Cyber Security Engineer - PLEASE NOTE YOU MUST HOLD DV CLEARANCE TO APPLY FOR THIS ROLE Day Rate is Negotiable Dependant Upon Experience - Inside IR35 Around 6 months Hybrid 2-3 days per week on-site in any of the following locations: Portsmouth, Wiltshire and North Yorkshire Responsibilities: Develop and integrate security event monitoring and incident management services. Respond to security incidents as they occur as part of an incident response team. Implement metrics and dashboards to give visibility of the Enterprise infrastructure. Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools. Produce documentation to ensure the repeatability and standardisation of security operating procedures. Develop additional investigative methods using the SOC's software toolsets to enhance recognition opportunities for specific analysis. Maintain a baseline of system security according to latest threat intelligence and evolving trends. Participate in root cause analysis of incidents in conjunction with engineers across the enterprise. Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices. Offer strategic and tactical security guidance including valuation requirement of technical controls. Be part of the CRM process Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident. Document, validate and create operational processes and procedures to help develop the SOC. Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources. Build, install, configure, and test dedicated cyber defence hardware. Support Junior Analysts to manage SOC systems. Previous experience of Enterprise ICS/network architectures and technologies Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning. Experience as a mentor/coach to Junior Analysts Skills: Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks Skilled in maintaining Microsoft directory services. Skilled in using virtualisation software. Knowledge of key security frameworks (eg ISO, NIST 800-53, 800-171, 800-172, C2M2) Excellent communication skills Experience of writing Defence/Government documentation Desirable Qualifications: Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent) SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent) Advanced Analyst Course (SANS SEC503 or equivalent) Main Tech Skills required are ELK (Elastic, Logstash, Kibana) and Tanium
20/05/2024
Project-based
Cyber Security Engineer - PLEASE NOTE YOU MUST HOLD DV CLEARANCE TO APPLY FOR THIS ROLE Day Rate is Negotiable Dependant Upon Experience - Inside IR35 Around 6 months Hybrid 2-3 days per week on-site in any of the following locations: Portsmouth, Wiltshire and North Yorkshire Responsibilities: Develop and integrate security event monitoring and incident management services. Respond to security incidents as they occur as part of an incident response team. Implement metrics and dashboards to give visibility of the Enterprise infrastructure. Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools. Produce documentation to ensure the repeatability and standardisation of security operating procedures. Develop additional investigative methods using the SOC's software toolsets to enhance recognition opportunities for specific analysis. Maintain a baseline of system security according to latest threat intelligence and evolving trends. Participate in root cause analysis of incidents in conjunction with engineers across the enterprise. Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices. Offer strategic and tactical security guidance including valuation requirement of technical controls. Be part of the CRM process Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident. Document, validate and create operational processes and procedures to help develop the SOC. Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources. Build, install, configure, and test dedicated cyber defence hardware. Support Junior Analysts to manage SOC systems. Previous experience of Enterprise ICS/network architectures and technologies Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning. Experience as a mentor/coach to Junior Analysts Skills: Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks Skilled in maintaining Microsoft directory services. Skilled in using virtualisation software. Knowledge of key security frameworks (eg ISO, NIST 800-53, 800-171, 800-172, C2M2) Excellent communication skills Experience of writing Defence/Government documentation Desirable Qualifications: Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent) SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent) Advanced Analyst Course (SANS SEC503 or equivalent) Main Tech Skills required are ELK (Elastic, Logstash, Kibana) and Tanium
Job Vacancy: Multi Skilled Maintenance Engineer Location: Loughborough Salary: Up to £48,000 Shift pattern: 12 hour shift, Alternating Days and Nights on a 3 week rolling pattern. We are seeking a highly skilled and adaptable Multi Skilled Maintenance Engineer for a prestigious FMCG company based in Loughborough. As a leading recruitment consultancy, we are collaborating with our client to fill this pivotal role within their organization. Key Responsibilities: Flexibility and Safety: The successful candidate will be expected to work flexibly to meet business demands while adhering to the highest standards of Good Manufacturing Practice (GMP) to ensure a safe working environment. Subject Matter Expertise: This role demands a commitment to continuously learn and adapt to evolving technologies, becoming the Subject Matter Expert (SME) in all facets of Manufacturing and Packaging equipment. Maintenance and Repair: Proficiency in fault finding, repair, and maintenance of process supply equipment and production-aligned ancillary equipment. This includes Planned, Preventative, Predictive, and Reactive maintenance on complex Mechanical, electro/Mechanical systems and process equipment, encompassing Programmable Logic Controllers (PLC), electrical, electronic, and pneumatic controls within a pharmaceutical environment. Drive for Improvement: Actively pursuing enhancements in safety, GMP, and performance within the module. Taking charge of Conditional Appraisals and Criticality Assessment activity to minimize costly breakdowns, enhance production and supporting equipment, and implement strategies to improve overall safety and reliability of plant and production processes. Requirements: A proven track record in a similar role within an FMCG or related industry. Technical proficiency in maintenance, repair, and fault finding in complex machinery and equipment. Experience working with PLCs, electrical, electronic, and pneumatic controls. Proactive approach to problem-solving and a drive for continuous improvement. Ability to work in a shift pattern including 12-hour shifts comprising a mix of days and nights. This is a fantastic opportunity for an individual looking to make a significant impact within a fast-paced and dynamic environment. The successful candidate will receive a competitive salary of up to £48,000 commensurate with their experience and skills. Benefits include: 6.5% bonus, occasional overtime paid at x1.5 or double time for nights and 17 days of Flexible holidays. If you believe you possess the skills and expertise required for this role and are enthusiastic about making a difference in the FMCG industry, please apply with your updated CV. We are looking forward to discussing this exciting opportunity further with you.
