OT/IT Security Analyst - NIS/CAF/IEC62443 (Relocation package available) £50,000 - £60,000 + 20% Bonus/overtime Interesting opportunity to join one of the UK's largest energy producing companies as they continue to grow and further develop their OT/IT Security functions. We require a Security Analyst with strong experience and knowledge of security, ideally within the energy sector. The Security Analyst will assist with the monitoring and management of operational security. This will include monitoring adherence to security governance (including capturing evidence as appropriate), monitoring security alerts, monitoring security KPI's and assisting production of reports (eg to Board, or regulators), assisting with planning and operation of security activity according to the security calendar (eg user recertification, internal audit/risk management, penetration testing), monitoring updates with security regulation and best practice, and monitoring/reporting/actioning (as appropriate) threat intelligence. Strong experience within a security environment is required and specific knowledge of NIS CAF, IEC62443 and ISO27001 will be advantageous. The role requires an understanding of the technology principles underpinning the energy sectors unique environment, and utilisation of purdue layering (including OT/DMZ/IT layers), as well as a broad, up-to-date knowledge of security policies, processes and procedures including Risk Management, Identity & Access Management and Incident Management & Response. In additional to a strong understanding of Security principles this role will involve close liaison with the IT Team, Site/Security Engineers and other staff at all levels as appropriate. The candidate should be a strong team player with excellent security governance and communication skills; and be motivated and independent. Key Responsibilities Working with SOC, monitor security alerts from intrusion detection systems; document triaging data and escalate as appropriate. Assist analysis of system and network logs to identify false positives, data trends and non-conformance with security policies; test and evaluate security policies. Assist key processes from a security perspective (eg Risk Management, Change Management, User Management, Incident Management and Recovery/Disaster Recovery). Ensure security documentation remains up to date/aligned with current regulations and best practice; gather evidence of adherence to security policies, processes and procedures. Monitoring/capturing operational security KPI's; Generating reports as required (eg Board, Regulators etc) Compiling required information/documentation in the event of a security incident Link with key external parties to gather threat intelligence; document/present proposals for continuous improvement. Provide security related SME support to projects and initiatives as required. Assist with the creation and delivery of the security calendar, including assisting regular events such as annual policy reviews, user recertification, internal audit and penetration testing. Desired Skills Understanding/experience of key security standards and frameworks (eg NIS CAF, IEC62443, ISO27001, NIST, CoBIT, CIS, GDPR, Cyber Essentials) Experience in conducting IT/OT compliance assessments and administering IT/OT security controls. Proven experience in relevant areas, such as incident response, intrusion analysis, malware analysis or security engineering. Knowledge of malware families and network attack vectors. Solid understanding internetworking technologies including packet analysis, routing and network security defences. Knowledge of common security tools such as SIEM, WAF, IDS, PAM, IdAM, Packet Analyzer and Endpoint Detection and Response tools. Excellent problem-solving skills, with tenacity and resilience to resolve issues. Excellent communication and collaboration skills. Relevant security-related certifications (eg CISSP, GCIH, GCIA, GCED, GCFA, CySA) OT/IT Security Analyst - NIS/CAF/IEC62443 £50,000 - £60,000 + 20% Bonus/overtime
30/05/2023
Full time
OT/IT Security Analyst - NIS/CAF/IEC62443 (Relocation package available) £50,000 - £60,000 + 20% Bonus/overtime Interesting opportunity to join one of the UK's largest energy producing companies as they continue to grow and further develop their OT/IT Security functions. We require a Security Analyst with strong experience and knowledge of security, ideally within the energy sector. The Security Analyst will assist with the monitoring and management of operational security. This will include monitoring adherence to security governance (including capturing evidence as appropriate), monitoring security alerts, monitoring security KPI's and assisting production of reports (eg to Board, or regulators), assisting with planning and operation of security activity according to the security calendar (eg user recertification, internal audit/risk management, penetration testing), monitoring updates with security regulation and best practice, and monitoring/reporting/actioning (as appropriate) threat intelligence. Strong experience within a security environment is required and specific knowledge of NIS CAF, IEC62443 and ISO27001 will be advantageous. The role requires an understanding of the