Compliance Manager - EdTech Schools shape young minds and build foundations for the future. Yet the education sector faces immense pressures. Overworked teachers, endless administrative tasks, and the constant need to do more with less. As Compliance Manager for this EdTech company, you'll play a crucial part in alleviating these pressures for schools. You'll help develop tools that free teachers and school staff to focus on what truly matters - fostering a learning environment that achieves great outcomes for all students. About the Job: Working alongside ex-teachers and EdTech engineers, you'll be part of a team that truly cares about improving education standards for everyone. As the first person to step into this role, you'll have total ownership and the full backing of senior leadership. You'll be given full autonomy to build the compliance framework from scratch. This includes creating and implementing policies/procedures, leading audits (ISO27001, ISO9001, PCI-DSS, Cyber Essentials Plus), and developing company-wide standards. Collaborating across product and engineering teams - you'll ensure the platform and product security is robust, and staff are suitably trained. You'll also handle due diligence for seamless integration as the company moves into an exciting new phase. About You: You're an experienced compliance professional with deep expertise in relevant frameworks. With excellent leadership, analytical, decision-making, and communication abilities, you thrive in fast-paced environments and can prioritise effectively. In particular, you'll need: Proven track record in compliance or infosec management roles In-depth mastery of ISO27001, ISO9001, PCI-DSS, Cyber Essentials Plus Prior experience with compliance tooling like SecureFrame is a plus In return, you'll get: 32 days of annual holiday (25 days leave + 7 company-wide days off) Enhanced parental leave - 20 weeks full pay for maternity/adoption, 6 weeks paternity A dedicated wellbeing team championing mindfulness, training, mental health, and more Flexible working arrangements tailored to you Social events, celebrations, community-building, and dog-friendly offices Professional development budget for training courses, memberships, financial coaching, and more Paid time to volunteer with charities of your choice Above all, your work will positively impact students and educators across the nation - paving the way to a better future for all. If you're ready to transform education for good, apply now. Everyone will get a response.
26/06/2024
Full time
Compliance Manager - EdTech Schools shape young minds and build foundations for the future. Yet the education sector faces immense pressures. Overworked teachers, endless administrative tasks, and the constant need to do more with less. As Compliance Manager for this EdTech company, you'll play a crucial part in alleviating these pressures for schools. You'll help develop tools that free teachers and school staff to focus on what truly matters - fostering a learning environment that achieves great outcomes for all students. About the Job: Working alongside ex-teachers and EdTech engineers, you'll be part of a team that truly cares about improving education standards for everyone. As the first person to step into this role, you'll have total ownership and the full backing of senior leadership. You'll be given full autonomy to build the compliance framework from scratch. This includes creating and implementing policies/procedures, leading audits (ISO27001, ISO9001, PCI-DSS, Cyber Essentials Plus), and developing company-wide standards. Collaborating across product and engineering teams - you'll ensure the platform and product security is robust, and staff are suitably trained. You'll also handle due diligence for seamless integration as the company moves into an exciting new phase. About You: You're an experienced compliance professional with deep expertise in relevant frameworks. With excellent leadership, analytical, decision-making, and communication abilities, you thrive in fast-paced environments and can prioritise effectively. In particular, you'll need: Proven track record in compliance or infosec management roles In-depth mastery of ISO27001, ISO9001, PCI-DSS, Cyber Essentials Plus Prior experience with compliance tooling like SecureFrame is a plus In return, you'll get: 32 days of annual holiday (25 days leave + 7 company-wide days off) Enhanced parental leave - 20 weeks full pay for maternity/adoption, 6 weeks paternity A dedicated wellbeing team championing mindfulness, training, mental health, and more Flexible working arrangements tailored to you Social events, celebrations, community-building, and dog-friendly offices Professional development budget for training courses, memberships, financial coaching, and more Paid time to volunteer with charities of your choice Above all, your work will positively impact students and educators across the nation - paving the way to a better future for all. If you're ready to transform education for good, apply now. Everyone will get a response.