20/05/2024
Full time
Job Vacancy: Multi Skilled Maintenance Engineer Location: Loughborough Salary: Up to £48,000 Shift pattern: 12 hour shift, Alternating Days and Nights on a 3 week rolling pattern. We are seeking a highly skilled and adaptable Multi Skilled Maintenance Engineer for a prestigious FMCG company based in Loughborough. As a leading recruitment consultancy, we are collaborating with our client to fill this pivotal role within their organization. Key Responsibilities: Flexibility and Safety: The successful candidate will be expected to work flexibly to meet business demands while adhering to the highest standards of Good Manufacturing Practice (GMP) to ensure a safe working environment. Subject Matter Expertise: This role demands a commitment to continuously learn and adapt to evolving technologies, becoming the Subject Matter Expert (SME) in all facets of Manufacturing and Packaging equipment. Maintenance and Repair: Proficiency in fault finding, repair, and maintenance of process supply equipment and production-aligned ancillary equipment. This includes Planned, Preventative, Predictive, and Reactive maintenance on complex Mechanical, electro/Mechanical systems and process equipment, encompassing Programmable Logic Controllers (PLC), electrical, electronic, and pneumatic controls within a pharmaceutical environment. Drive for Improvement: Actively pursuing enhancements in safety, GMP, and performance within the module. Taking charge of Conditional Appraisals and Criticality Assessment activity to minimize costly breakdowns, enhance production and supporting equipment, and implement strategies to improve overall safety and reliability of plant and production processes. Requirements: A proven track record in a similar role within an FMCG or related industry. Technical proficiency in maintenance, repair, and fault finding in complex machinery and equipment. Experience working with PLCs, electrical, electronic, and pneumatic controls. Proactive approach to problem-solving and a drive for continuous improvement. Ability to work in a shift pattern including 12-hour shifts comprising a mix of days and nights. This is a fantastic opportunity for an individual looking to make a significant impact within a fast-paced and dynamic environment. The successful candidate will receive a competitive salary of up to £48,000 commensurate with their experience and skills. Benefits include: 6.5% bonus, occasional overtime paid at x1.5 or double time for nights and 17 days of Flexible holidays. If you believe you possess the skills and expertise required for this role and are enthusiastic about making a difference in the FMCG industry, please apply with your updated CV. We are looking forward to discussing this exciting opportunity further with you.
SIEM/Incident SME CONTRACTOR MUST HOLD DV CLEARANCE Role Title: SIEM/Incident SME Location: Hybrid onsite in one of the following locations 2/3 days per week - Corsham, Portsmouth or Northallerton Duration: 6 months Role Description: Main Tech Skills required are ELK (Elastic, Logstash, Kibana) and Tanium The Cyber role is to join a growing security team responsible for designing, delivering and maintaining operational cybersecurity capabilities. Conducting pro-active, risk-based, protective monitoring on priority C4IS/networks to identify internal and external cyber-threats/attacks. This position involves a broad range of skills, including the development and mentoring of Junior Analysts, monitoring networks to actively remediate unauthorised activities. Your role: . Develop and integrate security event monitoring and incident management services. . Respond to security incidents as they occur as part of an incident response team. . Implement metrics and dashboards to give visibility of the Enterprise infrastructure. . Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools. . Produce documentation to ensure the repeatability and standardisation of security operating procedures. . Develop additional investigative methods using the SOC's software toolsets to enhance recognition opportunities for specific analysis. . Maintain a baseline of system security according to latest threat intelligence and evolving trends. . Participate in root cause analysis of incidents in conjunction with engineers across the enterprise. . Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices. . Offer strategic and tactical security guidance including valuation requirement of technical controls. . Be part of the CRM process . Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident. . Document, validate and create operational processes and procedures to help develop the SOC. . Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources. . Build, install, configure, and test dedicated cyber defence hardware. . Support Junior Analysts to manage SOC systems. . Previous experience of Enterprise ICS/network architectures and technologies . Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning. . Experience as a mentor/coach to Junior Analysts Your profile: . Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks . Skilled in maintaining Microsoft directory services. . Skilled in using virtualisation software. . Knowledge of key security frameworks (eg ISO, NIST 800-53, 800-171, 800-172, C2M2) . Excellent communication skills . Experience of writing Defence/Government documentation Desirable Qualifications: . Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent) . SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent) . Advanced Analyst Course (SANS SEC503 or equivalent) If this role is of interest to you, and you hold an active DV clearance - please apply now! Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
20/05/2024
Project-based
SIEM/Incident SME CONTRACTOR MUST HOLD DV CLEARANCE Role Title: SIEM/Incident SME Location: Hybrid onsite in one of the following locations 2/3 days per week - Corsham, Portsmouth or Northallerton Duration: 6 months Role Description: Main Tech Skills required are ELK (Elastic, Logstash, Kibana) and Tanium The Cyber role is to join a growing security team responsible for designing, delivering and maintaining operational cybersecurity capabilities. Conducting pro-active, risk-based, protective monitoring on priority C4IS/networks to identify internal and external cyber-threats/attacks. This position involves a broad range of skills, including the development and mentoring of Junior Analysts, monitoring networks to actively remediate unauthorised activities. Your role: . Develop and integrate security event monitoring and incident management services. . Respond to security incidents as they occur as part of an incident response team. . Implement metrics and dashboards to give visibility of the Enterprise infrastructure. . Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools. . Produce documentation to ensure the repeatability and standardisation of security operating procedures. . Develop additional investigative methods using the SOC's software toolsets to enhance recognition opportunities for specific analysis. . Maintain a baseline of system security according to latest threat intelligence and evolving trends. . Participate in root cause analysis of incidents in conjunction with engineers across the enterprise. . Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices. . Offer strategic and tactical security guidance including valuation requirement of technical controls. . Be part of the CRM process . Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident. . Document, validate and create operational processes and procedures to help develop the SOC. . Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources. . Build, install, configure, and test dedicated cyber defence hardware. . Support Junior Analysts to manage SOC systems. . Previous experience of Enterprise ICS/network architectures and technologies . Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning. . Experience as a mentor/coach to Junior Analysts Your profile: . Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks . Skilled in maintaining Microsoft directory services. . Skilled in using virtualisation software. . Knowledge of key security frameworks (eg ISO, NIST 800-53, 800-171, 800-172, C2M2) . Excellent communication skills . Experience of writing Defence/Government documentation Desirable Qualifications: . Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent) . SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent) . Advanced Analyst Course (SANS SEC503 or equivalent) If this role is of interest to you, and you hold an active DV clearance - please apply now! Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