technology principles underpinning the energy sectors unique environment, and utilisation of purdue layering (including OT/DMZ/IT layers), as well as a broad, up-to-date knowledge of security policies, processes and procedures including Risk Management, Identity & Access Management and Incident Management & Response. In additional to a strong understanding of Security principles this role will involve close liaison with the IT Team, Site/Security Engineers and other staff at all levels as appropriate. The candidate should be a strong team player with excellent security governance and communication skills; and be motivated and independent. Key Responsibilities Working with SOC, monitor security alerts from intrusion detection systems; document triaging data and escalate as appropriate. Assist analysis of system and network logs to identify false positives, data trends and non-conformance with security policies; test and evaluate security policies. Assist key processes from a security perspective (eg Risk Management, Change Management, User Management, Incident Management and Recovery/Disaster Recovery). Ensure security documentation remains up to date/aligned with current regulations and best practice; gather evidence of adherence to security policies, processes and procedures. Monitoring/capturing operational security KPI's; Generating reports as required (eg Board, Regulators etc) Compiling required information/documentation in the event of a security incident Link with key external parties to gather threat intelligence; document/present proposals for continuous improvement. Provide security related SME support to projects and initiatives as required. Assist with the creation and delivery of the security calendar, including assisting regular events such as annual policy reviews, user recertification, internal audit and penetration testing. Desired Skills Understanding/experience of key security standards and frameworks (eg NIS CAF, IEC62443, ISO27001, NIST, CoBIT, CIS, GDPR, Cyber Essentials) Experience in conducting IT/OT compliance assessments and administering IT/OT security controls. Proven experience in relevant areas, such as incident response, intrusion analysis, malware analysis or security engineering. Knowledge of malware families and network attack vectors. Solid understanding internetworking technologies including packet analysis, routing and network security defences. Knowledge of common security tools such as SIEM, WAF, IDS, PAM, IdAM, Packet Analyzer and Endpoint Detection and Response tools. Excellent problem-solving skills, with tenacity and resilience to resolve issues. Excellent communication and collaboration skills. Relevant security-related certifications (eg CISSP, GCIH, GCIA, GCED, GCFA, CySA) OT/IT Security Analyst - NIS/CAF/IEC62443 £50,000 - £60,000 + 20% Bonus/overtime
Methods is a £100M+ IT Services Consultancy who has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Established over 30 years ago and UK-based, we apply our skills in transformation, delivery, and collaboration from across the Methods Group, to create end-to-end business and technical solutions that are people-centred, safe, and designed for the future. Our human touch sets us apart from other consultancies, system integrators and software houses - with people, technology, and data at the heart of who we are, we believe in creating value and sustainability through everything we do for our clients, staff, communities, and the planet. We support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them. Predominantly focused on the public-sector, Methods is now building a significant private sector client portfolio. Methods was acquired by the Alten Group in early 2022. Summary Profile We are seeking skilled Network Engineers with a passion for cyber security to join our team. The successful candidate will be responsible for designing, implementing, and maintaining network infrastructure and security solutions for our clients in the public sector. They will have a deep understanding of Cisco or Juniper networking technologies and hold a CCNP/CCNA certification. Responsibilities Design and implement network solutions for clients in the public sector, ensuring that they are secure and meet business requirements. Configure and troubleshoot Cisco or Juniper networking technologies, including Routers, Switches, Firewalls, and wireless access points. Collaborate with project managers, security professionals, and other stakeholders to ensure successful project delivery. Conduct security assessments and penetration testing to identify and remediate vulnerabilities. Monitor network performance and ensure that it meets service level agreements. Document network configurations and maintain network diagrams. Provide technical support to clients and internal teams as needed. Stay up-to-date with emerging network technologies and security threats. Develop and implement disaster recovery and business continuity plans for network infrastructure and security solutions. Analyse network traffic and logs to identify and investigate security incidents and recommend remediation actions. Manage and maintain network security devices such as Firewalls, intrusion detection and prevention systems, and