Infrastructure Manager - Onsite We are delighted to partner with a global organisation based in the Ellesmere Port area to join their team on a permanent basis with an initial requirement to help guide their Infrastructure team throughout a period of change. You will be managing the day to day onsite operational support engineering team which has around 10 team members, spread across 3 sites in the UK. Travel to all 3 sites will be required. Role responsibilities: Manage and maintain IT security policies and procedures. Review weekly performance, analyse and identify trends and record/monitor improvements and risks. Assist in the supervision of the correct use of the IT systems in the sites and cooperate in the creation of user and best practice guides. Supervise the maintenance and upgrading of operating systems, commercial and proprietary software. Together with the Group Head of IT Infrastructure maintain hardware, software, networks, IT communication and cybersecurity policies. Resolve and coordinate incidents affecting the systems. Assist the Group's Head of IT infrastructures in planning and coordinating the activities, technical and material resources and supporting staff regarding operating systems, database management systems, ERP, standard office and mail software and communications. Manage supplier relations and support contracts. Design training and development plans for the infrastructure team and perform personnel appraisals. Manage Infrastructure IT Projects Proactively deal with internal customer queries. Skills required: Experience in people management Experience in managing IT Projects Experience in IT infrastructure support and end user's support IT Security Communications and networks experience Excellent communication skills Infrastructure Manager - Onsite Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
26/06/2024
Full time
Infrastructure Manager - Onsite We are delighted to partner with a global organisation based in the Ellesmere Port area to join their team on a permanent basis with an initial requirement to help guide their Infrastructure team throughout a period of change. You will be managing the day to day onsite operational support engineering team which has around 10 team members, spread across 3 sites in the UK. Travel to all 3 sites will be required. Role responsibilities: Manage and maintain IT security policies and procedures. Review weekly performance, analyse and identify trends and record/monitor improvements and risks. Assist in the supervision of the correct use of the IT systems in the sites and cooperate in the creation of user and best practice guides. Supervise the maintenance and upgrading of operating systems, commercial and proprietary software. Together with the Group Head of IT Infrastructure maintain hardware, software, networks, IT communication and cybersecurity policies. Resolve and coordinate incidents affecting the systems. Assist the Group's Head of IT infrastructures in planning and coordinating the activities, technical and material resources and supporting staff regarding operating systems, database management systems, ERP, standard office and mail software and communications. Manage supplier relations and support contracts. Design training and development plans for the infrastructure team and perform personnel appraisals. Manage Infrastructure IT Projects Proactively deal with internal customer queries. Skills required: Experience in people management Experience in managing IT Projects Experience in IT infrastructure support and end user's support IT Security Communications and networks experience Excellent communication skills Infrastructure Manager - Onsite Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate will be responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is highly preferred Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
25/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate will be responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is highly preferred Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
25/06/2024
Full time
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
Vulnerability Assessment Manager VA Manager/Attack Surface Reduction Manager is required for this financial based in Buckinghamshire x2 days a week in office, x3 remote. You will be experienced in vulnerability management tools and their implementation, vulnerability risk management as well as an eye for detail and structure. You will play a critical role in proactively identifying and mitigating potential unauthorized access, data breaches, and other security incidents. £80 - 95,000 Hybrid working. Buckinghamshire based x2 days a week, x3 remote working available. You will have an Infrastructure background, which might include Sys Admin, Service Desk, Infra Engineering then moved in to the Vulnerability Management arena. This role requires solid communication skills, where you could be liaising at all levels, including the CISO. You will: Manage Deliverables which are closely coordinated with and integrated across all UK CISO functions for strategy development, continuous learning and awareness, reporting, innovation, service development and business/3rd party engagement. Delivering solutions to reduce the attach surface of UK assets from analysis of cyber metrics. Reporting of detailed findings, exploitation procedures and mitigation techniques and to effectively communicate with stakeholders. Ensuring continuous operations for core capabilities: threat identification and monitoring, vulnerability life cycle, critical vulnerability triage, risk reporting, and consultation on mitigation. Analysing cyber metrics to identify, prioritise and remediate root cause to reduce attach surface. You will bring: Experience in application vulnerability assessment and management, able to accurately assess the potential impacts of security flaws and involve technical teams accordingly. Understanding vulnerability analysis in the context of the most common infrastructure models (on-prem DC infrastructure & DMZ, cloud IaaS/PaaS, Enterprise SaaS.) Knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices. Ability to design and execute scenario-based tests tailored to the firm's infrastructure and practices. Project management (technical) experience preferably within cyber security.