Wintel SME required for a 3-month initial contract, umbrella only. Please note to be considered for this role candidates must have active SC Clearance, used within the last 12-months. This role requires 4 - 5 days onsite in either Warwick, Farnborough and/or Corsham. We're looking for a skilled Wintel Subject Matter Expert (SME) to understand low level designs, create and implement build scripts, conduct testing and validation for a on-premises VMware infrastructure. The following technology will be used within the environment to deliver VMware ESXi and Windows virtual machines. VMware standalone ESXi Windows Operating system Skills Required: Expert in writing, deploying Windows Operating System Server 2019 and 2022, OS configurations, Experienced in Remote Desktop solution and Roles/Services. Proficient in managing local user account, permissions and access controls. Troubleshoot Windows related issues and proactively provide expert-level support. Expert in VMware ESXi deployment and configuration, including VMFS datastore and vSwitch. Harden Windows system using local group Policy Objects (GPOs) to align with CIS benchmark Proficient in document creation, testing and collating results It would a distinct advantage if you had: Knowledge and ability to implement third party software Strong ability to create, understand and utilise PowerShell scripts Operating System manual patching Installing of internal server certificates where required For immediate consideration please apply online today.
20/05/2024
Project-based
Wintel SME required for a 3-month initial contract, umbrella only. Please note to be considered for this role candidates must have active SC Clearance, used within the last 12-months. This role requires 4 - 5 days onsite in either Warwick, Farnborough and/or Corsham. We're looking for a skilled Wintel Subject Matter Expert (SME) to understand low level designs, create and implement build scripts, conduct testing and validation for a on-premises VMware infrastructure. The following technology will be used within the environment to deliver VMware ESXi and Windows virtual machines. VMware standalone ESXi Windows Operating system Skills Required: Expert in writing, deploying Windows Operating System Server 2019 and 2022, OS configurations, Experienced in Remote Desktop solution and Roles/Services. Proficient in managing local user account, permissions and access controls. Troubleshoot Windows related issues and proactively provide expert-level support. Expert in VMware ESXi deployment and configuration, including VMFS datastore and vSwitch. Harden Windows system using local group Policy Objects (GPOs) to align with CIS benchmark Proficient in document creation, testing and collating results It would a distinct advantage if you had: Knowledge and ability to implement third party software Strong ability to create, understand and utilise PowerShell scripts Operating System manual patching Installing of internal server certificates where required For immediate consideration please apply online today.
SIEM/Incident SME Location: Hybrid onsite in one of the following locations 2/3 days per week - Corsham, Portsmouth or Northallerton Duration: 6 months MUST BE PAYE THROUGH UMBRELLA We are heading up a recruitment drive for a global consultancy that require a DV Cleared SIEM/Incident SME to join them on a major project that's based onsite 4/5 days in either Warwick, Farnborough or Corsham. Role Description : Main Tech Skills required are ELK (Elastic, Logstash, Kibana) and Tanium The Cyber role is to join a growing security team responsible for designing, delivering and maintaining operational cybersecurity capabilities. Conducting pro-active, risk-based, protective monitoring on priority C4IS/networks to identify internal and external cyber-threats/attacks. This position involves a broad range of skills, including the development and mentoring of Junior Analysts, monitoring networks to actively remediate unauthorised activities. Your role Develop and integrate security event monitoring and incident management services. Respond to security incidents as they occur as part of an incident response team. Implement metrics and dashboards to give visibility of the Enterprise infrastructure. Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools. Produce documentation to ensure the repeatability and standardisation of security operating procedures. Develop additional investigative methods using the SOC's software toolsets to enhance recognition opportunities for specific analysis. Maintain a baseline of system security according to latest threat intelligence and evolving trends. Participate in root cause analysis of incidents in conjunction with engineers across the enterprise. Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices. Offer strategic and tactical security guidance including valuation requirement of technical controls. Be part of the CRM process Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident. Document, validate and create operational processes and procedures to help develop the SOC. Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources. Build, install, configure, and test dedicated cyber defence hardware. Support Junior Analysts to manage SOC systems. Previous experience of Enterprise ICS/network architectures and technologies Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning. Experience as a mentor/coach to Junior Analysts Your profile Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks Skilled in maintaining Microsoft directory services. Skilled in using virtualisation software. Knowledge of key security frameworks (eg ISO, NIST 800-53, 800-171, 800-172, C2M2) Excellent communication skills Experience of writing Defence/Government documentation Desirable Qualifications: Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent) SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent) Advanced Analyst Course (SANS SEC503 or equivalent)
20/05/2024
Project-based
