 is a plus. Information Security and/or Information Technology industry certification (CISSP, CISM, CISSP-ISSMP, CRISC, GIAC, Azure and AWS equivalent) preferred. Ability to synthesize data, conceptualize and get to the root cause of processes that created the risk. Experience working in a multi-vendor and outsourced IT environment. Good understanding of COBIT and ITIL processes including change, incident and problem management. Experience in Financial Services is a nice to have but not mandatory. Our Recruitment Delivery Team are committed to offering an inclusive recruitment experience to all candidates. If you require any accommodations or adjustments as a result of disability, impairment, or health condition, please do not hesitate to let me know by emailing
Manager, Internal Audit - IT/Security Salary: open + bonus Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 5+ years of experience in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software. Security tools such as: CyberArk, Splunk, SailPoint Change management tools such as: ServiceNow, Jira, Confluence, GitHub Preferred Databases such as: Oracle, DB2, SQL Cloud-based solutions: AWS, Azure, Oracle Cloud, Workday Relevant Certifications Responsibilities Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience.
03/05/2024
Full time
Manager, Internal Audit - IT/Security Salary: open + bonus Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 5+ years of experience in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software. Security tools such as: CyberArk, Splunk, SailPoint Change management tools such as: ServiceNow, Jira, Confluence, GitHub Preferred Databases such as: Oracle, DB2, SQL Cloud-based solutions: AWS, Azure, Oracle Cloud, Workday Relevant Certifications Responsibilities Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience.
Manager, Internal Audit - IT/Security Salary: open + bonus Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 5+ years of experience in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software. Security tools such as: CyberArk, Splunk, SailPoint Change management tools such as: ServiceNow, Jira, Confluence, GitHub Preferred Databases such as: Oracle, DB2, SQL Cloud-based solutions: AWS, Azure, Oracle Cloud, Workday Relevant Certifications Responsibilities Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience.
03/05/2024
Full time
Manager, Internal Audit - IT/Security Salary: open + bonus Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 5+ years of experience in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software. Security tools such as: CyberArk, Splunk, SailPoint Change management tools such as: ServiceNow, Jira, Confluence, GitHub Preferred Databases such as: Oracle, DB2, SQL Cloud-based solutions: AWS, Azure, Oracle Cloud, Workday Relevant Certifications Responsibilities Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
03/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
03/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
Presales Solutions Consultant (Cybersecurity) - £55,000 - £65,000 + benefits - London (Hybrid) - ISP/MSP Overview: A market leading organisation operating within the ISP/MSP space are looking for an experienced Pre-Sales Solutions Consultant to join their growing team in London on a hybrid basis. Role & Responsibilities: The client are an expanding tech company that helps some of the world's biggest brands with their cyber security and IT infrastructure needs. The Cybersecurity Solutions (Pre-Sales) Consultant will support the growing needs of existing customers' UK businesses as they face cyber risks, go through digital transformation, adapt to hybrid working, meet compliance standards or experience rapid growth. The Solutions Team provides expert advice to these businesses who want fast and clear recommendations, trusting that their solutions will enable their workplace with robust and secure digital infrastructure. The ideal candidate will have a proven record in cyber security pre-sales, and experience with the Microsoft Suite of services to secure the Modern Workplace (Defender, Intune & Sentinel) as well as advanced, cloud-based services (SOC/SIEM, MDR/EDR). In addition, customers will need expert guidance in protecting their data, securing their IT infrastructure and working securely from anywhere (LAN/WiFi, SD-WAN & SASE). Pre-sales solutions engagement with UK businesses (fin-tech, high tech, life sciences, prof services) - Cybersecurity and IT infrastructure Cybersecurity Risk Assessments & Solution Recommendations Modern Workplace, secure infrastructure design Creation of Design documents, solution diagrams, BoM & Professional Services, Commercial summaries, tender responses & proposal text Internal Training, solution briefings & handovers to delivery & support teams Innovation - Introduction of new products & services Technical Requirements: Experience in all or some of Microsoft's Modern Workplace and Cybersecurity platforms, ideally in an MSP/Pre-Sales role: Microsoft 365, Windows Copilot, SharePoint, Defender, Intune, Entra, Teams, Sentinel, Purview. Advisor in advanced cybersecurity services including SSE, SASE, SIEM, MDR/EDR. Solutions design experience - modern workplace infrastructure - SD-WAN, SASE, LAN, WiFi & Cybersecurity Experience in recommending and designing solutions to meet compliance standards such as CE/CE+/ISO27001 Microsoft, Cisco, Meraki & Fortinet certifications Package: £55,000 - £65,000 Annual Bonus Benefits Hybrid Working Presales Solutions Consultant (Cybersecurity) - £55,000 - £65,000 + benefits - London (Hybrid) - ISP/MSP