25/06/2024
Full time
Vulnerability Assessment Manager VA Manager/Attack Surface Reduction Manager is required for this financial based in Buckinghamshire x2 days a week in office, x3 remote. You will be experienced in vulnerability management tools and their implementation, vulnerability risk management as well as an eye for detail and structure. You will play a critical role in proactively identifying and mitigating potential unauthorized access, data breaches, and other security incidents. £80 - 95,000 Hybrid working. Buckinghamshire based x2 days a week, x3 remote working available. You will have an Infrastructure background, which might include Sys Admin, Service Desk, Infra Engineering then moved in to the Vulnerability Management arena. This role requires solid communication skills, where you could be liaising at all levels, including the CISO. You will: Manage Deliverables which are closely coordinated with and integrated across all UK CISO functions for strategy development, continuous learning and awareness, reporting, innovation, service development and business/3rd party engagement. Delivering solutions to reduce the attach surface of UK assets from analysis of cyber metrics. Reporting of detailed findings, exploitation procedures and mitigation techniques and to effectively communicate with stakeholders. Ensuring continuous operations for core capabilities: threat identification and monitoring, vulnerability life cycle, critical vulnerability triage, risk reporting, and consultation on mitigation. Analysing cyber metrics to identify, prioritise and remediate root cause to reduce attach surface. You will bring: Experience in application vulnerability assessment and management, able to accurately assess the potential impacts of security flaws and involve technical teams accordingly. Understanding vulnerability analysis in the context of the most common infrastructure models (on-prem DC infrastructure & DMZ, cloud IaaS/PaaS, Enterprise SaaS.) Knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices. Ability to design and execute scenario-based tests tailored to the firm's infrastructure and practices. Project management (technical) experience preferably within cyber security.
Key Responsibilities: Define Penetration Test Strategy Support the development of security testing within the Hardware in The Loop, (HiLs), test rigs supporting Product Engineering to develop further capability in this area Governance and Assurance of the 1LoD Pen Testing Squad within DPP in line with Regulations and Vehicle Type Approval Build and Run a Certified Forensic Pen Test Lab Develop cutting edge Vulnerability and Pen Test Techniques which can be flowed into the 1LoD Pen Test Service and HiLS and ViLS functional testing Work with Management to ensure information security risk findings are reviewed and solutions are implemented, and risks are properly managed Monitor and measure company compliance with its Security Penetration Policies and Procedures as well as worldwide standards and laws to ensure organizational compliance Lead and build an Automotive Certified Forensic Pen Test Lab Development of common attacks and vulnerabilities to develop Penetration Testing scopes for ECUs, Vehicle and Connected Offboard Systems Uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and revision of Penetration Testing scope Your Profile Key skills/knowledge/experience: Proven Penetration Testing experience and track record of delivery in a field relevant to the role, eg In-Vehicle Network, (CAN, FLexray etc.), Embedded systems security, threats and attacks within Infotainment, Telematics, Power Train etc. Good experience in EMBEDDED AUTOMOTIVE SECURITY PEN TESTING Experience of security assessment and Penetration Testing Tools within Vehicle Electrical Architecture and external interfaces such as Bluetooth, WiFi, Mobile Communications, etc. Technical understanding of Automotive cyber security controls at both ECU and Vehicle level Previous experience of Autosar Architecture, RTE integration and SecOC Knowledge of ASpice, ISO21434, R155, R156, R157 Good understanding of automotive communication busses (CAN and Ethernet mandatory, Flexray and LIN desirable) Git experience required
25/06/2024
Full time