SIEM/Incident SME Location: Hybrid onsite in one of the following locations 2/3 days per week - Corsham, Portsmouth or Northallerton Duration: 6 months MUST BE PAYE THROUGH UMBRELLA We are heading up a recruitment drive for a global consultancy that require a DV Cleared SIEM/Incident SME to join them on a major project that's based onsite 4/5 days in either Warwick, Farnborough or Corsham. Role Description : Main Tech Skills required are ELK (Elastic, Logstash, Kibana) and Tanium The Cyber role is to join a growing security team responsible for designing, delivering and maintaining operational cybersecurity capabilities. Conducting pro-active, risk-based, protective monitoring on priority C4IS/networks to identify internal and external cyber-threats/attacks. This position involves a broad range of skills, including the development and mentoring of Junior Analysts, monitoring networks to actively remediate unauthorised activities. Your role Develop and integrate security event monitoring and incident management services. Respond to security incidents as they occur as part of an incident response team. Implement metrics and dashboards to give visibility of the Enterprise infrastructure. Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools. Produce documentation to ensure the repeatability and standardisation of security operating procedures. Develop additional investigative methods using the SOC's software toolsets to enhance recognition opportunities for specific analysis. Maintain a baseline of system security according to latest threat intelligence and evolving trends. Participate in root cause analysis of incidents in conjunction with engineers across the enterprise. Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices. Offer strategic and tactical security guidance including valuation requirement of technical controls. Be part of the CRM process Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident. Document, validate and create operational processes and procedures to help develop the SOC. Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources. Build, install, configure, and test dedicated cyber defence hardware. Support Junior Analysts to manage SOC systems. Previous experience of Enterprise ICS/network architectures and technologies Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning. Experience as a mentor/coach to Junior Analysts Your profile Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks Skilled in maintaining Microsoft directory services. Skilled in using virtualisation software. Knowledge of key security frameworks (eg ISO, NIST 800-53, 800-171, 800-172, C2M2) Excellent communication skills Experience of writing Defence/Government documentation Desirable Qualifications: Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent) SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent) Advanced Analyst Course (SANS SEC503 or equivalent)
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
17/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
17/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Information Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. In addition, as a manager you will own the coaching of your direct reports, developing their skills and supporting their career development. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience. Qualifications: Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). [Preferred] Consulting and/or accounting firm experience. [Preferred] Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: [Required] Microsoft Office applications [Required] Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software [Required] Familiarity with security tools such as: CyberArk, Splunk, SailPoint [Required] Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub [Preferred] Familiarity with databases such as: Oracle, DB2, SQL [Preferred] Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Education and/or Experience: [Required] Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. [Required] 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certificates or Licenses: [One of these required] Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
Manager, Internal Audit - IT/Security Salary: open + bonus Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 5+ years of experience in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software. Security tools such as: CyberArk, Splunk, SailPoint Change management tools such as: ServiceNow, Jira, Confluence, GitHub Preferred Databases such as: Oracle, DB2, SQL Cloud-based solutions: AWS, Azure, Oracle Cloud, Workday Relevant Certifications Responsibilities Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience.
17/05/2024
Full time
Manager, Internal Audit - IT/Security Salary: open + bonus Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 5+ years of experience in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software. Security tools such as: CyberArk, Splunk, SailPoint Change management tools such as: ServiceNow, Jira, Confluence, GitHub Preferred Databases such as: Oracle, DB2, SQL Cloud-based solutions: AWS, Azure, Oracle Cloud, Workday Relevant Certifications Responsibilities Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience.
Manager, Internal Audit - IT/Security Salary: open + bonus Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 5+ years of experience in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software. Security tools such as: CyberArk, Splunk, SailPoint Change management tools such as: ServiceNow, Jira, Confluence, GitHub Preferred Databases such as: Oracle, DB2, SQL Cloud-based solutions: AWS, Azure, Oracle Cloud, Workday Relevant Certifications Responsibilities Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience.
17/05/2024
Full time
Manager, Internal Audit - IT/Security Salary: open + bonus Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 5+ years of experience in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software. Security tools such as: CyberArk, Splunk, SailPoint Change management tools such as: ServiceNow, Jira, Confluence, GitHub Preferred Databases such as: Oracle, DB2, SQL Cloud-based solutions: AWS, Azure, Oracle Cloud, Workday Relevant Certifications Responsibilities Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience.
Wintel SME - SC Cleared Whitehall Resources are looking for a Wintel SME - SC Cleared. This role is based onsite 4/5 days per week in either Warwick, Farnborough or Corsham, for an initial 2-3 month contract. *SC Cleared - Due to the nature of the work, the client requires you to hold Security Clearance* *Inside IR35 - You will be required to use an FCSA Accredited Umbrella Company* Job Description: Looking for a skilled Wintel Subject Matter Expert (SME) to understand low level designs, create and implement build scripts, conduct testing and validation for a on-premises VMware infrastructure. The following technology will be used within the environment - VMware standalone ESXi, Windows Operating system. Collaboration to deliver VMware ESXi and Windows virtual machines. Skills Required: - Expert in writing, deploying Windows Operating System Server 2019 and 2022, OS configurations, - Experienced in Remote Desktop solution and Roles/Services. - Proficient in managing local user account, permissions and access controls. - Troubleshoot Windows related issues and proactively provide expert-level support. - Expert in VMware ESXi deployment and configuration, including VMFS datastore and vSwitch. - Harden Windows system using local group Policy Objects (GPOs) to align with CIS benchmark - Proficient in document creation, testing and collating results Preferred: - Knowledge and ability to implement third party software. - Strong ability to create, understand and utilise PowerShell scripts. - Operating System manual patching - Installing of internal server certificates where required All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description. Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.