03/05/2024
Full time
Presales Solutions Consultant (Cybersecurity) - £55,000 - £65,000 + benefits - London (Hybrid) - ISP/MSP Overview: A market leading organisation operating within the ISP/MSP space are looking for an experienced Pre-Sales Solutions Consultant to join their growing team in London on a hybrid basis. Role & Responsibilities: The client are an expanding tech company that helps some of the world's biggest brands with their cyber security and IT infrastructure needs. The Cybersecurity Solutions (Pre-Sales) Consultant will support the growing needs of existing customers' UK businesses as they face cyber risks, go through digital transformation, adapt to hybrid working, meet compliance standards or experience rapid growth. The Solutions Team provides expert advice to these businesses who want fast and clear recommendations, trusting that their solutions will enable their workplace with robust and secure digital infrastructure. The ideal candidate will have a proven record in cyber security pre-sales, and experience with the Microsoft Suite of services to secure the Modern Workplace (Defender, Intune & Sentinel) as well as advanced, cloud-based services (SOC/SIEM, MDR/EDR). In addition, customers will need expert guidance in protecting their data, securing their IT infrastructure and working securely from anywhere (LAN/WiFi, SD-WAN & SASE). Pre-sales solutions engagement with UK businesses (fin-tech, high tech, life sciences, prof services) - Cybersecurity and IT infrastructure Cybersecurity Risk Assessments & Solution Recommendations Modern Workplace, secure infrastructure design Creation of Design documents, solution diagrams, BoM & Professional Services, Commercial summaries, tender responses & proposal text Internal Training, solution briefings & handovers to delivery & support teams Innovation - Introduction of new products & services Technical Requirements: Experience in all or some of Microsoft's Modern Workplace and Cybersecurity platforms, ideally in an MSP/Pre-Sales role: Microsoft 365, Windows Copilot, SharePoint, Defender, Intune, Entra, Teams, Sentinel, Purview. Advisor in advanced cybersecurity services including SSE, SASE, SIEM, MDR/EDR. Solutions design experience - modern workplace infrastructure - SD-WAN, SASE, LAN, WiFi & Cybersecurity Experience in recommending and designing solutions to meet compliance standards such as CE/CE+/ISO27001 Microsoft, Cisco, Meraki & Fortinet certifications Package: £55,000 - £65,000 Annual Bonus Benefits Hybrid Working Presales Solutions Consultant (Cybersecurity) - £55,000 - £65,000 + benefits - London (Hybrid) - ISP/MSP
Required Profile: years cyber security professional experience with at least 5 years in domain or enterprise architecture experience Deep knowledge of the IAM and CIAM framework and industry best practice, Identity Governance, Logical and Privileged Access Management, Role Modelling, Access Recertification, and authentication mechanisms. Familiar with market leader's products CyberArk, SailPoint, Microsoft Azure AD, Microsoft AD, Beyond Trust, One Identity and its implementation in a strong regulated and complex environment. Knowledge and experience with security technologies, identity management platforms, secure access management and federation, IDAAS (Identity as a service), Single Sign On, SAML, Opend ID Connect, OAUTH, multi-factor authentication, PKI and cryptographic solutions, web application Firewalls, automated code review tools, Cloud SAAS solutions Worked in financial or highly regulated industries. Professional certifications such as TOGAF, SABSA or IAF architecture frameworks. CISSP, GIAC, CISM, ISO 27001 LA/LI or specific security product certifications are an asset. Fluent in English mandatory. As a the Cyber Security IAM Architect, your role will include: Lead the Identity and Access Management architecture domain. Define the IAM strategy, the reference/target Architecture, blueprint for your domain in close collaboration with your stakeholders (IDAM, GTS, GBS, Security Architecture and Enterprise Architecture). Design the architecture principles, tools, patterns, building blocks and contribute to IAM policies, standards and solutions. Advise on solution designs, implementation, and processes required to protect information system assets in line with the IAM and IT strategy. Provide guidance and act as a facilitator to ensure security standard and best practices are applied consistently and in a meaningful way across all divisions and the group. Collect feedback from stakeholders, detect unaddressed security IAM needs and identify opportunities for improvements or new architecture services. Translate the business requirements, risk assessments, high-level policies, and controls into security architecture requirements and designs for existing or new IAM capabilities, services and projects on business and IT side. Participate in discussions on IAM subjects, operational process design and implementation of security controls into project delivery. Your stakeholders are mainly Tribe Leads, Product Owners, Project Leaders, Enterprise Architects, risk management, internal/external Auditors and IT engineers, Developers and Solution Designers. Note: this role has been assessed as Inside IR35 which only affects UK resident candidates
02/05/2024
Project-based
Required Profile: years cyber security professional experience with at least 5 years in domain or enterprise architecture experience Deep knowledge of the IAM and CIAM framework and industry best practice, Identity Governance, Logical and Privileged Access Management, Role Modelling, Access Recertification, and authentication mechanisms. Familiar with market leader's products CyberArk, SailPoint, Microsoft Azure AD, Microsoft AD, Beyond Trust, One Identity and its implementation in a strong regulated and complex environment. Knowledge and experience with security technologies, identity management platforms, secure access management and federation, IDAAS (Identity as a service), Single Sign On, SAML, Opend ID Connect, OAUTH, multi-factor authentication, PKI and cryptographic solutions, web application Firewalls, automated code review tools, Cloud SAAS solutions Worked in financial or highly regulated industries. Professional certifications such as TOGAF, SABSA or IAF architecture frameworks. CISSP, GIAC, CISM, ISO 27001 LA/LI or specific security product certifications are an asset. Fluent in English mandatory. As a the Cyber Security IAM Architect, your role will include: Lead the Identity and Access Management architecture domain. Define the IAM strategy, the reference/target Architecture, blueprint for your domain in close collaboration with your stakeholders (IDAM, GTS, GBS, Security Architecture and Enterprise Architecture). Design the architecture principles, tools, patterns, building blocks and contribute to IAM policies, standards and solutions. Advise on solution designs, implementation, and processes required to protect information system assets in line with the IAM and IT strategy. Provide guidance and act as a facilitator to ensure security standard and best practices are applied consistently and in a meaningful way across all divisions and the group. Collect feedback from stakeholders, detect unaddressed security IAM needs and identify opportunities for improvements or new architecture services. Translate the business requirements, risk assessments, high-level policies, and controls into security architecture requirements and designs for existing or new IAM capabilities, services and projects on business and IT side. Participate in discussions on IAM subjects, operational process design and implementation of security controls into project delivery. Your stakeholders are mainly Tribe Leads, Product Owners, Project Leaders, Enterprise Architects, risk management, internal/external Auditors and IT engineers, Developers and Solution Designers. Note: this role has been assessed as Inside IR35 which only affects UK resident candidates
IT Security Manager - Security Operations - Birmingham Hybrid working available Salary £40,000-50,950 %Flex fund IT Security Manager required for a leading client based in Birmingham. My client is currently seeking a IT Security Manager to come on board to effectively manage the Security Operations pillar within the IT Security, Compliance & Identity function. This involves overseeing Security technology and Security Operations Centre management. Additionally, this position involves leveraging and applying understanding of business objectives and security needs to identify issues and establish priorities for both internal and external delivery teams. Key skills and responsibilities, * Strong IT Security Management experience * Direct the Security Operations pillar, devising and implementing requirements, techniques, and resources to enhance value and mitigate risks across proactive monitoring, incident response, threat management, and vulnerability management, among other areas. * Spearhead the development and upkeep of Security Operations policies, standards, procedures, and documentation, including playbooks and guidelines. * Oversee the implementation and adherence to security operations procedures, assessing real and potential security breaches, and ensuring thorough investigation and resolution. * Familiarity with IT Service Frameworks, methodologies, and industry best practices such as ITIL v4 and Agile. * Understanding of day-to-day operations and industry best practices within a Security Operations Center (SOC). * Proficiency in technical security aspects including Firewalls, network security groups, and access controls. * Demonstrated leadership in guiding teams through the entire IT service life cycle, fortifying security measures, and advancing capabilities through continual service enhancement. * Track record of leading response efforts during live cyber incidents and executing remediation strategies. * Experience collaborating with supplier teams to facilitate managed services delivery for enhancements. * Broad experience spanning the entire spectrum of IT security, encompassing software, Servers, infrastructure, and networks. * Proven expertise in designing and implementing secure systems, and leading reviews of intricate security matters when necessary. Interested? Please submit your updated CV to Emma Siwicki at Crimson for immediate consideration. Not interested? Do you know someone who might be a perfect fit for this role? Refer a friend and earn £250 worth of vouchers! Crimson is acting as an employment agency regarding this vacancy
01/05/2024
Full time
IT Security Manager - Security Operations - Birmingham Hybrid working available Salary £40,000-50,950 %Flex fund IT Security Manager required for a leading client based in Birmingham. My client is currently seeking a IT Security Manager to come on board to effectively manage the Security Operations pillar within the IT Security, Compliance & Identity function. This involves overseeing Security technology and Security Operations Centre management. Additionally, this position involves leveraging and applying understanding of business objectives and security needs to identify issues and establish priorities for both internal and external delivery teams. Key skills and responsibilities, * Strong IT Security Management experience * Direct the Security Operations pillar, devising and implementing requirements, techniques, and resources to enhance value and mitigate risks across proactive monitoring, incident response, threat management, and vulnerability management, among other areas. * Spearhead the development and upkeep of Security Operations policies, standards, procedures, and documentation, including playbooks and guidelines. * Oversee the implementation and adherence to security operations procedures, assessing real and potential security breaches, and ensuring thorough investigation and resolution. * Familiarity with IT Service Frameworks, methodologies, and industry best practices such as ITIL v4 and Agile. * Understanding of day-to-day operations and industry best practices within a Security Operations Center (SOC). * Proficiency in technical security aspects including Firewalls, network security groups, and access controls. * Demonstrated leadership in guiding teams through the entire IT service life cycle, fortifying security measures, and advancing capabilities through continual service enhancement. * Track record of leading response efforts during live cyber incidents and executing remediation strategies. * Experience collaborating with supplier teams to facilitate managed services delivery for enhancements. * Broad experience spanning the entire spectrum of IT security, encompassing software, Servers, infrastructure, and networks. * Proven expertise in designing and implementing secure systems, and leading reviews of intricate security matters when necessary. Interested? Please submit your updated CV to Emma Siwicki at Crimson for immediate consideration. Not interested? Do you know someone who might be a perfect fit for this role? Refer a friend and earn £250 worth of vouchers! Crimson is acting as an employment agency regarding this vacancy
OT Security Engineer - (Operational Technology) Stevenage - hybrid working - 2/3 days in the office £70-80k pa, base salary A market leading services company are seeking an experienced Operational Technology Security Engineer with a background in Cyber Security to look after Operational Technology Security for one of their global customers. This is a broad operational technology (OT) security role covering OT security risk management, 3rd party management, acting as an advocate for OT security in the EMEA region and maintaining OT security standards. Your experience should also include access control and building management systems. This is a responsible role in a high-profile customer, the post-holder will to lead and take initiative when implementing and managing OT security. To apply for this interesting opportunity please send a CV detailing all relevant OT security experience. OT Security Engineer - (Operational Technology) Stevenage - hybrid working - 2/3 days in the office £70-80k pa, base salary
01/05/2024
Full time
OT Security Engineer - (Operational Technology) Stevenage - hybrid working - 2/3 days in the office £70-80k pa, base salary A market leading services company are seeking an experienced Operational Technology Security Engineer with a background in Cyber Security to look after Operational Technology Security for one of their global customers. This is a broad operational technology (OT) security role covering OT security risk management, 3rd party management, acting as an advocate for OT security in the EMEA region and maintaining OT security standards. Your experience should also include access control and building management systems. This is a responsible role in a high-profile customer, the post-holder will to lead and take initiative when implementing and managing OT security. To apply for this interesting opportunity please send a CV detailing all relevant OT security experience. OT Security Engineer - (Operational Technology) Stevenage - hybrid working - 2/3 days in the office £70-80k pa, base salary