Key Responsibilities: Define Penetration Test Strategy Support the development of security testing within the Hardware in The Loop, (HiLs), test rigs supporting Product Engineering to develop further capability in this area Governance and Assurance of the 1LoD Pen Testing Squad within DPP in line with Regulations and Vehicle Type Approval Build and Run a Certified Forensic Pen Test Lab Develop cutting edge Vulnerability and Pen Test Techniques which can be flowed into the 1LoD Pen Test Service and HiLS and ViLS functional testing Work with Management to ensure information security risk findings are reviewed and solutions are implemented, and risks are properly managed Monitor and measure company compliance with its Security Penetration Policies and Procedures as well as worldwide standards and laws to ensure organizational compliance Lead and build an Automotive Certified Forensic Pen Test Lab Development of common attacks and vulnerabilities to develop Penetration Testing scopes for ECUs, Vehicle and Connected Offboard Systems Uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and revision of Penetration Testing scope Your Profile Key skills/knowledge/experience: Proven Penetration Testing experience and track record of delivery in a field relevant to the role, eg In-Vehicle Network, (CAN, FLexray etc.), Embedded systems security, threats and attacks within Infotainment, Telematics, Power Train etc. Good experience in EMBEDDED AUTOMOTIVE SECURITY PEN TESTING Experience of security assessment and Penetration Testing Tools within Vehicle Electrical Architecture and external interfaces such as Bluetooth, WiFi, Mobile Communications, etc. Technical understanding of Automotive cyber security controls at both ECU and Vehicle level Previous experience of Autosar Architecture, RTE integration and SecOC Knowledge of ASpice, ISO21434, R155, R156, R157 Good understanding of automotive communication busses (CAN and Ethernet mandatory, Flexray and LIN desirable) Git experience required
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
24/06/2024
Full time
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
Engineering Manager - Europe About my client: They are a leading security firm dedicated to safeguarding our clients' digital assets. They are looking for an exceptional Engineering Manager to join our Spain, Italy or Portugal based team. If you are passionate about cybersecurity and have a proven record of leading successful engineering teams, we would love to connect with you! Key Responsibilities: Talent Acquisition and Development: Recruit, nurture, and advance top technical talent to sustain and strengthen our industry leadership. Product Roadmap Development: Partner with product managers to develop a practical roadmap for our products. Technical Guidance: Support development teams in the design and construction of resilient software solutions. Feature Management: Manage features from initial design through to deployment and ongoing maintenance. Interdepartmental Collaboration: Coordinate with cross-functional teams across various locations to ensure seamless and effective operations. Ideal Candidate Profile: OS Internals Expertise: Deep knowledge of low-level OS internals on either macOS or Linux. Security Product Development: Proven experience in creating endpoint security solutions like Data Loss Prevention (DLP) or Endpoint Detection and Response (EDR) applications. Programming Proficiency: Advanced skills in C++ or Swift are highly beneficial. Engineering Leadership Experience: Previous experience as an Engineering Manager with a track record of leading teams that have successfully launched major features and releases. Leadership and Communication: Strong leadership, mentorship, communication, and collaboration skills, especially within distributed teams. Qualifications: Bachelor's degree in Computer Science, Engineering, or a related field. At least 5 years of experience in software engineering, with a minimum of 2 years in a managerial role. Proven success in leading technical teams and delivering complex projects on schedule. Exceptional problem-solving abilities and attention to detail. Proficiency in English is required; knowledge of Spanish is an advantage. Location: This role is based in Spain. Candidates must either be located in Spain or willing to relocate. Benefits: Competitive salary and a comprehensive benefits package. A chance to work in a dynamic and forward-thinking security firm. Opportunities for professional development and career growth. A flexible and supportive work environment. If you are ready to take on a challenging and rewarding role in a leading security firm, apply now to join our team and make a significant impact in the field of cybersecurity!
24/06/2024
Full time
Engineering Manager - Europe About my client: They are a leading security firm dedicated to safeguarding our clients' digital assets. They are looking for an exceptional Engineering Manager to join our Spain, Italy or Portugal based team. If you are passionate about cybersecurity and have a proven record of leading successful engineering teams, we would love to connect with you! Key Responsibilities: Talent Acquisition and Development: Recruit, nurture, and advance top technical talent to sustain and strengthen our industry leadership. Product Roadmap Development: Partner with product managers to develop a practical roadmap for our products. Technical Guidance: Support development teams in the design and construction of resilient software solutions. Feature Management: Manage features from initial design through to deployment and ongoing maintenance. Interdepartmental Collaboration: Coordinate with cross-functional teams across various locations to ensure seamless and effective operations. Ideal Candidate Profile: OS Internals Expertise: Deep knowledge of low-level OS internals on either macOS or Linux. Security Product Development: Proven experience in creating endpoint security solutions like Data Loss Prevention (DLP) or Endpoint Detection and Response (EDR) applications. Programming Proficiency: Advanced skills in C++ or Swift are highly beneficial. Engineering Leadership Experience: Previous experience as an Engineering Manager with a track record of leading teams that have successfully launched major features and releases. Leadership and Communication: Strong leadership, mentorship, communication, and collaboration skills, especially within distributed teams. Qualifications: Bachelor's degree in Computer Science, Engineering, or a related field. At least 5 years of experience in software engineering, with a minimum of 2 years in a managerial role. Proven success in leading technical teams and delivering complex projects on schedule. Exceptional problem-solving abilities and attention to detail. Proficiency in English is required; knowledge of Spanish is an advantage. Location: This role is based in Spain. Candidates must either be located in Spain or willing to relocate. Benefits: Competitive salary and a comprehensive benefits package. A chance to work in a dynamic and forward-thinking security firm. Opportunities for professional development and career growth. A flexible and supportive work environment. If you are ready to take on a challenging and rewarding role in a leading security firm, apply now to join our team and make a significant impact in the field of cybersecurity!
Lynx Recruitment are working with a successful Managed Security Services Provider who are seeking a Sales Development Representative to identify and pursue prospective clients to book and attend meetings for the Business Development Manager. Upon being a success in this Sales Development Representative role, the position has a clear path to further your career progression in the business. Below are the essential skills and experience: Minimum of 1 year experience in a cyber security sales Experienced making outbound calls Lead Generation experience Excellent communication skills If this Sales Development Representative position is of interest, please apply ASAP.
24/06/2024
Full time
Lynx Recruitment are working with a successful Managed Security Services Provider who are seeking a Sales Development Representative to identify and pursue prospective clients to book and attend meetings for the Business Development Manager. Upon being a success in this Sales Development Representative role, the position has a clear path to further your career progression in the business. Below are the essential skills and experience: Minimum of 1 year experience in a cyber security sales Experienced making outbound calls Lead Generation experience Excellent communication skills If this Sales Development Representative position is of interest, please apply ASAP.
Junior Business Development Manager - Permanent - Must have full right to work in UK - Staffordshire - £35-40k per annum Great opportunity for someone early in their sales career looking for development to join an established and respected leader within the UK's Energy market. Your role will be key to helping customers deliver on the UK net zero targets. You will be responsible for developing new relationships in markets that complement our core offering, focusing on service offerings covering 24/7 reactive and proactive support, industrial cybersecurity, and digital transformation solutions. The role offers excellent benefits and significant bonus opportunities with an established pipeline and substantial growth prospects. Responsibilities: Accountable for driving business development in their market segment; achieving agreed sales targets for new customers and new business, and sales targets for organic growth. Support the business by developing and owning (as appropriate and agreed) specific customer relationships and building our reputation. Develop a growth strategy for their market segment that clearly identifies available industry streams, market segments, and customers. Jointly develop a sales plan with support from the sales manager for their particular market sector that outlines opportunities in detail and provides business leaders with the necessary information to make decisions. Key Skills: Evidence of creating and growing sales to the benefit of a business - directly or indirectly. Track record of developing and maintaining client relationships. Good commercial acumen and negotiation skills with a drive for outstanding customer service and high-performance culture. An understanding of industrial automation. Understanding of business development performance drivers and ability to demonstrate broad knowledge and understanding of automation control systems. Capability or willingness to learn how to deliver a growth strategy and sales plan in complex industries and within their market segment. Building and maintaining strong relationships with internal and external customers and key business stakeholders. Excellent communication skills with the confidence and ability to deliver formal reports and presentations both internally and externally. Benefits: 25 days holiday plus bank holidays Flexible working Pension Life assurance policy Private health care Lifestyle screening Salary sacrifice programme Mental health assistance programme To discuss this exciting opportunity in more detail, please APPLY NOW for a no obligation chat with your VIQU Consultant. Additionally, you can contact Storm Robertson , by exploring the VIQU IT Recruitment website.
24/06/2024
Full time
Junior Business Development Manager - Permanent - Must have full right to work in UK - Staffordshire - £35-40k per annum Great opportunity for someone early in their sales career looking for development to join an established and respected leader within the UK's Energy market. Your role will be key to helping customers deliver on the UK net zero targets. You will be responsible for developing new relationships in markets that complement our core offering, focusing on service offerings covering 24/7 reactive and proactive support, industrial cybersecurity, and digital transformation solutions. The role offers excellent benefits and significant bonus opportunities with an established pipeline and substantial growth prospects. Responsibilities: Accountable for driving business development in their market segment; achieving agreed sales targets for new customers and new business, and sales targets for organic growth. Support the business by developing and owning (as appropriate and agreed) specific customer relationships and building our reputation. Develop a growth strategy for their market segment that clearly identifies available industry streams, market segments, and customers. Jointly develop a sales plan with support from the sales manager for their particular market sector that outlines opportunities in detail and provides business leaders with the necessary information to make decisions. Key Skills: Evidence of creating and growing sales to the benefit of a business - directly or indirectly. Track record of developing and maintaining client relationships. Good commercial acumen and negotiation skills with a drive for outstanding customer service and high-performance culture. An understanding of industrial automation. Understanding of business development performance drivers and ability to demonstrate broad knowledge and understanding of automation control systems. Capability or willingness to learn how to deliver a growth strategy and sales plan in complex industries and within their market segment. Building and maintaining strong relationships with internal and external customers and key business stakeholders. Excellent communication skills with the confidence and ability to deliver formal reports and presentations both internally and externally. Benefits: 25 days holiday plus bank holidays Flexible working Pension Life assurance policy Private health care Lifestyle screening Salary sacrifice programme Mental health assistance programme To discuss this exciting opportunity in more detail, please APPLY NOW for a no obligation chat with your VIQU Consultant. Additionally, you can contact Storm Robertson , by exploring the VIQU IT Recruitment website.
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
21/06/2024
Full time
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Ops Engineer | Long-Term Project | Financial Enterprise We are seeking an ops engineer to join our dynamic team and environemnt who can play an instrumental role in ensuring the relaibility and efficiency of our applications - your technical skills and financial knowledge will be key in helping us achieve our goal! Whether you start your day in our office garden, fro the comforts of your own home, your contribitions will be significant. Your Daily Responsibilities: Incident and Problem Management : Conduct root cause analysis to identify the underlying cause of failures and implement permanent solutions. This involves direct communication with users (Traders, Credit/Market Risk Managers) across various locations including Amsterdam, London, Brussels, New York, and Singapore. Level-2 Support : Provide second-level support for deploying and operating applications/stacks in production, which includes participating in an on-call rotation. Automation : Identify opportunities to automate testing of features, performance, security, and deployment processes. This is a crucial responsibility for Operations Engineers. Data Improvement : Reconfigure and optimize new and existing products, reports, and processes. Technical Understanding : Comprehend the full technology stack of the application and its role in the overall system. Tooling and Scripting : Develop, improve, and maintain tools and scripts to automate repetitive or error-prone tasks, utilizing appropriate event alerts. Functional Testing and Change Management : Perform functional testing and manage changes to ensure safe transitions from test to acceptance and production environments. Travel : Occasional travel abroad, specifically to Brussels. What You'll Bring to the Team: Experience : Financial knowledge of interest rate and FX derivatives valuation and market risk modelling (eg, Greeks and VaR). Experience in functional incident management for Front Office pricing applications within the Financial Markets domain. Proficiency in supporting end users, enriching Back End databases with new products, reports, and scheduled tasks. Technical Skills and Knowledge: Mandatory : Advanced knowledge of MS SQL Server and Transact-SQL. Deep understanding