17/05/2024
Project-based
Wintel SME - SC Cleared Whitehall Resources are looking for a Wintel SME - SC Cleared. This role is based onsite 4/5 days per week in either Warwick, Farnborough or Corsham, for an initial 2-3 month contract. *SC Cleared - Due to the nature of the work, the client requires you to hold Security Clearance* *Inside IR35 - You will be required to use an FCSA Accredited Umbrella Company* Job Description: Looking for a skilled Wintel Subject Matter Expert (SME) to understand low level designs, create and implement build scripts, conduct testing and validation for a on-premises VMware infrastructure. The following technology will be used within the environment - VMware standalone ESXi, Windows Operating system. Collaboration to deliver VMware ESXi and Windows virtual machines. Skills Required: - Expert in writing, deploying Windows Operating System Server 2019 and 2022, OS configurations, - Experienced in Remote Desktop solution and Roles/Services. - Proficient in managing local user account, permissions and access controls. - Troubleshoot Windows related issues and proactively provide expert-level support. - Expert in VMware ESXi deployment and configuration, including VMFS datastore and vSwitch. - Harden Windows system using local group Policy Objects (GPOs) to align with CIS benchmark - Proficient in document creation, testing and collating results Preferred: - Knowledge and ability to implement third party software. - Strong ability to create, understand and utilise PowerShell scripts. - Operating System manual patching - Installing of internal server certificates where required All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description. Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.
We are Global IT Recruitment specialist that provides support to the clients across UK, Europe and Australia. We have an excellent job opportunity for you. Role Title: SIEM/Incident SME (Need Active DV Clearance) Location: Hybrid onsite in one of the following locations 2/3 days per week - Corsham, Portsmouth or Northallerton Duration: 6 months Role Description: Main Tech Skills required are ELK (Elastic, Logstash, Kibana) and Tanium The Cyber role is to join a growing security team responsible for designing, delivering and maintaining operational cybersecurity capabilities. Conducting pro-active, risk-based, protective monitoring on priority C4IS/networks to identify internal and external cyber-threats/attacks. This position involves a broad range of skills, including the development and mentoring of Junior Analysts, monitoring networks to actively remediate unauthorised activities. Your role Develop and integrate security event monitoring and incident management services. Respond to security incidents as they occur as part of an incident response team. Implement metrics and dashboards to give visibility of the Enterprise infrastructure. Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools. Produce documentation to ensure the repeatability and standardisation of security operating procedures. Develop additional investigative methods using the SOC's software toolsets to enhance recognition opportunities for specific analysis. Maintain a baseline of system security according to latest threat intelligence and evolving trends. Participate in root cause analysis of incidents in conjunction with engineers across the enterprise. Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices. Offer strategic and tactical security guidance including valuation requirement of technical controls. Be part of the CRM process Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident. Document, validate and create operational processes and procedures to help develop the SOC. Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources. Build, install, configure, and test dedicated cyber defence hardware. Support Junior Analysts to manage SOC systems. Previous experience of Enterprise ICS/network architectures and technologies Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning. Experience as a mentor/coach to Junior Analysts Your profile Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks Skilled in maintaining Microsoft directory services. Skilled in using virtualisation software. Knowledge of key security frameworks (eg ISO, NIST 800-53, 800-171, 800-172, C2M2) Excellent communication skills Experience of writing Defence/Government documentation Desirable Qualifications: Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent) SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent) Advanced Analyst Course (SANS SEC503 or equivalent)
17/05/2024
Project-based
We are Global IT Recruitment specialist that provides support to the clients across UK, Europe and Australia. We have an excellent job opportunity for you. Role Title: SIEM/Incident SME (Need Active DV Clearance) Location: Hybrid onsite in one of the following locations 2/3 days per week - Corsham, Portsmouth or Northallerton Duration: 6 months Role Description: Main Tech Skills required are ELK (Elastic, Logstash, Kibana) and Tanium The Cyber role is to join a growing security team responsible for designing, delivering and maintaining operational cybersecurity capabilities. Conducting pro-active, risk-based, protective monitoring on priority C4IS/networks to identify internal and external cyber-threats/attacks. This position involves a broad range of skills, including the development and mentoring of Junior Analysts, monitoring networks to actively remediate unauthorised activities. Your role Develop and integrate security event monitoring and incident management services. Respond to security incidents as they occur as part of an incident response team. Implement metrics and dashboards to give visibility of the Enterprise infrastructure. Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools. Produce documentation to ensure the repeatability and standardisation of security operating procedures. Develop additional investigative methods using the SOC's software toolsets to enhance recognition opportunities for specific analysis. Maintain a baseline of system security according to latest threat intelligence and evolving trends. Participate in root cause analysis of incidents in conjunction with engineers across the enterprise. Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices. Offer strategic and tactical security guidance including valuation requirement of technical controls. Be part of the CRM process Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident. Document, validate and create operational processes and procedures to help develop the SOC. Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources. Build, install, configure, and test dedicated cyber defence hardware. Support Junior Analysts to manage SOC systems. Previous experience of Enterprise ICS/network architectures and technologies Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning. Experience as a mentor/coach to Junior Analysts Your profile Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks Skilled in maintaining Microsoft directory services. Skilled in using virtualisation software. Knowledge of key security frameworks (eg ISO, NIST 800-53, 800-171, 800-172, C2M2) Excellent communication skills Experience of writing Defence/Government documentation Desirable Qualifications: Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent) SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent) Advanced Analyst Course (SANS SEC503 or equivalent)