VPN concentrators. Design and implement network segmentation to enhance security and improve network performance. Create and maintain network and security policies, procedures, and standards. Conduct training sessions for clients and internal teams on networking best practices and policies. Work closely with vendors and service providers to manage and optimize network performance and security. Participate in the evaluation and selection of new networking and security products and technologies Develop and implement disaster recovery and business continuity plans for network infrastructure and security solutions. Analyse network traffic and logs to identify and investigate security incidents and recommend remediation actions. Manage and maintain network security devices such as Firewalls, intrusion detection and prevention systems, and VPN concentrators. Design and implement network segmentation to enhance security and improve network performance. Create and maintain network and security policies, procedures, and standards. Conduct training sessions for clients and internal teams on network security best practices and policies. Work closely with vendors and service providers to manage and optimise network performance and security. Participate in the evaluation and selection of new networking and security products and technologies. Skills & Experience CCNP/CCNA certification is essential Experience with Cisco or Juniper networking technologies, including Routers, Switches, Firewalls, and wireless access points. Strong understanding of network protocols and services, including TCP/IP, DNS, DHCP, VPN, and VLANs. Familiarity with network monitoring and troubleshooting tools, such as Wireshark and SolarWinds. Experience with cyber security best practices and tools, such as Firewalls, intrusion detection and prevention systems, and vulnerability scanners. Excellent problem-solving and communication skills. Ability to work independently and as part of a team. Experience with cloud networking technologies, such as AWS or Azure networking. Familiarity with Scripting languages such as Python, Perl, or Bash to automate network tasks. Knowledge of virtualization technologies such as VMware, Hyper-V, or KVM. Experience with software-defined networking (SDN) technologies such as OpenFlow, Open vSwitch, or Cisco ACI. Strong knowledge of security compliance frameworks such as NIST, ISO 27001, and PCI DSS. Ability to mentor and train junior network engineers and security analysts. Experience with network automation tools such as Ansible, Chef, or Puppet. If you are passionate about network engineering and cyber security and want to make a meaningful impact in the public sector, we encourage you to apply for this exciting opportunity. Desirable: Experience with cloud networking technologies, such as AWS or Azure networking. Familiarity with Scripting languages such as Python, Perl, or Bash to automate network tasks. Knowledge of virtualisation technologies such as VMware, Hyper-V, or KVM. Experience with software-defined networking (SDN) technologies such as OpenFlow, Open vSwitch, or Cisco ACI. Strong knowledge of security compliance frameworks such as NIST, ISO 27001, and PCI DSS. Ability to mentor and train junior network engineers and security analysts. Experience with network automation tools such as Ansible, Chef, or Puppet. This role will require you to have or be willing to go through Security Clearance. As part of the onboarding process candidates will be asked to complete a Baseline Personnel Security Standard; details of the evidence required to apply may be found on the government website Gov.UK. If you are unable to meet this and any associated criteria, then your employment may be delayed, or rejected. Details of this will be discussed with you at interview. Benefits Methods is passionate about its people; we want our colleagues to develop the things they are good at and enjoy. By joining us you can expect: Autonomy to develop and grow your skills and experience Be part of exciting project work that is making a difference in society Strong, inspiring, and thought-provoking leadership A supportive and collaborative environment As well as this we offer: Development access to LinkedIn Learning, a management development programme, and training Wellness 24/7 confidential employee assistance programme Flexible Working including home working and part time Social office parties, breakfast Tuesdays, monthly pizza Thursdays, Thirsty Thursdays, and commitment to charitable causes Time Off 25 days of annual leave a year, plus bank holidays, with the option to buy 5 extra days each year Volunteering 2 paid days per year to volunteer in our local communities or within a charity organisation Pension Salary Exchange Scheme with 4% employer contribution and 5% employee contribution Discretionary Company Bonus based on company and individual performance Life Assurance of 4 times base salary Private Medical Insurance which is non-contributory (spouse and dependants included) Worldwide Travel Insurance which is non-contributory (spouse and dependants included) Enhanced Maternity and Paternity Pay Travel season ticket loan, cycle to work scheme For a full list of benefits please visit our website.