of interest rate derivatives valuation. Customer-focused with a strong inclination towards identifying and resolving root causes of incidents to enhance customer experience. Familiarity with tools like ServiceNow, Confluence, and Fortify. Strong team player with cross-functional capabilities, comfortable interacting with people at all levels in a multicultural environment. Proactive and responsive to others' needs. Nice to Have : Experience or familiarity with IT risk (SOx, vulnerability management) and security concepts (protocols, certificates, etc.). Proficiency in English (advanced level). Bachelor's or Master's degree with a strong analytical background in Computer Science, Cybernetics, Software Engineering, Financial Engineering, or a related field. About Levy Professionals Since 2000 we provide professional solutions to organizations ranging from tech start-ups to global players. From our offices in Amsterdam and London we have built an international and local network of skilled employed professionals and contractors fuelled by our passion for connecting skills with projects. Over the years we have fulfilled over 1700 requirements and nowadays we consistently have 250+ professionals recruited and relocated from 14 countries allocated to various projects. Our strength is the way that we see and treat people. This will always be a key factor in our strategy for many years to come.
21/06/2024
Project-based
Ops Engineer | Long-Term Project | Financial Enterprise We are seeking an ops engineer to join our dynamic team and environemnt who can play an instrumental role in ensuring the relaibility and efficiency of our applications - your technical skills and financial knowledge will be key in helping us achieve our goal! Whether you start your day in our office garden, fro the comforts of your own home, your contribitions will be significant. Your Daily Responsibilities: Incident and Problem Management : Conduct root cause analysis to identify the underlying cause of failures and implement permanent solutions. This involves direct communication with users (Traders, Credit/Market Risk Managers) across various locations including Amsterdam, London, Brussels, New York, and Singapore. Level-2 Support : Provide second-level support for deploying and operating applications/stacks in production, which includes participating in an on-call rotation. Automation : Identify opportunities to automate testing of features, performance, security, and deployment processes. This is a crucial responsibility for Operations Engineers. Data Improvement : Reconfigure and optimize new and existing products, reports, and processes. Technical Understanding : Comprehend the full technology stack of the application and its role in the overall system. Tooling and Scripting : Develop, improve, and maintain tools and scripts to automate repetitive or error-prone tasks, utilizing appropriate event alerts. Functional Testing and Change Management : Perform functional testing and manage changes to ensure safe transitions from test to acceptance and production environments. Travel : Occasional travel abroad, specifically to Brussels. What You'll Bring to the Team: Experience : Financial knowledge of interest rate and FX derivatives valuation and market risk modelling (eg, Greeks and VaR). Experience in functional incident management for Front Office pricing applications within the Financial Markets domain. Proficiency in supporting end users, enriching Back End databases with new products, reports, and scheduled tasks. Technical Skills and Knowledge: Mandatory : Advanced knowledge of MS SQL Server and Transact-SQL. Deep understanding of interest rate derivatives valuation. Customer-focused with a strong inclination towards identifying and resolving root causes of incidents to enhance customer experience. Familiarity with tools like ServiceNow, Confluence, and Fortify. Strong team player with cross-functional capabilities, comfortable interacting with people at all levels in a multicultural environment. Proactive and responsive to others' needs. Nice to Have : Experience or familiarity with IT risk (SOx, vulnerability management) and security concepts (protocols, certificates, etc.). Proficiency in English (advanced level). Bachelor's or Master's degree with a strong analytical background in Computer Science, Cybernetics, Software Engineering, Financial Engineering, or a related field. About Levy Professionals Since 2000 we provide professional solutions to organizations ranging from tech start-ups to global players. From our offices in Amsterdam and London we have built an international and local network of skilled employed professionals and contractors fuelled by our passion for connecting skills with projects. Over the years we have fulfilled over 1700 requirements and nowadays we consistently have 250+ professionals recruited and relocated from 14 countries allocated to various projects. Our strength is the way that we see and treat people. This will always be a key factor in our strategy for many years to come.