CONTRACTOR MUST HOLD SC CLEARANCE Role Title: Wintel SME Location: Onsite 4/5 days per week in Warwick, Farnborough & Corsham Duration: Until 16/08/24 Inside IR35 MUST BE PAYE THROUGH UMBRELLA Role Description: Skilled Wintel Subject Matter Expert (SME) to understand low level designs, create and implement build scripts, conduct testing and validation for a on-premises VMware infrastructure. The following technology will be used within the environment - VMware standalone ESXi, Windows Operating system. Collaboration to deliver VMware ESXi and Windows virtual machines. Skills Required: - Expert in writing, deploying Windows Operating System Server 2019 and 2022, OS configurations, - Experienced in Remote Desktop solution and Roles/Services. - Proficient in managing local user account, permissions and access controls. - Troubleshoot Windows related issues and proactively provide expert-level support. - Expert in VMware ESXi deployment and configuration, including VMFS datastore and vSwitch. - Harden Windows system using local group Policy Objects (GPOs) to align with CIS benchmark - Proficient in document creation, testing and collating results Preferred: - Knowledge and ability to implement third party software. - Strong ability to create, understand and utilise PowerShell scripts. - Operating System manual patching - Installing of internal server certificates where required
17/05/2024
Project-based
CONTRACTOR MUST HOLD SC CLEARANCE Role Title: Wintel SME Location: Onsite 4/5 days per week in Warwick, Farnborough & Corsham Duration: Until 16/08/24 Inside IR35 MUST BE PAYE THROUGH UMBRELLA Role Description: Skilled Wintel Subject Matter Expert (SME) to understand low level designs, create and implement build scripts, conduct testing and validation for a on-premises VMware infrastructure. The following technology will be used within the environment - VMware standalone ESXi, Windows Operating system. Collaboration to deliver VMware ESXi and Windows virtual machines. Skills Required: - Expert in writing, deploying Windows Operating System Server 2019 and 2022, OS configurations, - Experienced in Remote Desktop solution and Roles/Services. - Proficient in managing local user account, permissions and access controls. - Troubleshoot Windows related issues and proactively provide expert-level support. - Expert in VMware ESXi deployment and configuration, including VMFS datastore and vSwitch. - Harden Windows system using local group Policy Objects (GPOs) to align with CIS benchmark - Proficient in document creation, testing and collating results Preferred: - Knowledge and ability to implement third party software. - Strong ability to create, understand and utilise PowerShell scripts. - Operating System manual patching - Installing of internal server certificates where required
We are Global IT Recruitment specialist that provides support to the clients across UK, Europe and Australia. We have an excellent job opportunity for you. Role Title: Wintel SME(Need Active SC Clearance) Location: Onsite 4/5 days per week in Warwick, Farnborough & Corsham Duration: Until 16/08/24 Role Description: Skilled Wintel Subject Matter Expert (SME) to understand low level designs, create and implement build scripts, conduct testing and validation for a on-premises VMware infrastructure. The following technology will be used within the environment - VMware standalone ESXi, Windows Operating system. Collaboration to deliver VMware ESXi and Windows virtual machines. Skills Required: - Expert in writing, deploying Windows Operating System Server 2019 and 2022, OS configurations, - Experienced in Remote Desktop solution and Roles/Services. - Proficient in managing local user account, permissions and access controls. - Troubleshoot Windows related issues and proactively provide expert-level support. - Expert in VMware ESXi deployment and configuration, including VMFS datastore and vSwitch. - Harden Windows system using local group Policy Objects (GPOs) to align with CIS benchmark - Proficient in document creation, testing and collating results Preferred: - Knowledge and ability to implement third party software. - Strong ability to create, understand and utilise PowerShell scripts. - Operating System manual patching - Installing of internal server certificates where required
17/05/2024
Project-based
We are Global IT Recruitment specialist that provides support to the clients across UK, Europe and Australia. We have an excellent job opportunity for you. Role Title: Wintel SME(Need Active SC Clearance) Location: Onsite 4/5 days per week in Warwick, Farnborough & Corsham Duration: Until 16/08/24 Role Description: Skilled Wintel Subject Matter Expert (SME) to understand low level designs, create and implement build scripts, conduct testing and validation for a on-premises VMware infrastructure. The following technology will be used within the environment - VMware standalone ESXi, Windows Operating system. Collaboration to deliver VMware ESXi and Windows virtual machines. Skills Required: - Expert in writing, deploying Windows Operating System Server 2019 and 2022, OS configurations, - Experienced in Remote Desktop solution and Roles/Services. - Proficient in managing local user account, permissions and access controls. - Troubleshoot Windows related issues and proactively provide expert-level support. - Expert in VMware ESXi deployment and configuration, including VMFS datastore and vSwitch. - Harden Windows system using local group Policy Objects (GPOs) to align with CIS benchmark - Proficient in document creation, testing and collating results Preferred: - Knowledge and ability to implement third party software. - Strong ability to create, understand and utilise PowerShell scripts. - Operating System manual patching - Installing of internal server certificates where required
Cyber Security Engineer Manchester City Centre Hybrid Cybersecurity Engineer Are you a skilled cybersecurity professional looking to take your career to the next level? We're seeking a Mid-Level Cybersecurity Engineer to join our team and contribute to our organisation's security posture. If you're passionate about protecting systems, networks, and data, this role is for you! Responsibilities: Evaluate ongoing security needs: Continuously assess the organization's security requirements and establish standard operating procedures to respond to inbound security issues. Develop and implement threat models: Stay informed about new threats and attack vectors, and proactively address them. Perform routine security assessments/audits: Evaluate networks, systems, code, controls, and applications to identify vulnerabilities. Investigate intrusion attempts: Conduct in-depth analysis of exploits and security incidents. Stay educated: Keep up-to-date with the latest cybersecurity trends and best practices. Qualifications: Education: Relevant degree (eg, Bachelor's in Engineering, Information Security, Information Assurance, Computer Science). Certifications (preferred): CISSP (Certified Information Systems Security Professional) CEH (Certified Ethical Hacker) CompTIA Security+ Other relevant certifications (eg, GIAC, TIA, IAM) Experience: At least 3 years of experience in incident detection, response, and forensics. Technical Skills: Familiarity with NIST SP 800-53 and RMF implementation. Knowledge of PKI infrastructure tools. Understanding of Firewalls, proxies, and encryption. Proficiency in programming languages (Python, C++, Java, etc.). If you're interested, please apply below to have your application processed TODAY!
