*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
26/07/2024
Full time
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
26/07/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
25/07/2024
Full time
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Our market leading client is looking to onboard a ServiceNow Specialist to join a dedicated project team on an initial 3 month rolling contract. The ideal candidate will have practical experience in Cybersecurity and Governance, Risk, and Compliance (GRC) modules. This role itself will have you managing incidents, customizing GRC modules, and ensuring the security model is robust. In terms of key skills, please see below; Key Skills: - Incident Management: Experience in handling and resolving technical incidents. - GRC Customizations: Develop and implement customizations to the GRC module. - GRC Security Model: Design, maintain, and enhance the GRC security model. - VR Improvement Plan: Develop and execute plans to enhance VR capabilities and address issues. - Experience with Celonis Workbook is a bonus here. This will be an INSIDE IR35 contract which can work fully remotely but preference would be 1-2 days per week in either the Edinburgh or London office if possible and commutable. Please apply within to find out more about this contract opportunity! Job Title: ServiceNow Specialist Location: Edinburgh, UK Job Type: Contract Trading as TEKsystems. Allegis Group Limited, Bracknell, RG12 1RT, United Kingdom. No Allegis Group Limited operates as an Employment Business and Employment Agency as set out in the Conduct of Employment Agencies and Employment Businesses Regulations 2003. TEKsystems is a company within the Allegis Group network of companies (collectively referred to as "Allegis Group"). Aerotek, Aston Carter, EASi, Talentis Solutions, TEKsystems, Stamford Consultants and The Stamford Group are Allegis Group brands. If you apply, your personal data will be processed as described in the Allegis Group Online Privacy Notice available at our website. To access our Online Privacy Notice, which explains what information we may collect, use, share, and store about you, and describes your rights and choices about this, please go our website. We are part of a global network of companies and as a result, the personal data you provide will be shared within Allegis Group and transferred and processed outside the UK, Switzerland and European Economic Area subject to the protections described in the Allegis Group Online Privacy Notice. We store personal data in the UK, EEA, Switzerland and the USA. If you would like to exercise your privacy rights, please visit the "Contacting Us" section of our Online Privacy Notice on our website for details on how to contact us. To protect your privacy and security, we may take steps to verify your identity, such as a password and user ID if there is an account associated with your request, or identifying information such as your address or date of birth, before proceeding with your request. commitments under the UK Data Protection Act, EU-U.S. Privacy Shield or the Swiss-U.S. Privacy Shield.
25/07/2024
Project-based
Our market leading client is looking to onboard a ServiceNow Specialist to join a dedicated project team on an initial 3 month rolling contract. The ideal candidate will have practical experience in Cybersecurity and Governance, Risk, and Compliance (GRC) modules. This role itself will have you managing incidents, customizing GRC modules, and ensuring the security model is robust. In terms of key skills, please see below; Key Skills: - Incident Management: Experience in handling and resolving technical incidents. - GRC Customizations: Develop and implement customizations to the GRC module. - GRC Security Model: Design, maintain, and enhance the GRC security model. - VR Improvement Plan: Develop and execute plans to enhance VR capabilities and address issues. - Experience with Celonis Workbook is a bonus here. This will be an INSIDE IR35 contract which can work fully remotely but preference would be 1-2 days per week in either the Edinburgh or London office if possible and commutable. Please apply within to find out more about this contract opportunity! Job Title: ServiceNow Specialist Location: Edinburgh, UK Job Type: Contract Trading as TEKsystems. Allegis Group Limited, Bracknell, RG12 1RT, United Kingdom. No Allegis Group Limited operates as an Employment Business and Employment Agency as set out in the Conduct of Employment Agencies and Employment Businesses Regulations 2003. TEKsystems is a company within the Allegis Group network of companies (collectively referred to as "Allegis Group"). Aerotek, Aston Carter, EASi, Talentis Solutions, TEKsystems, Stamford Consultants and The Stamford Group are Allegis Group brands. If you apply, your personal data will be processed as described in the Allegis Group Online Privacy Notice available at our website. To access our Online Privacy Notice, which explains what information we may collect, use, share, and store about you, and describes your rights and choices about this, please go our website. We are part of a global network of companies and as a result, the personal data you provide will be shared within Allegis Group and transferred and processed outside the UK, Switzerland and European Economic Area subject to the protections described in the Allegis Group Online Privacy Notice. We store personal data in the UK, EEA, Switzerland and the USA. If you would like to exercise your privacy rights, please visit the "Contacting Us" section of our Online Privacy Notice on our website for details on how to contact us. To protect your privacy and security, we may take steps to verify your identity, such as a password and user ID if there is an account associated with your request, or identifying information such as your address or date of birth, before proceeding with your request. commitments under the UK Data Protection Act, EU-U.S. Privacy Shield or the Swiss-U.S. Privacy Shield.
Senior GRC Specialist Salary: $120k-$135k + 10% bonus Location: Chicago, IL or Austin, TX Hybrid: 3 days in-office, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC Technical writing experience 4+ years of Information Security experience Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of Privileged Access Management technologies Responsibilities Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards, and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and life cycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes roadmap development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards.
24/07/2024
Full time
Senior GRC Specialist Salary: $120k-$135k + 10% bonus Location: Chicago, IL or Austin, TX Hybrid: 3 days in-office, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC Technical writing experience 4+ years of Information Security experience Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of Privileged Access Management technologies Responsibilities Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards, and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and life cycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes roadmap development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards.
Job Title : ServiceNow Developer - SC Eligible Location : Flexible (Blend of company offices, client sites, and remote work) Remuneration : Salary of up to £85,000 per annum Contract Details : Permanent position Responsibilities : Be the driving force behind the technical implementation of Service Management and Service Integration and Management solutions using the ServiceNow Platform for our clients. Collaborate with a dedicated team to co-design and develop innovative ServiceNow applications, solutions, and services. Take ownership of complex business requirements and see them through to completion with the assistance of the ServiceNow Business Analyst. Utilise your technical expertise to optimise and ensure compliance when IT organisations employ the ServiceNow Platform. Demonstrate your strong attention to detail and communicate effectively both in writing and verbally. Work in an Agile/Scrum environment and contribute to estimating release effort. Leverage your experience in administering the ServiceNow Platform, including Scripting languages such as JavaScript, Angular/Angular JS, HTML, CSS, AJAX, and Jelly. Apply your knowledge of relational databases and experience working with LDAP, AD, SSO, Email Infrastructure, and Web Services. Demonstrate proficiency in IT Operations Management (ITOM) and experience with IT Service Management (ITSM), Human Resources (HRSD), and Customer Service Management (CSM) would be advantageous. Obtain SC clearance, as it is a requirement for this role, along with meeting other criteria and requirements. Your Skills and Experience : Extensive experience administering the ServiceNow Platform. Proficient in Scripting languages such as JavaScript, Angular/Angular JS, HTML, CSS, AJAX, and Jelly. Familiarity with Agile/Scrum methodologies. Strong communication skills, both written and verbal. Excellent attention to detail. Understanding of relational database concepts. Knowledge and experience in working with LDAP, AD, SSO, Email Infrastructure, and Web Services. Experience in IT Operations Management (ITOM) and certifications such as ServiceNow CSA, Certified Application Developer, ITIL Foundation, ServiceNow Platform Implementation Specialist, Common Service Data Model (CSDM), Configuration Management (CMDB), and Automated Test Framework (ATF) are expected. Useful but not essential : IT Service Management (ITSM), Human Resources (HRSD), and Customer Service Management (CSM) experience. - Familiarity with MID Server Fundamentals, Security Operations (SecOps) Certification, and GRC : Integrated Risk Management (IRM) Certification. IT Operations Management (ITOM) Certification.
24/07/2024
Full time
Job Title : ServiceNow Developer - SC Eligible Location : Flexible (Blend of company offices, client sites, and remote work) Remuneration : Salary of up to £85,000 per annum Contract Details : Permanent position Responsibilities : Be the driving force behind the technical implementation of Service Management and Service Integration and Management solutions using the ServiceNow Platform for our clients. Collaborate with a dedicated team to co-design and develop innovative ServiceNow applications, solutions, and services. Take ownership of complex business requirements and see them through to completion with the assistance of the ServiceNow Business Analyst. Utilise your technical expertise to optimise and ensure compliance when IT organisations employ the ServiceNow Platform. Demonstrate your strong attention to detail and communicate effectively both in writing and verbally. Work in an Agile/Scrum environment and contribute to estimating release effort. Leverage your experience in administering the ServiceNow Platform, including Scripting languages such as JavaScript, Angular/Angular JS, HTML, CSS, AJAX, and Jelly. Apply your knowledge of relational databases and experience working with LDAP, AD, SSO, Email Infrastructure, and Web Services. Demonstrate proficiency in IT Operations Management (ITOM) and experience with IT Service Management (ITSM), Human Resources (HRSD), and Customer Service Management (CSM) would be advantageous. Obtain SC clearance, as it is a requirement for this role, along with meeting other criteria and requirements. Your Skills and Experience : Extensive experience administering the ServiceNow Platform. Proficient in Scripting languages such as JavaScript, Angular/Angular JS, HTML, CSS, AJAX, and Jelly. Familiarity with Agile/Scrum methodologies. Strong communication skills, both written and verbal. Excellent attention to detail. Understanding of relational database concepts. Knowledge and experience in working with LDAP, AD, SSO, Email Infrastructure, and Web Services. Experience in IT Operations Management (ITOM) and certifications such as ServiceNow CSA, Certified Application Developer, ITIL Foundation, ServiceNow Platform Implementation Specialist, Common Service Data Model (CSDM), Configuration Management (CMDB), and Automated Test Framework (ATF) are expected. Useful but not essential : IT Service Management (ITSM), Human Resources (HRSD), and Customer Service Management (CSM) experience. - Familiarity with MID Server Fundamentals, Security Operations (SecOps) Certification, and GRC : Integrated Risk Management (IRM) Certification. IT Operations Management (ITOM) Certification.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
03/07/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.