29/05/2023
Full time
Methods is a £100M+ IT Services Consultancy who has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Established over 30 years ago and UK-based, we apply our skills in transformation, delivery, and collaboration from across the Methods Group, to create end-to-end business and technical solutions that are people-centred, safe, and designed for the future. Our human touch sets us apart from other consultancies, system integrators and software houses - with people, technology, and data at the heart of who we are, we believe in creating value and sustainability through everything we do for our clients, staff, communities, and the planet. We support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them. Predominantly focused on the public-sector, Methods is now building a significant private sector client portfolio. Methods was acquired by the Alten Group in early 2022. Summary Profile We are seeking skilled Network Engineers with a passion for cyber security to join our team. The successful candidate will be responsible for designing, implementing, and maintaining network infrastructure and security solutions for our clients in the public sector. They will have a deep understanding of Cisco or Juniper networking technologies and hold a CCNP/CCNA certification. Responsibilities Design and implement network solutions for clients in the public sector, ensuring that they are secure and meet business requirements. Configure and troubleshoot Cisco or Juniper networking technologies, including Routers, Switches, Firewalls, and wireless access points. Collaborate with project managers, security professionals, and other stakeholders to ensure successful project delivery. Conduct security assessments and penetration testing to identify and remediate vulnerabilities. Monitor network performance and ensure that it meets service level agreements. Document network configurations and maintain network diagrams. Provide technical support to clients and internal teams as needed. Stay up-to-date with emerging network technologies and security threats. Develop and implement disaster recovery and business continuity plans for network infrastructure and security solutions. Analyse network traffic and logs to identify and investigate security incidents and recommend remediation actions. Manage and maintain network security devices such as Firewalls, intrusion detection and prevention systems, and VPN concentrators. Design and implement network segmentation to enhance security and improve network performance. Create and maintain network and security policies, procedures, and standards. Conduct training sessions for clients and internal teams on networking best practices and policies. Work closely with vendors and service providers to manage and optimize network performance and security. Participate in the evaluation and selection of new networking and security products and technologies Develop and implement disaster recovery and business continuity plans for network infrastructure and security solutions. Analyse network traffic and logs to identify and investigate security incidents and recommend remediation actions. Manage and maintain network security devices such as Firewalls, intrusion detection and prevention systems, and VPN concentrators. Design and implement network segmentation to enhance security and improve network performance. Create and maintain network and security policies, procedures, and standards. Conduct training sessions for clients and internal teams on network security best practices and policies. Work closely with vendors and service providers to manage and optimise network performance and security. Participate in the evaluation and selection of new networking and security products and technologies. Skills & Experience CCNP/CCNA certification is essential Experience with Cisco or Juniper networking technologies, including Routers, Switches, Firewalls, and wireless access points. Strong understanding of network protocols and services, including TCP/IP, DNS, DHCP, VPN, and VLANs. Familiarity with network monitoring and troubleshooting tools, such as Wireshark and SolarWinds. Experience with cyber security best practices and tools, such as Firewalls, intrusion detection and prevention systems, and vulnerability scanners. Excellent problem-solving and communication skills. Ability to work independently and as part of a team. Experience with cloud networking technologies, such as AWS or Azure networking. Familiarity with Scripting languages such as Python, Perl, or Bash to automate network tasks. Knowledge of virtualization technologies such as VMware, Hyper-V, or KVM. Experience with software-defined networking (SDN) technologies such as OpenFlow, Open vSwitch, or Cisco ACI. Strong knowledge of security compliance frameworks such as NIST, ISO 27001, and PCI DSS. Ability to mentor and train junior network engineers and security analysts. Experience with network automation tools such as Ansible, Chef, or Puppet. If you are passionate about network engineering and cyber security and want to make a meaningful impact in the public sector, we encourage you to apply for this exciting opportunity. Desirable: Experience with cloud networking technologies, such as AWS or Azure networking. Familiarity with Scripting languages such as Python, Perl, or Bash to automate network tasks. Knowledge of virtualisation technologies such as VMware, Hyper-V, or KVM. Experience with software-defined networking (SDN) technologies such as OpenFlow, Open vSwitch, or Cisco ACI. Strong knowledge of security compliance frameworks such as NIST, ISO 27001, and PCI DSS. Ability to mentor and train junior network engineers and security analysts. Experience with network automation tools such as Ansible, Chef, or Puppet. This role will require you to have or be willing to go through Security Clearance. As part of the onboarding process candidates will be asked to complete a Baseline Personnel Security Standard; details of the evidence required to apply may be found on the government website Gov.UK. If you are unable to meet this and any associated criteria, then your employment may be delayed, or rejected. Details of this will be discussed with you at interview. Benefits Methods is passionate about its people; we want our colleagues to develop the things they are good at and enjoy. By joining us you can expect: Autonomy to develop and grow your skills and experience Be part of exciting project work that is making a difference in society Strong, inspiring, and thought-provoking leadership A supportive and collaborative environment As well as this we offer: Development access to LinkedIn Learning, a management development programme, and training Wellness 24/7 confidential employee assistance programme Flexible Working including home working and part time Social office parties, breakfast Tuesdays, monthly pizza Thursdays, Thirsty Thursdays, and commitment to charitable causes Time Off 25 days of annual leave a year, plus bank holidays, with the option to buy 5 extra days each year Volunteering 2 paid days per year to volunteer in our local communities or within a charity organisation Pension Salary Exchange Scheme with 4% employer contribution and 5% employee contribution Discretionary Company Bonus based on company and individual performance Life Assurance of 4 times base salary Private Medical Insurance which is non-contributory (spouse and dependants included) Worldwide Travel Insurance which is non-contributory (spouse and dependants included) Enhanced Maternity and Paternity Pay Travel season ticket loan, cycle to work scheme For a full list of benefits please visit our website.
Services and Control Senior Analyst - Insurance Market Competitive Salary + Bonus + Benefits The Service and Controls Lead is part of the Technology Service Management function and helps leads and enable the definition and improvement of ITSM capability. This role enables our Technology Change Delivery Portfolios as well as BAU service delivery teams by driving and owning appropriate ITSM Controls and Governance to assure secure, stable, and performing technology services. The role leverages existing the client's enterprise service management process and controls capability, owning their localized implementation to support the GRSI Tech's strategy. As well, the role leads on the necessary improvements to address gaps and recommendations across the wider Audit, Cyber and IT controls frameworks. Key Responsibilities: Responsible for ITSM Controls and Governance enabling secure, stable and performing technology services. Implement and improve ITSM capability, reporting, controls, service integration and process support Provide appropriate service reporting on a regular basis to achieve targets, continuously improve and deliver excellent customer service Share best practice and coach on ITSM, increasing the internal body of knowledge Develop quality, exec-ready management information, presentations, proposals, and reports Helps drive the ITSM Strategy for GRSI Technology working in coordination with Enterprise SMO, as well as GRS Tech. Engineering, Resilience and support teams Drive the necessary improvements to address gaps and recommendations relating to ITSM across the wider Audit, DT Cyber and IT controls frameworks Compliance & Strategic Alignment Ensure appropriate technology controls are implemented and regularly tested in line with the client, GRSI, GRS and GDS practices Align to Company and GRS technology delivery functions to ensure the service management team operates in compliance with all relevant standards, processes and procedures Demonstrate behaviours as set out in the Conduct Risk Policy in alignment with company commitment to placing customers at the centre of our business and behaving with integrity Service Management Support Service Delivery Team leads and Managers with robust ITSM practices and process support Oversee and evolve Major and High Priority Incident Management Drive adoption of Problem Management and Continual Improvement Engage with business leaders to ensure Services are understood and appropriate, evolving our service catalogue and service level agreement framework Ensure appropriate service level reporting and dashboards as required Chair the service review process with customers and key stakeholders Enhance the Supplier Management practices, ensuring formal inventory of vendor contracts and active management of all contracts with a strong commercial mindset Service Operations Support Act as an escalation point for major incident and problem management; Take ownership of critical incidents, coordinating with resolution parties, and establishing effective communication between stakeholders for post-incident reviews Ensure appropriate risk and impact assessments are Embedded and performed in Change Management and CAB processes Collaborate with the Desktop Support, Cloud and Infrastructure Engineering Managers to ensure team priorities are aligned with the ITSM strategy Information Security Management Devise measures to protect company data from both internal and external threats Take part in day-to-day monitoring for activities, implement defensive protocols, and report incidents in line with security best practices Contribute to security guidelines, procedures, standards, and controls documentation Continuous Improvement, Governance & Delivery Own ITSM capability and service improvement roadmaps, enhancing service management processes, governance, tools, reporting and compliance Act as Product Owner for ITSM Processes and Tooling maintain a backlog of all related initiatives aligned to the Agile Portfolio Office Actively manage risks and issues in the ITSM area, developing mitigation plans/actions and remediation planning sessions, logging and escalating where appropriate Review practices to ensure consistency with policies, compliance regulations and control requirements, providing direction and changes as needed and ensuring alignment with business objectives and industry trends Champion, coach and promote the sharing of best practice on ITSM, increasing the internal capability and body of knowledge Develop and maintain Service management operational policies, standards, procedures, and guidelines where applicable Skills and Experience Experienced Service Management professional ITIL qualifications - preferably ITIL Expert, or Strategic Leader Excellent interpersonal and customer service skills with a passion for service excellence and a track record of continuous service improvement Strong leadership ability and team spirit with exceptional skills in motivating, coaching and supporting team members to deliver success outcomes Demonstrable experience of internal and external stakeholder engagement Exposure to financial and vendor management Strong organisational skills with an ability to balance and prioritise multiple initiatives at once, and to work under pressure when necessary Apply today with your most up to date CV. If this role isn't quite what you are after but know someone who may be relevant, we offer a referral scheme for any successful recommendations. Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
26/05/2023
Full time
Services and Control Senior Analyst - Insurance Market Competitive Salary + Bonus + Benefits The Service and Controls Lead is part of the Technology Service Management function and helps leads and enable the definition and improvement of ITSM capability. This role enables our Technology Change Delivery Portfolios as well as BAU service delivery teams by driving and owning appropriate ITSM Controls and Governance to assure secure, stable, and performing technology services. The role leverages existing the client's enterprise service management process and controls capability, owning their localized implementation to support the GRSI Tech's strategy. As well, the role leads on the necessary improvements to address gaps and recommendations across the wider Audit, Cyber and IT controls frameworks. Key Responsibilities: Responsible for ITSM Controls and Governance enabling secure, stable and performing technology services. Implement and improve ITSM capability, reporting, controls, service integration and process support Provide appropriate service reporting on a regular basis to achieve targets, continuously improve and deliver excellent customer service Share best practice and coach on ITSM, increasing the internal body of knowledge Develop quality, exec-ready management information, presentations, proposals, and reports Helps drive the ITSM Strategy for GRSI Technology working in coordination with Enterprise SMO, as well as GRS Tech. Engineering, Resilience and support teams Drive the necessary improvements to address gaps and recommendations relating to ITSM across the wider Audit, DT Cyber and IT controls frameworks Compliance & Strategic Alignment Ensure appropriate technology controls are implemented and regularly tested in line with the client, GRSI, GRS and GDS practices Align to Company and GRS technology delivery functions to ensure the service management team operates in compliance with all relevant standards, processes and procedures Demonstrate behaviours as set out in the Conduct Risk Policy in alignment with company commitment to placing customers at the centre of our business and behaving with integrity Service Management Support Service Delivery Team leads and Managers with robust ITSM practices and process support Oversee and evolve Major and High Priority Incident Management Drive adoption of Problem Management and Continual Improvement Engage with business leaders to ensure Services are understood and appropriate, evolving our service catalogue and service level agreement framework Ensure appropriate service level reporting and dashboards as required Chair the service review process with customers and key stakeholders Enhance the Supplier Management practices, ensuring formal inventory of vendor contracts and active management of all contracts with a strong commercial mindset Service Operations Support Act as an escalation point for major incident and problem management; Take ownership of critical incidents, coordinating with resolution parties, and establishing effective communication between stakeholders for post-incident reviews Ensure appropriate risk and impact assessments are Embedded and performed in Change Management and CAB processes Collaborate with the Desktop Support, Cloud and Infrastructure Engineering Managers to ensure team priorities are aligned with the ITSM strategy Information Security Management Devise measures to protect company data from both internal and external threats Take part in day-to-day monitoring for activities, implement defensive protocols, and report incidents in line with security best practices Contribute to security guidelines, procedures, standards, and controls documentation Continuous Improvement, Governance & Delivery Own ITSM capability and service improvement roadmaps, enhancing service management processes, governance, tools, reporting and compliance Act as Product Owner for ITSM Processes and Tooling maintain a backlog of all related initiatives aligned to the Agile Portfolio Office Actively manage risks and issues in the ITSM area, developing mitigation plans/actions and remediation planning sessions, logging and escalating where appropriate Review practices to ensure consistency with policies, compliance regulations and control requirements, providing direction and changes as needed and ensuring alignment with business objectives and industry trends Champion, coach and promote the sharing of best practice on ITSM, increasing the internal capability and body of knowledge Develop and maintain Service management operational policies, standards, procedures, and guidelines where applicable Skills and Experience Experienced Service Management professional ITIL qualifications - preferably ITIL Expert, or Strategic Leader Excellent interpersonal and customer service skills with a passion for service excellence and a track record of continuous service improvement Strong leadership ability and team spirit with exceptional skills in motivating, coaching and supporting team members to deliver success outcomes Demonstrable experience of internal and external stakeholder engagement Exposure to financial and vendor management Strong organisational skills with an ability to balance and prioritise multiple initiatives at once, and to work under pressure when necessary Apply today with your most up to date CV. If this role isn't quite what you are after but know someone who may be relevant, we offer a referral scheme for any successful recommendations. Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
IT Security and Governance Manager (reporting into the IT Director), c£60000 - 80000+ benefits, nr Cheltenham, Gloucestershire. 4 days in the office, 1 day WFH Growing company are looking for an IT Security and Governance Manager who will co-ordinate all the IT Security compliance including Certifications such ISO 27001, Cyber Essentials and NIST. You will support the ongoing production and publication of Policies, Awareness and Risk across the business and will work with the IT Director to drive the Security strategy. The role is hands-on and you will be responsible for a team of 2 (Cyber Analyst and Data and Governance Manager). Responsibilities Include - Manage the compliance Portal. Manage supplier engagements based on IT Security Certifications and to drive improvements where required. Manage the relevant Certifications. Primarily ISO 27001, Cyber Essentials and NIST 800-171 (ISO 27001 critical, training available for NIST). Contribute to awareness activities. Supporting the management of Risk. Supporting the daily maintenance activities and response where necessary. Policies, Awareness and Risk across the business Experience Required - Previous knowledge and responsibility for ISO 27001. Knowledge or a willingness to learn Cyber Essentials and NIST. Data Protection or similar compliance qualification. Understanding of Risk Management methodologies. Experience of creating and managing an ISMS. Demonstrable knowledge of Policy production, management and promulgation. This is a great chance to join a global company that is going through an exciting period of growth and expansion. If you have the required skills and experience please send your CV for a full brief. This role is based in the Cheltenham/Gloucester area and requires 4 days a week in the office. Salary is negotiable but is likely to be c £60000 £80000 + benefits. If you have the skills and experience and are interested in this position please send your CV for a full brief or call James Wallace for a confidential conversation.
24/05/2023
Full time
IT Security and Governance Manager (reporting into the IT Director), c£60000 - 80000+ benefits, nr Cheltenham, Gloucestershire. 4 days in the office, 1 day WFH Growing company are looking for an IT Security and Governance Manager who will co-ordinate all the IT Security compliance including Certifications such ISO 27001, Cyber Essentials and NIST. You will support the ongoing production and publication of Policies, Awareness and Risk across the business and will work with the IT Director to drive the Security strategy. The role is hands-on and you will be responsible for a team of 2 (Cyber Analyst and Data and Governance Manager). Responsibilities Include - Manage the compliance Portal. Manage supplier engagements based on IT Security Certifications and to drive improvements where required. Manage the relevant Certifications. Primarily ISO 27001, Cyber Essentials and NIST 800-171 (ISO 27001 critical, training available for NIST). Contribute to awareness activities. Supporting the management of Risk. Supporting the daily maintenance activities and response where necessary. Policies, Awareness and Risk across the business Experience Required - Previous knowledge and responsibility for ISO 27001. Knowledge or a willingness to learn Cyber Essentials and NIST. Data Protection or similar compliance qualification. Understanding of Risk Management methodologies. Experience of creating and managing an ISMS. Demonstrable knowledge of Policy production, management and promulgation. This is a great chance to join a global company that is going through an exciting period of growth and expansion. If you have the required skills and experience please send your CV for a full brief. This role is based in the Cheltenham/Gloucester area and requires 4 days a week in the office. Salary is negotiable but is likely to be c £60000 £80000 + benefits. If you have the skills and experience and are interested in this position please send your CV for a full brief or call James Wallace for a confidential conversation.
SOC Analyst - Ann Arbor, Michigan The senior Security analyst will be responsible for playbook creation and maintenance and will ensure that the correct training is in place so that team members can implement procedures and policies. The successful candidate will act as the security focal point for customers and troubleshooting of Real Time potential security alerts. Responsibilities Primarily responsible for security event monitoring, management, and response. Provide administrative direction and support for daily operational activities. Participate in business reviews and workshops with partners and customers. Establish operational foundations, defining metrics and KPIs to drive governance, quality, and efficiency. Influence and improve existing processes through innovation and operational change. Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring. Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives. Revise and develop processes to strengthen the current Security Operations Framework, review policies and highlight the challenges in managing SLAs. Identify threat vectors and develop use cases for security monitoring. Fine tune detection logic and machine learning profiles. Creation of root cause analysis, reports, dashboards, metrics for SOC operations and presentation to senior management. Fine-tune detection capabilities. Document all activities during an incident and provide leadership with status updates during the life cycle of the incident. Create a final incident report detailing the events of the incident. Working with the team to create RCA's for events escalated to incident levels. Development and execution of Standard Operating Procedures, Event Handlers and Job Aids required for successful task completion. Responsible for managing the incident E2E. Requirements Proficient in Incident Management and Response. Experience in creation of playbooks. Experience in security device management and SIEM (Splunk, Qradar, etc.) In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. Familiarity with malware techniques and attack techniques (eg code injection, DGA, hooks, etc.) Familiarity with big data platforms and data analysis (eg SQL, python) Strong troubleshooting and problem-solving skills. Knowledge of applications, databases, Middleware to address security threats. Proficient in preparation of reports, dashboards, and documentation. Excellent communication and leadership skills. Ability to handle high pressure situations with key stakeholders. Excellent interpersonal skills, positive attitude and outstanding customer approach. Ability to take initiative and adapt. Have excellent written and verbal communication skills. Possess the ability to adjust and adapt to changing priorities in a dynamic environment. Be able to multitask and be proactive in addressing issues and requests. SOC Analyst - Ann Arbor, Michigan
09/05/2023
Full time
SOC Analyst - Ann Arbor, Michigan The senior Security analyst will be responsible for playbook creation and maintenance and will ensure that the correct training is in place so that team members can implement procedures and policies. The successful candidate will act as the security focal point for customers and troubleshooting of Real Time potential security alerts. Responsibilities Primarily responsible for security event monitoring, management, and response. Provide administrative direction and support for daily operational activities. Participate in business reviews and workshops with partners and customers. Establish operational foundations, defining metrics and KPIs to drive governance, quality, and efficiency. Influence and improve existing processes through innovation and operational change. Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring. Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives. Revise and develop processes to strengthen the current Security Operations Framework, review policies and highlight the challenges in managing SLAs. Identify threat vectors and develop use cases for security monitoring. Fine tune detection logic and machine learning profiles. Creation of root cause analysis, reports, dashboards, metrics for SOC operations and presentation to senior management. Fine-tune detection capabilities. Document all activities during an incident and provide leadership with status updates during the life cycle of the incident. Create a final incident report detailing the events of the incident. Working with the team to create RCA's for events escalated to incident levels. Development and execution of Standard Operating Procedures, Event Handlers and Job Aids required for successful task completion. Responsible for managing the incident E2E. Requirements Proficient in Incident Management and Response. Experience in creation of playbooks. Experience in security device management and SIEM (Splunk, Qradar, etc.) In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. Familiarity with malware techniques and attack techniques (eg code injection, DGA, hooks, etc.) Familiarity with big data platforms and data analysis (eg SQL, python) Strong troubleshooting and problem-solving skills. Knowledge of applications, databases, Middleware to address security threats. Proficient in preparation of reports, dashboards, and documentation. Excellent communication and leadership skills. Ability to handle high pressure situations with key stakeholders. Excellent interpersonal skills, positive attitude and outstanding customer approach. Ability to take initiative and adapt. Have excellent written and verbal communication skills. Possess the ability to adjust and adapt to changing priorities in a dynamic environment. Be able to multitask and be proactive in addressing issues and requests. SOC Analyst - Ann Arbor, Michigan