17/05/2024
Full time
Cyber Security Engineer Manchester City Centre Hybrid Cybersecurity Engineer Are you a skilled cybersecurity professional looking to take your career to the next level? We're seeking a Mid-Level Cybersecurity Engineer to join our team and contribute to our organisation's security posture. If you're passionate about protecting systems, networks, and data, this role is for you! Responsibilities: Evaluate ongoing security needs: Continuously assess the organization's security requirements and establish standard operating procedures to respond to inbound security issues. Develop and implement threat models: Stay informed about new threats and attack vectors, and proactively address them. Perform routine security assessments/audits: Evaluate networks, systems, code, controls, and applications to identify vulnerabilities. Investigate intrusion attempts: Conduct in-depth analysis of exploits and security incidents. Stay educated: Keep up-to-date with the latest cybersecurity trends and best practices. Qualifications: Education: Relevant degree (eg, Bachelor's in Engineering, Information Security, Information Assurance, Computer Science). Certifications (preferred): CISSP (Certified Information Systems Security Professional) CEH (Certified Ethical Hacker) CompTIA Security+ Other relevant certifications (eg, GIAC, TIA, IAM) Experience: At least 3 years of experience in incident detection, response, and forensics. Technical Skills: Familiarity with NIST SP 800-53 and RMF implementation. Knowledge of PKI infrastructure tools. Understanding of Firewalls, proxies, and encryption. Proficiency in programming languages (Python, C++, Java, etc.). If you're interested, please apply below to have your application processed TODAY!
Security Architect (Cloud & Network) Permanent - £58k-£65k - 2 days per week from West London office, the rest working from home Our London based Public Sector client have an upcoming requirement for a Security Architect to join on a permanent basis. The purpose of the Security Architect is to be responsible for the architecture design, implementation of cloud, O365 and network security solutions across the organisation, while acting as the subject matter expert on Microsoft Azure Cloud (IaaS, PaaS) and Office365 Key duties for the Security Architect (Cloud & Network) Complete thorough risk assessments, identifying vulnerabilities within cloud and Office 365 environments, networks and creating security controls or configuring systems to enhance existing security features Architecture design and implementation of Azure cloud, Office 365 and network security solutions across the Council, including cloud native and third-party solutions, to secure network and cloud environments in accordance to best practice; Engage third-party vendors and tooling to complete Azure cloud, Office 365 and network security testing and assurance - implementing new products, configuration or improvements as required Design and build a secure 3rd party access environment to enable 3rd parties including Contractors, outsourced providers secure access to Cloud, Office 365 and network environment. Solution must include defined policies, process and deployment of technology including operational support - based on the principle of least-privilege access and designed to prevent lateral-movement of threat Recommend, configure, implement, and maintain all security platforms and any other related software. Plan and appraise ongoing assessment of antivirus, application control, Firewall, SIEM, VPN, SSL, intrusion detection or intrusion prevention and other cloud and network component policies Ensure cloud and network security best practices are executed through assurance of network configuration(s) including ingress/egress Routers, Switches, Firewall configurations, access controls (RBAC), least privilege and monitoring Responsible for periodic cloud and network vulnerability testing, and lead remediation projects Respond to security-related events and support in remediation efforts Key experience required for the Security Architect (Cloud & Network) Proven track record of successfully defining and architecting solutions based on Microsoft 365 and Microsoft Azure Knowledge of core Microsoft technologies such as SharePoint, MS Teams & Azure with the capability of designing and implementing solutions that integrate these. Technical know-how of security network devices (Switches, antivirus, Firewalls, cryptography, SIEM) and any other security networking hardware or software tools Minimum, two years' experience identifying threats and developing appropriate protection measures Demonstrable experience reviewing system changes for security implications and recommending improvements Knowledge of cross-government procurement frameworks and processes
17/05/2024
Full time
Security Architect (Cloud & Network) Permanent - £58k-£65k - 2 days per week from West London office, the rest working from home Our London based Public Sector client have an upcoming requirement for a Security Architect to join on a permanent basis. The purpose of the Security Architect is to be responsible for the architecture design, implementation of cloud, O365 and network security solutions across the organisation, while acting as the subject matter expert on Microsoft Azure Cloud (IaaS, PaaS) and Office365 Key duties for the Security Architect (Cloud & Network) Complete thorough risk assessments, identifying vulnerabilities within cloud and Office 365 environments, networks and creating security controls or configuring systems to enhance existing security features Architecture design and implementation of Azure cloud, Office 365 and network security solutions across the Council, including cloud native and third-party solutions, to secure network and cloud environments in accordance to best practice; Engage third-party vendors and tooling to complete Azure cloud, Office 365 and network security testing and assurance - implementing new products, configuration or improvements as required Design and build a secure 3rd party access environment to enable 3rd parties including Contractors, outsourced providers secure access to Cloud, Office 365 and network environment. Solution must include defined policies, process and deployment of technology including operational support - based on the principle of least-privilege access and designed to prevent lateral-movement of threat Recommend, configure, implement, and maintain all security platforms and any other related software. Plan and appraise ongoing assessment of antivirus, application control, Firewall, SIEM, VPN, SSL, intrusion detection or intrusion prevention and other cloud and network component policies Ensure cloud and network security best practices are executed through assurance of network configuration(s) including ingress/egress Routers, Switches, Firewall configurations, access controls (RBAC), least privilege and monitoring Responsible for periodic cloud and network vulnerability testing, and lead remediation projects Respond to security-related events and support in remediation efforts Key experience required for the Security Architect (Cloud & Network) Proven track record of successfully defining and architecting solutions based on Microsoft 365 and Microsoft Azure Knowledge of core Microsoft technologies such as SharePoint, MS Teams & Azure with the capability of designing and implementing solutions that integrate these. Technical know-how of security network devices (Switches, antivirus, Firewalls, cryptography, SIEM) and any other security networking hardware or software tools Minimum, two years' experience identifying threats and developing appropriate protection measures Demonstrable experience reviewing system changes for security implications and recommending improvements Knowledge of cross-government procurement frameworks and processes