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
20/06/2024
Full time
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
We have a fantastic permanent opportunity for a Technology Services Security Manager to lead our Security Operations function within the IT department. This pivotal role involves managing both internal and external specialist 3rd party support to deliver security operations activities across our diverse digital estate. The successful candidate will be responsible for ensuring the security and performance of our enterprise/IT and OT estates, which include a wide range of endpoints, appliances, and systems. Required Skills & Qualifications: CISSP (or equivalent) qualification and Azure Certification. SAFE leadership or other Agile qualification (such as Kanban or Scrum). Considerable experience operating ITIL and CSIRT processes and standards. Detailed understanding of IT/OT technologies, market trends, products, and services. Extensive working knowledge of available technologies and defining strategies for efficient and effective solutions and services. Considerable experience in an IT managerial position with responsibilities for operations, planning, people, and relationship management. Broad IT Management/Contracts experience, including infrastructure development, delivery, and operational management. Managing Successful Programmes (MSP)/APMP qualification is desirable. Day to Day of the role: Improve the performance and security of the digital estate through proactive continuous service improvement. Manage the security operations of the Technology estates, ensuring availability 24/7/365 where applicable. Collaborate with the wider Technology Services and Information Security teams to provide SME capability and align development activity with operational and strategic requirements. Own the Incident Management process for cyber-related incidents. Plan and deliver resources to create an effective Security Operations function that addresses risk and aligns with business plans. Contribute security expertise to support other leaders in Technology Services in making informed decisions. Provide technical security/cyber information to optimise commercial arrangements. Identify security trends, assess risks and opportunities, and prioritise activities to minimise risks and add value. Manage third-party contracts that underpin the security operations function, ensuring support levels meet business requirements. Benefits: Competitive salary package. Opportunities for professional development and certifications. Engaging and collaborative work environment. Comprehensive benefits package. To apply for the Technology Services Security Manager position, please submit your CV and cover letter detailing your relevant experience and qualifications.
20/06/2024
Full time
We have a fantastic permanent opportunity for a Technology Services Security Manager to lead our Security Operations function within the IT department. This pivotal role involves managing both internal and external specialist 3rd party support to deliver security operations activities across our diverse digital estate. The successful candidate will be responsible for ensuring the security and performance of our enterprise/IT and OT estates, which include a wide range of endpoints, appliances, and systems. Required Skills & Qualifications: CISSP (or equivalent) qualification and Azure Certification. SAFE leadership or other Agile qualification (such as Kanban or Scrum). Considerable experience operating ITIL and CSIRT processes and standards. Detailed understanding of IT/OT technologies, market trends, products, and services. Extensive working knowledge of available technologies and defining strategies for efficient and effective solutions and services. Considerable experience in an IT managerial position with responsibilities for operations, planning, people, and relationship management. Broad IT Management/Contracts experience, including infrastructure development, delivery, and operational management. Managing Successful Programmes (MSP)/APMP qualification is desirable. Day to Day of the role: Improve the performance and security of the digital estate through proactive continuous service improvement. Manage the security operations of the Technology estates, ensuring availability 24/7/365 where applicable. Collaborate with the wider Technology Services and Information Security teams to provide SME capability and align development activity with operational and strategic requirements. Own the Incident Management process for cyber-related incidents. Plan and deliver resources to create an effective Security Operations function that addresses risk and aligns with business plans. Contribute security expertise to support other leaders in Technology Services in making informed decisions. Provide technical security/cyber information to optimise commercial arrangements. Identify security trends, assess risks and opportunities, and prioritise activities to minimise risks and add value. Manage third-party contracts that underpin the security operations function, ensuring support levels meet business requirements. Benefits: Competitive salary package. Opportunities for professional development and certifications. Engaging and collaborative work environment. Comprehensive benefits package. To apply for the Technology Services Security Manager position, please submit your CV and cover letter detailing your relevant experience and qualifications.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
19/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
19/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate will be responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is highly preferred Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
19/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate will be responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is highly preferred Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.