Cyber Security Management - Incident Response, Security Monitoring, Threat Modelling Frameworks, NIST, Kill Chain, Attack Lifecycle, MITRE, Windows, UNIX, Stratus, Networks, SIEM, IAM, DLP I am looking for a Cyber Security professional for my client who is a leading investment bank based in London. You will join the Information Risk Management Department which is responsible for security admin, information security practices, third-party risk management, and cyber security services within the bank. Key responsibilities: Monitoring & Compliance Develop and refine security monitoring controls to detect anomalies and incidents. Monitor and report suspicious activity, conduct IR investigations, and escalate security incidents. Utilize IR and Forensics tools for incident analysis. Security Engagement & Best Practice Collaborate with penetration testing programs and other departments to mitigate security risks. Develop Incident Response and Threat-hunting capabilities, including frameworks like Kill Chain and MITRE. Enhance Threat Intelligence integration and implement custom IOCs for monitoring. Other Provide cybersecurity expertise as needed. Contribute to security monitoring effectiveness reporting. Be available for coverage from 7 am to 7 pm on business days, with potential for ad-hoc coverage outside regular hours. Key Skills: Incident Response & Security Monitoring Threat modelling frameworks Experience in banking/Investment Banking Managing cyber security incidents NIST, Kill Chain, Attack life cycle, MITRE Cloud Security Assessments Windows Server, Windows XP, UNIX, Stratus Networks - LAN, WAN, Routers, Switches, Firewalls, remote access SIEM Tools IAM Solutions - DLP This is a Full time role at AVP level within the bank offering a salary of £65k plus a bonus. You will be required to be in the office 3 days per week which is in central London. If you're interested please get in contact. Cyber Security Management - Incident Response, Security Monitoring, Threat Modelling Frameworks, NIST, Kill Chain, Attack Lifecycle, MITRE, Windows, UNIX, Stratus, Networks, SIEM, IAM, DLP
17/05/2024
Full time
Cyber Security Management - Incident Response, Security Monitoring, Threat Modelling Frameworks, NIST, Kill Chain, Attack Lifecycle, MITRE, Windows, UNIX, Stratus, Networks, SIEM, IAM, DLP I am looking for a Cyber Security professional for my client who is a leading investment bank based in London. You will join the Information Risk Management Department which is responsible for security admin, information security practices, third-party risk management, and cyber security services within the bank. Key responsibilities: Monitoring & Compliance Develop and refine security monitoring controls to detect anomalies and incidents. Monitor and report suspicious activity, conduct IR investigations, and escalate security incidents. Utilize IR and Forensics tools for incident analysis. Security Engagement & Best Practice Collaborate with penetration testing programs and other departments to mitigate security risks. Develop Incident Response and Threat-hunting capabilities, including frameworks like Kill Chain and MITRE. Enhance Threat Intelligence integration and implement custom IOCs for monitoring. Other Provide cybersecurity expertise as needed. Contribute to security monitoring effectiveness reporting. Be available for coverage from 7 am to 7 pm on business days, with potential for ad-hoc coverage outside regular hours. Key Skills: Incident Response & Security Monitoring Threat modelling frameworks Experience in banking/Investment Banking Managing cyber security incidents NIST, Kill Chain, Attack life cycle, MITRE Cloud Security Assessments Windows Server, Windows XP, UNIX, Stratus Networks - LAN, WAN, Routers, Switches, Firewalls, remote access SIEM Tools IAM Solutions - DLP This is a Full time role at AVP level within the bank offering a salary of £65k plus a bonus. You will be required to be in the office 3 days per week which is in central London. If you're interested please get in contact. Cyber Security Management - Incident Response, Security Monitoring, Threat Modelling Frameworks, NIST, Kill Chain, Attack Lifecycle, MITRE, Windows, UNIX, Stratus, Networks, SIEM, IAM, DLP
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
16/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
16/05/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Senior GRC Specialist Salary: $120k-$135k + 10% bonus Location: Chicago, IL or Austin, TX Hybrid: 3 days in-office, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC Technical writing experience 4+ years of Information Security experience Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of Privileged Access Management technologies Responsibilities Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards, and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and life cycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes roadmap development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards.
15/05/2024
Full time
Senior GRC Specialist Salary: $120k-$135k + 10% bonus Location: Chicago, IL or Austin, TX Hybrid: 3 days in-office, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC Technical writing experience 4+ years of Information Security experience Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of Privileged Access Management technologies Responsibilities Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards, and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and life cycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes roadmap development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards.
Senior GRC Specialist Salary: $120k-$135k + 10% bonus Location: Chicago, IL or Austin, TX Hybrid: 3 days in-office, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC Technical writing experience 4+ years of Information Security experience Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of Privileged Access Management technologies Responsibilities Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards, and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and life cycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes roadmap development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards.
15/05/2024
Full time
Senior GRC Specialist Salary: $120k-$135k + 10% bonus Location: Chicago, IL or Austin, TX Hybrid: 3 days in-office, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC Technical writing experience 4+ years of Information Security experience Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of Privileged Access Management technologies Responsibilities Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards, and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and life cycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes roadmap development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards.