*WILL SPONSOR H1B* *Hybrid, 3 days onsite, 2 days remote* A prestigious financial firm is on the search for a Manager, Server Administration (Linux). This manager will lead a team of Linux engineers to support a large, complex Linux environment and will help the transition to infrastructure into the cloud. They will help drive infrastructure as a code and automation concepts. They will need heavy experience with Linux, AWS, RedHat, Ansible, Python, Jenkins, Terraform, CICD, etc. Responsibilities Manage day to day operations of highly virtualized Linux compute infrastructure Provide status reporting (availability, performance capacity utilization) Create and maintain process & policy documentation Drive automation of Linux systems Develop Linux server team to align with the company future technology roadmap. Forecast System demands and recommend upgrades, expansions and reconfiguration Resource planning Provide input into strategic compute infrastructure plans and help drive alignment with application teams, security and business Collaborate with application support teams to drive improvements in communication, architecture, and performance Act as a liaison for customer relations and represent server teams Manage enterprise server environment related projects Lead audit and security responsibilities that include routine reviews and reporting of technology policies and security compliance Work with auditors to remediate and closeout all remediation, regulatory, and audit findings Draft proposals to tackle technology challenges and work with vendors to provide best solution at optimal cost Responsible for change management process for server infrastructure Qualifications Bachelor's degree (or equivalent) in Computer Science or a related discipline Minimum 7 years of experience in Compute (Linux) administration Minimum 3 years of experience in Cloud technologies and CI/CD technologies Minimum 3 years of experience in managing people and leading projects. Experience in a regulated/financial industry a plus Experience with disaster recovery testing and creating technical/process documentation Strong background in Compute (Linux) administration Working knowledge of Virtualization and Storage infrastructure Working knowledge and experience in Cloud Infrastructure Linux Systems (Redhat and Amazon linux) EMC storage VMWare virtualization Cloud technologies (AWS) CI/CD (Terraform, Jenkins, Artifactory, Github) Automation (Ansible, Python)
31/03/2023
Full time
*WILL SPONSOR H1B* *Hybrid, 3 days onsite, 2 days remote* A prestigious financial firm is on the search for a Manager, Server Administration (Linux). This manager will lead a team of Linux engineers to support a large, complex Linux environment and will help the transition to infrastructure into the cloud. They will help drive infrastructure as a code and automation concepts. They will need heavy experience with Linux, AWS, RedHat, Ansible, Python, Jenkins, Terraform, CICD, etc. Responsibilities Manage day to day operations of highly virtualized Linux compute infrastructure Provide status reporting (availability, performance capacity utilization) Create and maintain process & policy documentation Drive automation of Linux systems Develop Linux server team to align with the company future technology roadmap. Forecast System demands and recommend upgrades, expansions and reconfiguration Resource planning Provide input into strategic compute infrastructure plans and help drive alignment with application teams, security and business Collaborate with application support teams to drive improvements in communication, architecture, and performance Act as a liaison for customer relations and represent server teams Manage enterprise server environment related projects Lead audit and security responsibilities that include routine reviews and reporting of technology policies and security compliance Work with auditors to remediate and closeout all remediation, regulatory, and audit findings Draft proposals to tackle technology challenges and work with vendors to provide best solution at optimal cost Responsible for change management process for server infrastructure Qualifications Bachelor's degree (or equivalent) in Computer Science or a related discipline Minimum 7 years of experience in Compute (Linux) administration Minimum 3 years of experience in Cloud technologies and CI/CD technologies Minimum 3 years of experience in managing people and leading projects. Experience in a regulated/financial industry a plus Experience with disaster recovery testing and creating technical/process documentation Strong background in Compute (Linux) administration Working knowledge of Virtualization and Storage infrastructure Working knowledge and experience in Cloud Infrastructure Linux Systems (Redhat and Amazon linux) EMC storage VMWare virtualization Cloud technologies (AWS) CI/CD (Terraform, Jenkins, Artifactory, Github) Automation (Ansible, Python)
*WILL SPONSOR H1B* *Hybrid, 3 days onsite, 2 days remote* A prestigious financial firm is on the search for a Manager, Server Administration (Linux). This manager will lead a team of Linux engineers to support a large, complex Linux environment and will help the transition to infrastructure into the cloud. They will help drive infrastructure as a code and automation concepts. They will need heavy experience with Linux, AWS, RedHat, Ansible, Python, Jenkins, Terraform, CICD, etc. Responsibilities Manage day to day operations of highly virtualized Linux compute infrastructure Provide status reporting (availability, performance capacity utilization) Create and maintain process & policy documentation Drive automation of Linux systems Develop Linux server team to align with the company future technology roadmap. Forecast System demands and recommend upgrades, expansions and reconfiguration Resource planning Provide input into strategic compute infrastructure plans and help drive alignment with application teams, security and business Collaborate with application support teams to drive improvements in communication, architecture, and performance Act as a liaison for customer relations and represent server teams Manage enterprise server environment related projects Lead audit and security responsibilities that include routine reviews and reporting of technology policies and security compliance Work with auditors to remediate and closeout all remediation, regulatory, and audit findings Draft proposals to tackle technology challenges and work with vendors to provide best solution at optimal cost Responsible for change management process for server infrastructure Qualifications Bachelor's degree (or equivalent) in Computer Science or a related discipline Minimum 7 years of experience in Compute (Linux) administration Minimum 3 years of experience in Cloud technologies and CI/CD technologies Minimum 3 years of experience in managing people and leading projects. Experience in a regulated/financial industry a plus Experience with disaster recovery testing and creating technical/process documentation Strong background in Compute (Linux) administration Working knowledge of Virtualization and Storage infrastructure Working knowledge and experience in Cloud Infrastructure Linux Systems (Redhat and Amazon linux) EMC storage VMWare virtualization Cloud technologies (AWS) CI/CD (Terraform, Jenkins, Artifactory, Github) Automation (Ansible, Python)
31/03/2023
Full time
*WILL SPONSOR H1B* *Hybrid, 3 days onsite, 2 days remote* A prestigious financial firm is on the search for a Manager, Server Administration (Linux). This manager will lead a team of Linux engineers to support a large, complex Linux environment and will help the transition to infrastructure into the cloud. They will help drive infrastructure as a code and automation concepts. They will need heavy experience with Linux, AWS, RedHat, Ansible, Python, Jenkins, Terraform, CICD, etc. Responsibilities Manage day to day operations of highly virtualized Linux compute infrastructure Provide status reporting (availability, performance capacity utilization) Create and maintain process & policy documentation Drive automation of Linux systems Develop Linux server team to align with the company future technology roadmap. Forecast System demands and recommend upgrades, expansions and reconfiguration Resource planning Provide input into strategic compute infrastructure plans and help drive alignment with application teams, security and business Collaborate with application support teams to drive improvements in communication, architecture, and performance Act as a liaison for customer relations and represent server teams Manage enterprise server environment related projects Lead audit and security responsibilities that include routine reviews and reporting of technology policies and security compliance Work with auditors to remediate and closeout all remediation, regulatory, and audit findings Draft proposals to tackle technology challenges and work with vendors to provide best solution at optimal cost Responsible for change management process for server infrastructure Qualifications Bachelor's degree (or equivalent) in Computer Science or a related discipline Minimum 7 years of experience in Compute (Linux) administration Minimum 3 years of experience in Cloud technologies and CI/CD technologies Minimum 3 years of experience in managing people and leading projects. Experience in a regulated/financial industry a plus Experience with disaster recovery testing and creating technical/process documentation Strong background in Compute (Linux) administration Working knowledge of Virtualization and Storage infrastructure Working knowledge and experience in Cloud Infrastructure Linux Systems (Redhat and Amazon linux) EMC storage VMWare virtualization Cloud technologies (AWS) CI/CD (Terraform, Jenkins, Artifactory, Github) Automation (Ansible, Python)
*Hybrid, 3 days onsite, 2 days remote* A prestigious financial firm is on the search for a Senior Auditor, Information Security. This auditor must have 2+ years of IT audit experience using frameworks/standards such as AICPA, IIA, IPPF, COBIT and have a strong proficiency using Archer or other audit tools. Responsibilities: Ability to clearly articulate professional principles and standards (ie, AICPA, IIA IPPF, COBIT, NIST CSF, etc.) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies to effectively identify potential risks and creative alternatives to mitigate risk exposure. Keeping current on leading practices and emerging risks in IT, information security, and cyber security within the financial services industry and making recommendations for improvements, as necessary. Defining and leading the execution of audit projects in accordance to the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Providing oversight and coaching the internal team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience. Planning, leading, and reporting for risk based special request audit assignments. Proactively identifying regulatory, IT, information security, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Identifying and analysing root cause exceptions or inefficient practices and partnering with management provide advice and recommendations develop achievable solutions. Qualifications: Knowledge of the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). Strong proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software. Bachelor's degree (or equivalent) in Information Technology, Accounting, Finance, Business Administration, or related field. Consulting/accounting firm experience is a plus. Experience in Financial Services/Security Industry and working with regulatory organizations such as: Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), and/or Financial Industry Regulatory Authority (FINRA)is a plus. Demonstrated success in leading audit projects and implementing audit leading practices in a complex technology environment. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or similar certification is a plus. Minimum of two years of audit experience in conducting IT risk-based audits and projects, and IT process reviews.
31/03/2023
Full time
*Hybrid, 3 days onsite, 2 days remote* A prestigious financial firm is on the search for a Senior Auditor, Information Security. This auditor must have 2+ years of IT audit experience using frameworks/standards such as AICPA, IIA, IPPF, COBIT and have a strong proficiency using Archer or other audit tools. Responsibilities: Ability to clearly articulate professional principles and standards (ie, AICPA, IIA IPPF, COBIT, NIST CSF, etc.) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies to effectively identify potential risks and creative alternatives to mitigate risk exposure. Keeping current on leading practices and emerging risks in IT, information security, and cyber security within the financial services industry and making recommendations for improvements, as necessary. Defining and leading the execution of audit projects in accordance to the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Providing oversight and coaching the internal team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience. Planning, leading, and reporting for risk based special request audit assignments. Proactively identifying regulatory, IT, information security, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Identifying and analysing root cause exceptions or inefficient practices and partnering with management provide advice and recommendations develop achievable solutions. Qualifications: Knowledge of the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). Strong proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software. Bachelor's degree (or equivalent) in Information Technology, Accounting, Finance, Business Administration, or related field. Consulting/accounting firm experience is a plus. Experience in Financial Services/Security Industry and working with regulatory organizations such as: Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), and/or Financial Industry Regulatory Authority (FINRA)is a plus. Demonstrated success in leading audit projects and implementing audit leading practices in a complex technology environment. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or similar certification is a plus. Minimum of two years of audit experience in conducting IT risk-based audits and projects, and IT process reviews.
SIRA - 6 months - Inside IR35 - Hybrid working - Edinburgh/Glasgow Day Rate - Circa £593 Harvey Nash's public sector client are currently looking to recruit an experienced Security and Information Risk Advisor (SIRA), you will be required to provide expertise to teams for risk identification, analysis, evaluation and treatment and to develop, operate, maintain and improve the organisation's ISMS. Main Duties: Formulate strong relationships between the Information Security and Risk function and business teams: Promote Information Security and Risk Services offered. Provide advice, guidance and facilitation of information security processes Assist stakeholders in understanding and fulfilling their information security roles and responsibilities Communicate the requirements of Information Security Policies and Standards, to ensure that teams and colleagues are able comply with their requirements and ensure that protective measures for information assets are adequate. Deliver sessions and workshops for the identification and analysis of threats to the confidentiality, integrity and availability of information assets, and propose appropriate controls and actions for risk remediation. Discuss potential opportunities for improvement to information security policies, processes or controls with teams and record the proposed improvements in the ISMS Tooling for management analysis. Observe instances of Non-Conformance, providing details of findings and the motivation for the issue. Use ISMS Tooling to record and prepare reports for the relative ISMS Domain Sponsor who will determine corrective action. Liaise with Teams on required actions to discuss timeframes and delegation of resources. Undertake internal audit/assurance activities to observe and evaluate ISMS processes and Security Controls, and provide internal stakeholders with reports that outline findings and areas for improvement of compliance. Contribute towards the development of Information Security and Risk policies, standards and processes, including the maintenance of operating procedures and ensure appropriate ISMS document control is applied. Support internal stakeholders during independent audits through prior preparation of ISMS artefacts and records to be available upon request by the auditor. Essential Skills: The candidate will have knowledge including (but not limited to): Identification, assessment and management of risk Security assurance and the measurement of controls Creation of ISMS and IT Security documentation (Policies, Standards, Processes, Procedures and Patterns) Internal and Third-Party Audits Risk and threat modelling Compliance and Assurance Activities Business process analysis and mapping (to determine alignment against agreed industry practice and recognised control frameworks) The candidate will hold the following certifications/qualifications or equivalent: Certificate in Information Security Management Principles Certified Internal Auditor of Management Systems Desirable Sills & Experience Certified Information Systems Security Professional (CISSP) or equivalent Certified Lead Implementer of Management Systems (including Information Security and Business Continuity) Certified Lead Auditor of Management Systems Certified Security Risk Manager Practitioner Certificate in Information Risk Management Supporting organisations through security certification activities (ex. ISO27001) Building security capability, training and awareness or exercising programmes Designing information security incident management procedures Non-Technical Certifications relative to IS (including GDPR Practitioner, CLI ISMS, CLA ISMS) Technical Certifications that support information security (ISC2, ISACA, Microsoft, Cisco, CompTIA Security+) This role has been deemed Outside IR35 by the client. Applicants must hold, or be happy to apply for, a valid standard Disclosure Scotland. Please click the link to apply.
31/03/2023
Project-based
SIRA - 6 months - Inside IR35 - Hybrid working - Edinburgh/Glasgow Day Rate - Circa £593 Harvey Nash's public sector client are currently looking to recruit an experienced Security and Information Risk Advisor (SIRA), you will be required to provide expertise to teams for risk identification, analysis, evaluation and treatment and to develop, operate, maintain and improve the organisation's ISMS. Main Duties: Formulate strong relationships between the Information Security and Risk function and business teams: Promote Information Security and Risk Services offered. Provide advice, guidance and facilitation of information security processes Assist stakeholders in understanding and fulfilling their information security roles and responsibilities Communicate the requirements of Information Security Policies and Standards, to ensure that teams and colleagues are able comply with their requirements and ensure that protective measures for information assets are adequate. Deliver sessions and workshops for the identification and analysis of threats to the confidentiality, integrity and availability of information assets, and propose appropriate controls and actions for risk remediation. Discuss potential opportunities for improvement to information security policies, processes or controls with teams and record the proposed improvements in the ISMS Tooling for management analysis. Observe instances of Non-Conformance, providing details of findings and the motivation for the issue. Use ISMS Tooling to record and prepare reports for the relative ISMS Domain Sponsor who will determine corrective action. Liaise with Teams on required actions to discuss timeframes and delegation of resources. Undertake internal audit/assurance activities to observe and evaluate ISMS processes and Security Controls, and provide internal stakeholders with reports that outline findings and areas for improvement of compliance. Contribute towards the development of Information Security and Risk policies, standards and processes, including the maintenance of operating procedures and ensure appropriate ISMS document control is applied. Support internal stakeholders during independent audits through prior preparation of ISMS artefacts and records to be available upon request by the auditor. Essential Skills: The candidate will have knowledge including (but not limited to): Identification, assessment and management of risk Security assurance and the measurement of controls Creation of ISMS and IT Security documentation (Policies, Standards, Processes, Procedures and Patterns) Internal and Third-Party Audits Risk and threat modelling Compliance and Assurance Activities Business process analysis and mapping (to determine alignment against agreed industry practice and recognised control frameworks) The candidate will hold the following certifications/qualifications or equivalent: Certificate in Information Security Management Principles Certified Internal Auditor of Management Systems Desirable Sills & Experience Certified Information Systems Security Professional (CISSP) or equivalent Certified Lead Implementer of Management Systems (including Information Security and Business Continuity) Certified Lead Auditor of Management Systems Certified Security Risk Manager Practitioner Certificate in Information Risk Management Supporting organisations through security certification activities (ex. ISO27001) Building security capability, training and awareness or exercising programmes Designing information security incident management procedures Non-Technical Certifications relative to IS (including GDPR Practitioner, CLI ISMS, CLA ISMS) Technical Certifications that support information security (ISC2, ISACA, Microsoft, Cisco, CompTIA Security+) This role has been deemed Outside IR35 by the client. Applicants must hold, or be happy to apply for, a valid standard Disclosure Scotland. Please click the link to apply.
Cyber Security Operations Principal Specialist Role: Perm Start: ASAP Salary: £41,555.00 - £51,500.00 Potential to work remote with up to 2 days on site in Portsmouth Purpose of Job: Reporting to the Cyber Security Operations Manager, the role holder will support the delivery and enforcement of the cyber security operations plan. This role is a key member of the Cyber Security Operations team who is responsible for carrying out day to day cyber security-related duties such as responding to security incidents, and reporting threats, vulnerabilities, and attacks on the systems. They will also liaise with technical specialists within IS, other departments, and external partners to agree on appropriate operational Cyber Security measures to ensure confidentiality, integrity and availability of systems and data. The post holder will advise on cyber security and cyber security risk matters in liaison with our Security Operations Centre. The post holder will also be required to advise and offer guidance on existing security arrangements and in the specification, design and implementation of new services. The post holder must ensure that they keep up to date with developments in best practice, standards, and technologies within the sector and beyond. Key Responsibilities: Carry out operational security tasks, as directed by the Cyber Security Operations Manager, to support the strategic and operational goals. Support and ensure delivery against the cyber security operational plan. Be required to lead on the implementation of work packages related to the Cyber Security Improvement Programme. Support the development and delivery of the cyber incident response plan. Be an active member of the Cyber Security Incident Response Team (CIRT) and support the incident response and recovery activities. Be a subject matter expert in cyber security threats, vulnerability management, and incident response. Promote a cyber security culture across the institution, raising awareness and increasing the understanding of security through the application of policy and practice. Ensuring that this is articulated in a way that is understandable to a non-technical audience. You will be expected to support your line manager and the team in its activities when required, you will also aim to help develop junior team members. Provide clear and actionable reporting, metrics and dashboards regarding security operations Follow the IT Governance, Risk and Compliance Framework. Work closely with our external Security Operations Centre. Take a lead on the monitoring, response and prioritisation of incidents raised. Work closely with auditors or other security-related third parties to address Cyber Security issues eg Janet CSIRT. Lead on threat tracking and assessment, recommend mitigations, remediation or advise on acceptance of cyber security vulnerabilities based on internal and external capabilities, assessments and penetration tests. Attend the IS Security Monthly Review, as required, feed into the risk log and monthly security report. Build and maintain a strong working relationship with vendors and partners. Advise stakeholders to help them understand and establish acceptable levels of risk, and proactively reduce the potential for incidents. Support the line manager with any relevant analysis or subject matter expertise required to produce operational or project budgets. Support and advise on cyber security requirements for the development and delivery of new IT services. Must Haves: - Experience of Security Analysis on Antimalware Platforms Ability to recognise what is happening with security alerts Able to work with SOC provider Experience of a Broad range of Tech Windows, Linux, Macs etc Experience of Sisco Networking Knowledge of security tools Experience of Vulnerability Malware, Patching Platforms, EDR, MDR solutions Ability to take and comprehend instructions Logical, Analytical and a cool head under pressure Certes Computing (and all of its subsidiary companies) is committed to promoting equality and diversity in its business operations.
31/03/2023
Full time
Cyber Security Operations Principal Specialist Role: Perm Start: ASAP Salary: £41,555.00 - £51,500.00 Potential to work remote with up to 2 days on site in Portsmouth Purpose of Job: Reporting to the Cyber Security Operations Manager, the role holder will support the delivery and enforcement of the cyber security operations plan. This role is a key member of the Cyber Security Operations team who is responsible for carrying out day to day cyber security-related duties such as responding to security incidents, and reporting threats, vulnerabilities, and attacks on the systems. They will also liaise with technical specialists within IS, other departments, and external partners to agree on appropriate operational Cyber Security measures to ensure confidentiality, integrity and availability of systems and data. The post holder will advise on cyber security and cyber security risk matters in liaison with our Security Operations Centre. The post holder will also be required to advise and offer guidance on existing security arrangements and in the specification, design and implementation of new services. The post holder must ensure that they keep up to date with developments in best practice, standards, and technologies within the sector and beyond. Key Responsibilities: Carry out operational security tasks, as directed by the Cyber Security Operations Manager, to support the strategic and operational goals. Support and ensure delivery against the cyber security operational plan. Be required to lead on the implementation of work packages related to the Cyber Security Improvement Programme. Support the development and delivery of the cyber incident response plan. Be an active member of the Cyber Security Incident Response Team (CIRT) and support the incident response and recovery activities. Be a subject matter expert in cyber security threats, vulnerability management, and incident response. Promote a cyber security culture across the institution, raising awareness and increasing the understanding of security through the application of policy and practice. Ensuring that this is articulated in a way that is understandable to a non-technical audience. You will be expected to support your line manager and the team in its activities when required, you will also aim to help develop junior team members. Provide clear and actionable reporting, metrics and dashboards regarding security operations Follow the IT Governance, Risk and Compliance Framework. Work closely with our external Security Operations Centre. Take a lead on the monitoring, response and prioritisation of incidents raised. Work closely with auditors or other security-related third parties to address Cyber Security issues eg Janet CSIRT. Lead on threat tracking and assessment, recommend mitigations, remediation or advise on acceptance of cyber security vulnerabilities based on internal and external capabilities, assessments and penetration tests. Attend the IS Security Monthly Review, as required, feed into the risk log and monthly security report. Build and maintain a strong working relationship with vendors and partners. Advise stakeholders to help them understand and establish acceptable levels of risk, and proactively reduce the potential for incidents. Support the line manager with any relevant analysis or subject matter expertise required to produce operational or project budgets. Support and advise on cyber security requirements for the development and delivery of new IT services. Must Haves: - Experience of Security Analysis on Antimalware Platforms Ability to recognise what is happening with security alerts Able to work with SOC provider Experience of a Broad range of Tech Windows, Linux, Macs etc Experience of Sisco Networking Knowledge of security tools Experience of Vulnerability Malware, Patching Platforms, EDR, MDR solutions Ability to take and comprehend instructions Logical, Analytical and a cool head under pressure Certes Computing (and all of its subsidiary companies) is committed to promoting equality and diversity in its business operations.
Security Associate, Investment Banking, London, up to £60k plus bonus & benefits. NDK have created an incredible opportunity to work with a highly prestigious global investment bank, based in central London to recruit a Security Associate. This is a fantastic opportunity to get on board, get certified and springboard your cyber security career, while working in an even-paced, detail oriented, financial environment. As a Security Associate you'll be responsible for completing a wide range of Security Operations checks from reviewing events from our monitoring/alerting systems to re-certifications. This work is constantly evolving and a key aspect of the role is participation in automation and improvement initiatives, participating in the development and maintenance of the staff information and cyber security training programme and provide timely and high quality responses to service desk requests and a wide range of requests from management. What you'll be doing: Security Operations is the key focus area of this role. However, there are no silos in our team and duties can range across all areas of Business Security. A key duty is completing a wide range of Security Operations checks from reviewing events from our monitoring/alerting systems on a daily basis to semi-annual user access re-certifications. Work closely with business security management, our auditors and business units, to provide documentation deliverables and other requirements on a timely basis. Provide timely and high quality responses to service desk requests and a wide range of requests from management. Qualifications, Skills & Experience you'll need: Able to demonstrate practical awareness of risk management, particularly in relation to Information Security. Prior experience of working in information security with a strong interest in the subject and desire to develop further in this area. Possess or have a strong motivation to attain an industry standard certification in information security - eg CISM, CISA, CISSP. Skilled in the use of Microsoft Office, especially Excel. Able to plan and organise tasks thoroughly, effectively and flexibly. Able to analyse problems logically from all angles, gather information from a broad range of sources; and generate logical, timely and workable solutions. Able to work well in culturally diverse environments. Holding a university degree would be valuable - however, it is not essential.
31/03/2023
Full time
Security Associate, Investment Banking, London, up to £60k plus bonus & benefits. NDK have created an incredible opportunity to work with a highly prestigious global investment bank, based in central London to recruit a Security Associate. This is a fantastic opportunity to get on board, get certified and springboard your cyber security career, while working in an even-paced, detail oriented, financial environment. As a Security Associate you'll be responsible for completing a wide range of Security Operations checks from reviewing events from our monitoring/alerting systems to re-certifications. This work is constantly evolving and a key aspect of the role is participation in automation and improvement initiatives, participating in the development and maintenance of the staff information and cyber security training programme and provide timely and high quality responses to service desk requests and a wide range of requests from management. What you'll be doing: Security Operations is the key focus area of this role. However, there are no silos in our team and duties can range across all areas of Business Security. A key duty is completing a wide range of Security Operations checks from reviewing events from our monitoring/alerting systems on a daily basis to semi-annual user access re-certifications. Work closely with business security management, our auditors and business units, to provide documentation deliverables and other requirements on a timely basis. Provide timely and high quality responses to service desk requests and a wide range of requests from management. Qualifications, Skills & Experience you'll need: Able to demonstrate practical awareness of risk management, particularly in relation to Information Security. Prior experience of working in information security with a strong interest in the subject and desire to develop further in this area. Possess or have a strong motivation to attain an industry standard certification in information security - eg CISM, CISA, CISSP. Skilled in the use of Microsoft Office, especially Excel. Able to plan and organise tasks thoroughly, effectively and flexibly. Able to analyse problems logically from all angles, gather information from a broad range of sources; and generate logical, timely and workable solutions. Able to work well in culturally diverse environments. Holding a university degree would be valuable - however, it is not essential.
Governance, Risk & Compliance Manager Start: ASAP Role: Perm Salary: £53,353.00 - £61,823.00 Other Benefits: Generous pension scheme 32 days Annual Leave + Bank Holidays Christmas shutdown Flexible Working Scheme (that is not hybrid working) Childcare services and childcare vouchers Subsidised gym membership (new facilities at Ravelin Sports Centre) Purpose of Job: Under the direction of the Head of Cyber Security, the Governance, Risk and Compliance Manager, leads the security assessment function, in accordance with internal controls compliance, regulatory and departmental policy and procedures. The Governance, Risk and Compliance Manager will develop and manage the risk management framework, control matrices, and all related dashboards, and will make recommendations for senior management consideration. This position is responsible for compliance with the internal controls, regulatory and information security policies and procedures. The role holder works closely with internal/external auditors, and regulatory agencies and will ensure that supporting documentation is available as applicable. The Governance, Risk, and Compliance Manager, line manages and develops the Governance, Risk, and Compliance Analyst within their team. Key Responsibilities: Support the Head of Cyber Security in developing and maintaining the Cyber Security Strategy, ensuring that it delivers against the strategic aims. Define and deliver an IT Governance, Risk and Compliance Framework. Align the framework with information technology with business objectives, while managing risk and meeting regulatory compliance requirements. Responsible for the management and successful implementation of Cyber Security Improvement Programme, policy work packages. Responsible for assessing and documenting of the compliance and risk posture. Lead on the communication and development of a cyber security culture across the institution, raising awareness and increasing the understanding of security through the application of policy and practice. Ensuring that this is articulated in a way. Responsible for the creation, maintenance and delivery of a cyber security awareness campaign and training for colleagues that is understandable to a non-technical audience. Line manage, support, challenge and develop the Cyber Security Governance & Compliance team members. Define and deliver clear and actionable reporting metrics and dashboards regarding cyber security governance and compliance activities. Develop a strategy for audits, compliance checks and external assessment processes for internal/external auditors. Be responsible for vulnerability and threat risk assessment and prioritisation. Attend and actively participate in the IS Security Monthly Review. Own the risk log and produce a monthly security report. Build and maintain a strong working relationship with vendors and partners. Be responsible for ensuring that stakeholders understand and establish acceptable levels of risk, and recommend activities that will proactively reduce the potential for incidents. To manage budgets associated with governance, risk and compliance activities and ensure ongoing costs are captured in recurrent budgets. Provide project and operational budget reports as required. Support and advise on cyber security requirements for the development and delivery of new IT services. Make recommendations regarding the effectiveness of the security controls for the IT systems and services. Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure cyber security and compliance with relevant legislation and legal requirements. Must Haves: - Risk Management Experience Ability to interact with Product Teams Ability to do Light weight Audits Up to date knowledge of IS27001 Audited experience Excellent communication skills Ability to undertake verbal updates, reports and meetings Excellent Stakeholder management Be a self-starter with hands on experience Management experience highly desired but not essential Certes Computing (and all of its subsidiary companies) is committed to promoting equality and diversity in its business operations.
31/03/2023
Full time
Governance, Risk & Compliance Manager Start: ASAP Role: Perm Salary: £53,353.00 - £61,823.00 Other Benefits: Generous pension scheme 32 days Annual Leave + Bank Holidays Christmas shutdown Flexible Working Scheme (that is not hybrid working) Childcare services and childcare vouchers Subsidised gym membership (new facilities at Ravelin Sports Centre) Purpose of Job: Under the direction of the Head of Cyber Security, the Governance, Risk and Compliance Manager, leads the security assessment function, in accordance with internal controls compliance, regulatory and departmental policy and procedures. The Governance, Risk and Compliance Manager will develop and manage the risk management framework, control matrices, and all related dashboards, and will make recommendations for senior management consideration. This position is responsible for compliance with the internal controls, regulatory and information security policies and procedures. The role holder works closely with internal/external auditors, and regulatory agencies and will ensure that supporting documentation is available as applicable. The Governance, Risk, and Compliance Manager, line manages and develops the Governance, Risk, and Compliance Analyst within their team. Key Responsibilities: Support the Head of Cyber Security in developing and maintaining the Cyber Security Strategy, ensuring that it delivers against the strategic aims. Define and deliver an IT Governance, Risk and Compliance Framework. Align the framework with information technology with business objectives, while managing risk and meeting regulatory compliance requirements. Responsible for the management and successful implementation of Cyber Security Improvement Programme, policy work packages. Responsible for assessing and documenting of the compliance and risk posture. Lead on the communication and development of a cyber security culture across the institution, raising awareness and increasing the understanding of security through the application of policy and practice. Ensuring that this is articulated in a way. Responsible for the creation, maintenance and delivery of a cyber security awareness campaign and training for colleagues that is understandable to a non-technical audience. Line manage, support, challenge and develop the Cyber Security Governance & Compliance team members. Define and deliver clear and actionable reporting metrics and dashboards regarding cyber security governance and compliance activities. Develop a strategy for audits, compliance checks and external assessment processes for internal/external auditors. Be responsible for vulnerability and threat risk assessment and prioritisation. Attend and actively participate in the IS Security Monthly Review. Own the risk log and produce a monthly security report. Build and maintain a strong working relationship with vendors and partners. Be responsible for ensuring that stakeholders understand and establish acceptable levels of risk, and recommend activities that will proactively reduce the potential for incidents. To manage budgets associated with governance, risk and compliance activities and ensure ongoing costs are captured in recurrent budgets. Provide project and operational budget reports as required. Support and advise on cyber security requirements for the development and delivery of new IT services. Make recommendations regarding the effectiveness of the security controls for the IT systems and services. Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure cyber security and compliance with relevant legislation and legal requirements. Must Haves: - Risk Management Experience Ability to interact with Product Teams Ability to do Light weight Audits Up to date knowledge of IS27001 Audited experience Excellent communication skills Ability to undertake verbal updates, reports and meetings Excellent Stakeholder management Be a self-starter with hands on experience Management experience highly desired but not essential Certes Computing (and all of its subsidiary companies) is committed to promoting equality and diversity in its business operations.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and audit experience. Qualifications Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). Consulting and/or accounting firm experience. Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software Familiarity with security tools such as: CyberArk, Splunk, SailPoint Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub Familiarity with databases such as: Oracle, DB2, SQL Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent. preferred
29/03/2023
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and audit experience. Qualifications Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). Consulting and/or accounting firm experience. Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software Familiarity with security tools such as: CyberArk, Splunk, SailPoint Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub Familiarity with databases such as: Oracle, DB2, SQL Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent. preferred
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and audit experience. Qualifications Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). Consulting and/or accounting firm experience. Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software Familiarity with security tools such as: CyberArk, Splunk, SailPoint Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub Familiarity with databases such as: Oracle, DB2, SQL Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent. preferred
29/03/2023
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Manager of Internal Audit and Security. Candidate will manage independent assessments of the Information Technology and Security environment, risk management, and other objectives as needed. The role is responsible for defining the proper scope, approach, and quality are integrated into each audit and that regulatory, operational, and strategic risks are sufficiently mitigated by Management. This role will also be required to present recommendations for improvements to the Internal Audit Leadership and finding owners. Responsibilities: Aid in the development of the risk assessment and comprehensive audit plan on an annual basis. Lead multiple audits and validations simultaneously. Defining and leading the execution of audit projects in accordance with the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, changes to the supported business processes), engagement and alignment of change initiatives to business objectives. Ability to clearly articulate professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Keeping current on leading practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Supporting other department-wide activities such as but not limited to peer reviews of audit deliverables, policy and procedure development and refinement, etc. Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Developing and maintaining effective relationships with business groups and leadership and partnering with management. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and audit experience. Qualifications Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Strong problem solving and analytical capabilities. Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Experience working in a complex, fast paced environment. Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). Consulting and/or accounting firm experience. Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Technical Skills: Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software Familiarity with security tools such as: CyberArk, Splunk, SailPoint Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub Familiarity with databases such as: Oracle, DB2, SQL Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent. preferred
Head of SAP Security - Contract - ASAP start One of our leading clients is seeking a specialist Head of Security to ensure that Security, IT Controls & IT Compliance within the template solution are designed, implemented and rolled out following the guiding principles as well as internal and external standards and applicable regulation in a SAP S/4HANA Programme. Responsibilities: Accountable for Definition and Implementation of Security, IT Controls & IT Compliance for Profectus Programme. Accountable for establishing Security & Controls Policies and establishing Identity and Access policies including SOD (Segregation of Duties). Accountable for identifying and training of control owners and for documentation of IT controls. Accountable for IT Controls Design including assessment the Controls with global and local Auditors. Defines requirements for IT controls reporting as well as IT control automation and aligns with Reporting & Analytics requirements. Maintains and ensures adherence at a local level to CCEP Policies, standards and controls. Accountable to control the identity & access setup procedures and for testing the user ID setup as well as validation of the controls. Skills and Qualifications: Ability to work in Matrix organization Direct and indirect leadership and excellent influencing skills. Experience in working above market or similar. Flexibility to travel across all CCEP locations when required. Deep knowledge of SAP S4/HANA technology in the area of SOD and Identity & Access Management and how to manage these in large scale global organizations Classification - Internal. Experience with enterprise and security architectures for meeting industry standards such as SOX, PCI, ISO 27001, HIPAA, and NIST frameworks. This is a 12-month contract position and will be paying a very attractive day rate. If you are looking for your next contract, contact me on the details below. Email: (see below)
29/03/2023
Project-based
Head of SAP Security - Contract - ASAP start One of our leading clients is seeking a specialist Head of Security to ensure that Security, IT Controls & IT Compliance within the template solution are designed, implemented and rolled out following the guiding principles as well as internal and external standards and applicable regulation in a SAP S/4HANA Programme. Responsibilities: Accountable for Definition and Implementation of Security, IT Controls & IT Compliance for Profectus Programme. Accountable for establishing Security & Controls Policies and establishing Identity and Access policies including SOD (Segregation of Duties). Accountable for identifying and training of control owners and for documentation of IT controls. Accountable for IT Controls Design including assessment the Controls with global and local Auditors. Defines requirements for IT controls reporting as well as IT control automation and aligns with Reporting & Analytics requirements. Maintains and ensures adherence at a local level to CCEP Policies, standards and controls. Accountable to control the identity & access setup procedures and for testing the user ID setup as well as validation of the controls. Skills and Qualifications: Ability to work in Matrix organization Direct and indirect leadership and excellent influencing skills. Experience in working above market or similar. Flexibility to travel across all CCEP locations when required. Deep knowledge of SAP S4/HANA technology in the area of SOD and Identity & Access Management and how to manage these in large scale global organizations Classification - Internal. Experience with enterprise and security architectures for meeting industry standards such as SOX, PCI, ISO 27001, HIPAA, and NIST frameworks. This is a 12-month contract position and will be paying a very attractive day rate. If you are looking for your next contract, contact me on the details below. Email: (see below)
*We are unable to sponsor as this is a permanent Full time role* A prestigious company is on the search for a Sr. SailPoint Engineer. This engineer will focus on the administration, implementation, and management of SailPoint Identity IQ. They will do upgrading and work on custom SailPoint connectors. They will need coding experience with Java, BeanShell, XML, or JavaScript. Responsibilities: Responsible for the administration, implementation and management of SailPoint Identity IQ. Including upgrading and patching of the environment. Designs, Develops Debugs, and Implements built-in and custom SailPoint connectors. Can develop SailPoint integrations utilizing SCIM and Web Services. Builds, Implements, and executes certification/recertification campaigns. Has understanding and has worked in environments utilizing secure code development strategies. Has a strong understanding of how to integrate with HR systems, including the leaver, joiner, mover workflows. Understand and has implemented Role Bases Access Controls within SailPoint. Strong working knowledge of SailPoint, including features, integration, and architecture. Ability to communicate about SailPoint implementation at both the functional and technical level. Experience with git branching and understanding of DevOps tools and processes. Qualifications: Bachelor's degree from an accredited college or university, or equivalent experience. Certification in one or more of the following areas is desired but not required: Certified Information Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Information Security Auditor (CISA). 3+ years of hands-on experience with implementing and managing SailPoint Identity IQ environments. 3+ year of experience with Scripting languages (Java, BeanShell, XML, JavaScript, etc). 3+ years of experience or training in Identity systems security fundamentals design, implementation and troubleshooting across all computer/server platforms. Experience in designing and standing up a new SailPoint Identity IQ environment. Strong understanding of the SailPoint object model, rules, and policies. Experience supporting a distributed hybrid cloud/on-premises environment. Strong understanding of IAM principles and how to implement them in an Enterprise. Experience working with SOX compliance and developing solutions to meet those requirements. Understanding and experience operating within the NIST Security Framework.
29/03/2023
Full time
*We are unable to sponsor as this is a permanent Full time role* A prestigious company is on the search for a Sr. SailPoint Engineer. This engineer will focus on the administration, implementation, and management of SailPoint Identity IQ. They will do upgrading and work on custom SailPoint connectors. They will need coding experience with Java, BeanShell, XML, or JavaScript. Responsibilities: Responsible for the administration, implementation and management of SailPoint Identity IQ. Including upgrading and patching of the environment. Designs, Develops Debugs, and Implements built-in and custom SailPoint connectors. Can develop SailPoint integrations utilizing SCIM and Web Services. Builds, Implements, and executes certification/recertification campaigns. Has understanding and has worked in environments utilizing secure code development strategies. Has a strong understanding of how to integrate with HR systems, including the leaver, joiner, mover workflows. Understand and has implemented Role Bases Access Controls within SailPoint. Strong working knowledge of SailPoint, including features, integration, and architecture. Ability to communicate about SailPoint implementation at both the functional and technical level. Experience with git branching and understanding of DevOps tools and processes. Qualifications: Bachelor's degree from an accredited college or university, or equivalent experience. Certification in one or more of the following areas is desired but not required: Certified Information Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Information Security Auditor (CISA). 3+ years of hands-on experience with implementing and managing SailPoint Identity IQ environments. 3+ year of experience with Scripting languages (Java, BeanShell, XML, JavaScript, etc). 3+ years of experience or training in Identity systems security fundamentals design, implementation and troubleshooting across all computer/server platforms. Experience in designing and standing up a new SailPoint Identity IQ environment. Strong understanding of the SailPoint object model, rules, and policies. Experience supporting a distributed hybrid cloud/on-premises environment. Strong understanding of IAM principles and how to implement them in an Enterprise. Experience working with SOX compliance and developing solutions to meet those requirements. Understanding and experience operating within the NIST Security Framework.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Fortune 500 Company is currently seeking a Senior IAM SailPoint Engineer. Candidate will be responsible for the administration, implementation and management of SailPoint Identity IQ, including upgrading and patching of the environment. Responsibilities: Designs, Develops Debugs, and Implements built-in and custom SailPoint connectors. Can develop SailPoint integrations utilizing SCIM and Web Services. Builds, Implements, and executes certification/recertification campaigns. Has understanding and has worked in environments utilizing secure code development strategies. Has a strong understanding of how to integrate with HR systems, including the leaver, joiner, mover workflows. Understand and has implemented Role Bases Access Controls within SailPoint. Strong working knowledge of SailPoint, including features, integration, and architecture. Ability to communicate about SailPoint implementation at both the functional and technical level. Will participate in peer code and design reviews. Works with technical and business users to gather and implement requirements. Experience with git branching and understanding of DevOps tools and processes. Qualifications: 3+ years of hands-on experience with implementing and managing SailPoint Identity IQ environments. 3+ year of experience with Scripting languages (Java, BeanShell, XML, JavaScript, etc). 3+ years of experience or training in Identity systems security fundamentals design, implementation and troubleshooting across all computer/server platforms. Experience in designing and standing up a new SailPoint Identity IQ environment. Strong understanding of the SailPoint object model, rules, and policies. Experience supporting a distributed hybrid cloud/on-premises environment. Strong understanding of IAM principles and how to implement them in an Enterprise. Experience working with SOX compliance and developing solutions to meet those requirements. Demonstrated understanding of Continuous Improvement thinking. Understanding and experience operating within the NIST Security Framework. Strong written and verbal communication skills. Bachelor's degree from an accredited college or university, or equivalent experience. Certification in one or more of the following areas is desired but not required: Certified Information Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Information Security Auditor (CISA).
29/03/2023
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Fortune 500 Company is currently seeking a Senior IAM SailPoint Engineer. Candidate will be responsible for the administration, implementation and management of SailPoint Identity IQ, including upgrading and patching of the environment. Responsibilities: Designs, Develops Debugs, and Implements built-in and custom SailPoint connectors. Can develop SailPoint integrations utilizing SCIM and Web Services. Builds, Implements, and executes certification/recertification campaigns. Has understanding and has worked in environments utilizing secure code development strategies. Has a strong understanding of how to integrate with HR systems, including the leaver, joiner, mover workflows. Understand and has implemented Role Bases Access Controls within SailPoint. Strong working knowledge of SailPoint, including features, integration, and architecture. Ability to communicate about SailPoint implementation at both the functional and technical level. Will participate in peer code and design reviews. Works with technical and business users to gather and implement requirements. Experience with git branching and understanding of DevOps tools and processes. Qualifications: 3+ years of hands-on experience with implementing and managing SailPoint Identity IQ environments. 3+ year of experience with Scripting languages (Java, BeanShell, XML, JavaScript, etc). 3+ years of experience or training in Identity systems security fundamentals design, implementation and troubleshooting across all computer/server platforms. Experience in designing and standing up a new SailPoint Identity IQ environment. Strong understanding of the SailPoint object model, rules, and policies. Experience supporting a distributed hybrid cloud/on-premises environment. Strong understanding of IAM principles and how to implement them in an Enterprise. Experience working with SOX compliance and developing solutions to meet those requirements. Demonstrated understanding of Continuous Improvement thinking. Understanding and experience operating within the NIST Security Framework. Strong written and verbal communication skills. Bachelor's degree from an accredited college or university, or equivalent experience. Certification in one or more of the following areas is desired but not required: Certified Information Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Information Security Auditor (CISA).
Manager Internal Audit and Security Salary: $150k-$160k Location: Hybrid role in either location Chicago, IL/Dallas, TX *We are unable to provide sponsorship for this role* Required Qualifications Bachelor's degree 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software Familiarity with security tools such as: CyberArk, Splunk, SailPoint Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub One of the following, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent. Preferred Qualifications Familiarity with databases such as: Oracle, DB2, SQL Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI Responsibilities Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience.
29/03/2023
Full time
Manager Internal Audit and Security Salary: $150k-$160k Location: Hybrid role in either location Chicago, IL/Dallas, TX *We are unable to provide sponsorship for this role* Required Qualifications Bachelor's degree 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software Familiarity with security tools such as: CyberArk, Splunk, SailPoint Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub One of the following, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent. Preferred Qualifications Familiarity with databases such as: Oracle, DB2, SQL Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI Responsibilities Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience.
Manager Internal Audit and Security Salary: $150k-$160k Location: Hybrid role in either location Chicago, IL/Dallas, TX *We are unable to provide sponsorship for this role* Required Qualifications Bachelor's degree 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software Familiarity with security tools such as: CyberArk, Splunk, SailPoint Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub One of the following, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent. Preferred Qualifications Familiarity with databases such as: Oracle, DB2, SQL Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI Responsibilities Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience.
29/03/2023
Full time
Manager Internal Audit and Security Salary: $150k-$160k Location: Hybrid role in either location Chicago, IL/Dallas, TX *We are unable to provide sponsorship for this role* Required Qualifications Bachelor's degree 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software Familiarity with security tools such as: CyberArk, Splunk, SailPoint Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub One of the following, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent. Preferred Qualifications Familiarity with databases such as: Oracle, DB2, SQL Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI Responsibilities Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives. Planning, leading and reporting for risk-based and special request audit assignments. Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation. Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality and auditee experience.
Job Title: IT Service/Operation Lead Salary: £28,000 - £30,000 per annum Type: Hybrid Location: Sussex or London On behalf of a key client of ours, we are currently recruiting for an IT Service/Operation Lead on permanent basis. Position Overview As IT Service/Operation Lead you will be responsible for day-to-day operational IT service provision and ensuring data and cyber security maintained and compliant. You will be ensuring a high quality IT operational service is delivered and data and cyber security is maintained, as well as be expected to review the IT operational service provision on an ongoing basis, identifying opportunities. IT Service Lead Duties Include Providing IT and security related support that is effective and customer focused. Reviewing IT support provision requirements. Creating clear documentation to outline IT operations and processes Maintenance of an IT service provision, demonstrating our data security competence to clients, suppliers and third-party auditors Proactive data management including archiving, retention and retrieval, ensuring the IT service remains GDPR compliant. Distributing of mobile devices including laptops, phones, tablets, computers. Contributing to the company risk register (IMS). Responding to GDPR right of access requests. Supporting the IT Manager. Essential: Extensive experience of Microsoft Stack (Azure, Office 365) A good working knowledge of GDPR and compliance requirements The ability to collate and interpret service management statistics. A customer-focused approach to service delivery The ability to prioritise workloads and carry out tasks to set timeframes and deadlines that meet the needs of the business Excellent time management skills Good communications skills, written and verbal. Desired: ITIL Certification, Microsoft accreditations, ISO 27001, Cyber Essentials+, experience in a data and security role
29/03/2023
Full time
Job Title: IT Service/Operation Lead Salary: £28,000 - £30,000 per annum Type: Hybrid Location: Sussex or London On behalf of a key client of ours, we are currently recruiting for an IT Service/Operation Lead on permanent basis. Position Overview As IT Service/Operation Lead you will be responsible for day-to-day operational IT service provision and ensuring data and cyber security maintained and compliant. You will be ensuring a high quality IT operational service is delivered and data and cyber security is maintained, as well as be expected to review the IT operational service provision on an ongoing basis, identifying opportunities. IT Service Lead Duties Include Providing IT and security related support that is effective and customer focused. Reviewing IT support provision requirements. Creating clear documentation to outline IT operations and processes Maintenance of an IT service provision, demonstrating our data security competence to clients, suppliers and third-party auditors Proactive data management including archiving, retention and retrieval, ensuring the IT service remains GDPR compliant. Distributing of mobile devices including laptops, phones, tablets, computers. Contributing to the company risk register (IMS). Responding to GDPR right of access requests. Supporting the IT Manager. Essential: Extensive experience of Microsoft Stack (Azure, Office 365) A good working knowledge of GDPR and compliance requirements The ability to collate and interpret service management statistics. A customer-focused approach to service delivery The ability to prioritise workloads and carry out tasks to set timeframes and deadlines that meet the needs of the business Excellent time management skills Good communications skills, written and verbal. Desired: ITIL Certification, Microsoft accreditations, ISO 27001, Cyber Essentials+, experience in a data and security role
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking an IT Technology and Security Auditor. Candidate will have the ability to clearly articulate professional principles and standards (ie, AICPA, IIA IPPF, COBIT, NIST CSF, etc.) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Responsibilities: Maintaining an understanding of policies, procedures, standards, and supporting technologies to effectively identify potential risks and creative alternatives to mitigate risk exposure. Keeping current on leading practices and emerging risks in IT, information security, and cyber security within the financial services industry and making recommendations for improvements, as necessary. Defining and leading the execution of audit projects in accordance to the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Providing oversight and coaching the internal team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience. Planning, leading, and reporting for risk based special request audit assignments. Proactively identifying regulatory, IT, information security, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Identifying and analysing root cause exceptions or inefficient practices and partnering with management provide advice and recommendations develop achievable solutions. Developing, maintaining, and strengthening effective relationships with IT, business groups and leadership and partnering with management. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Perform other duties as assigned. Qualifications: Knowledge of the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Demonstrated leadership and coaching abilities of staff level resources. Strong problem solving and analytical capabilities. Strong proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software. Bachelor's degree (or equivalent) in Information Technology, Accounting, Finance, Business Administration, or related field. Experience working in a complex, fast paced environment required. Consulting/accounting firm experience is a plus. Experience in Financial Services/Security Industry and working with regulatory organizations such as: Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), and/or Financial Industry Regulatory Authority (FINRA)is a plus. Demonstrated success in leading audit projects and implementing audit leading practices in a complex technology environment. Strong customer service and collaboration skills required. Effective influence, analytical and verbal/written communication skills required. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or similar certification is a plus. Minimum of two years of audit experience in conducting IT risk-based audits and projects, and IT process reviews.
29/03/2023
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking an IT Technology and Security Auditor. Candidate will have the ability to clearly articulate professional principles and standards (ie, AICPA, IIA IPPF, COBIT, NIST CSF, etc.) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls. Responsibilities: Maintaining an understanding of policies, procedures, standards, and supporting technologies to effectively identify potential risks and creative alternatives to mitigate risk exposure. Keeping current on leading practices and emerging risks in IT, information security, and cyber security within the financial services industry and making recommendations for improvements, as necessary. Defining and leading the execution of audit projects in accordance to the annual audit plan. Owning the audit quality, accuracy of results, and delivery in a timely manner. Providing oversight and coaching the internal team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience. Planning, leading, and reporting for risk based special request audit assignments. Proactively identifying regulatory, IT, information security, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership. Identifying and analysing root cause exceptions or inefficient practices and partnering with management provide advice and recommendations develop achievable solutions. Developing, maintaining, and strengthening effective relationships with IT, business groups and leadership and partnering with management. Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education. Perform other duties as assigned. Qualifications: Knowledge of the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). Demonstrated ability to gather, analyze, and evaluate facts, and prepare and present concise oral and written reports. Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions. Ability to work independently or as part of a team, prioritizing multiple audit assignments to simultaneously complete each in a timely fashion. Demonstrated leadership and coaching abilities of staff level resources. Strong problem solving and analytical capabilities. Strong proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software. Bachelor's degree (or equivalent) in Information Technology, Accounting, Finance, Business Administration, or related field. Experience working in a complex, fast paced environment required. Consulting/accounting firm experience is a plus. Experience in Financial Services/Security Industry and working with regulatory organizations such as: Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), and/or Financial Industry Regulatory Authority (FINRA)is a plus. Demonstrated success in leading audit projects and implementing audit leading practices in a complex technology environment. Strong customer service and collaboration skills required. Effective influence, analytical and verbal/written communication skills required. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or similar certification is a plus. Minimum of two years of audit experience in conducting IT risk-based audits and projects, and IT process reviews.
Information Security Manager | £70k | Hybrid/Remote working available! Your new Company Hays are excited to announce we're partnering with an established business based in the Cheltenham area that has grown rapidly over the years. They're now looking for an experienced InfoSec manager to join their team. Your new role As a InfoSec Manager, you will be required to manage the clients and information security department's team to analytically assess any security situation, reacting appropriately by assessing security plans, vulnerabilities and prioritise security strategies to cover the clients important data. You would also need to develop and implement security standards, procedures, and guidelines for multiple platforms and diverse system environments. The role will be home or hybrid working but will involve some travel to other sites which will include Cheltenham and London. Key Responsibilities include: Serve as a focal point of contact for the information security team and the customer or organization Oversight of Information Risk across internal business units Interpreting and applying the company and client information security policy and standards. Measuring compliance to these documents including delivery and development measures to deliver against acknowledged gaps or risk areas Horizon Scanning - keeping abreast of external events, imminent industry and regulatory changes and ensuring that the business understands impacts and plan accordingly. Oversee information security audits, whether by performed by organization or third-party personnel What you'll need to succeed Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) and/or Certified Information Systems Auditor (CISA) PCI DSS knowledge/experience ISO27001 Auditor Experience of working in Private Sector organisations. Good technical knowledge with the ability to explain technical problems to non-technical business stakeholders at all levels. Personal Attributes Demonstrate competence in oral and written communication Problem solver An individual who is self-motivated, with excellent interpersonal/customer relationship experience Have a keen sense of urgency in driving and developing InfoSec/Cyber Services Full time | Hybrid/Remote Working available | £70,000 per annum Apply today! Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
29/03/2023
Full time
Information Security Manager | £70k | Hybrid/Remote working available! Your new Company Hays are excited to announce we're partnering with an established business based in the Cheltenham area that has grown rapidly over the years. They're now looking for an experienced InfoSec manager to join their team. Your new role As a InfoSec Manager, you will be required to manage the clients and information security department's team to analytically assess any security situation, reacting appropriately by assessing security plans, vulnerabilities and prioritise security strategies to cover the clients important data. You would also need to develop and implement security standards, procedures, and guidelines for multiple platforms and diverse system environments. The role will be home or hybrid working but will involve some travel to other sites which will include Cheltenham and London. Key Responsibilities include: Serve as a focal point of contact for the information security team and the customer or organization Oversight of Information Risk across internal business units Interpreting and applying the company and client information security policy and standards. Measuring compliance to these documents including delivery and development measures to deliver against acknowledged gaps or risk areas Horizon Scanning - keeping abreast of external events, imminent industry and regulatory changes and ensuring that the business understands impacts and plan accordingly. Oversee information security audits, whether by performed by organization or third-party personnel What you'll need to succeed Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) and/or Certified Information Systems Auditor (CISA) PCI DSS knowledge/experience ISO27001 Auditor Experience of working in Private Sector organisations. Good technical knowledge with the ability to explain technical problems to non-technical business stakeholders at all levels. Personal Attributes Demonstrate competence in oral and written communication Problem solver An individual who is self-motivated, with excellent interpersonal/customer relationship experience Have a keen sense of urgency in driving and developing InfoSec/Cyber Services Full time | Hybrid/Remote Working available | £70,000 per annum Apply today! Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
Job purpose Cyber Security is responsible for discovering vulnerabilities and risks in networks, software systems and hardware with ongoing vulnerability scans, monitoring network data, and ensuring corporate and Datacentre systems are compliant and secure. Key Responsibilities and duties Daily investigation and monitoring of system logs from devices such as Firewalls, Azure, AV/EDR Platforms, Security Information and Event Management (SIEM) systems and the network environment to identify anomalies such as suspicious network traffic, alerts and indications of compromise. If any are identified, investigate any vulnerabilities and escalate resolution to prevent re-occurrence. Conduct investigations and reporting for incoming phishing emails, mitigate infection vector and discover origin in order to block senders. Conduct OSINT (Open Source Intelligence) against senders and liaise with NCSC to expedite cessation of further threats. Use Cyber Threat Intelligence to protect supply chain and partners. Manage the implementation and monitoring of Honeypots to detect intruders inside the network. Administer and monitor the AV/EDR control panel including the creation of new policies to ensure the compliance of all connected machines (Workstations and Servers in all production, EMS, BMS and Security networks). Smarthost Email Gateway administration including monitoring and reacting to Email born threats. Continued improvement works in order to enhance and adapt the Email Gateway's defensive policies. Conduct Phishing tests against employees and departments, collate results and create security awareness training. Administer and monitor the Web Application Firewall Proxy, review website activity and identify potential malicious websites. Assist the IT Security Manager with Cloud Security Assessments on proposed cloud SaaS. PaaS and IaaS solutions. Continual Cyber Security posture testing of the Workstation, Server, EMS/BMS network and CCTV environments, including testing of new vulnerabilities as they are discovered. Assist in the re-certification of IT Security related audits which include ISO 27001 and Cyber Essentials Plus accreditation scheme. Host, assist and remediate actions presented by internal/external auditors. Liaise with the IT Security Manager to conduct intelligence projects into current and evolving threats from various information security websites, dark net forums and Cyber Security groups using inhouse Cyber Threat Intelligence tools. Research new methods and tools which could be used against installed infrastructure, including carrying out internal penetration tests in order to improve the security posture of the organisation. Capture, review and investigation of received malware that bypasses security systems using Sandbox tools. Reverse engineer malware to discover C2 (Command and control Server) origins and ascertain IOC's (Indicators of Compromise) to confirm the infection vector and remediate. Conduct forensics on infected systems and create new security policies to vaccinate against further attacks. Assist Penetration Testers including completing prerequisites prior to arrival, creation and configuration of workspace, agreement on scope of works and technical knowledge of installed infrastructure including assistance where required. Cyber Security Penetration test remediation works including reporting vulnerabilities to the Senior Leadership Team (SLT) and NCSC, remediation of discovered vulnerabilities and proof of work within a strict time frame. Complete security reviews against all external public facing services such as our corporate website, ticketing system and future perimeter services. Liaise with Construction and contractors, implement best practices and build reviews of their hardware that is used within the network infrastructure. Recommend hardening procedures for equipment used in current and new buildings. Assist the IT Security Manager to provide security reports, talks, training and demonstrations in order to confirm Cyber Security posture. Assist the IT team with the patching of the estate including Corporate, Security, BMS and EMS Servers and workstations. This includes 3rd party software being used in the corporate environment. Continue to enhance security posture for the employees and company, introduce new tools and policies, assist with disaster recovery exercises. Assist the IT Security Manager in providing weekly and monthly threat intelligence reports for SLT. Continued survey of software used to ensure no company acquisitions affect ISO 27001 accreditation or security posture. Training and security awareness for all staff, create a security knowledgebase system that all staff can access. Experience, Skills and Qualifications Strong background in Cyber Security, IT and network systems, architectures and applications, such as knowledge of Windows OS, Linux OS, networking, Active Directory, VMWare and Azure. Experience with AV/EDR software, Email Gateway Smarthosts, SIEM, intrusion detection, Firewalls and web application Firewall content filtering. Knowledge of designing secure networks, systems and application architectures. Knowledge of disaster recovery, computer forensic tools, technologies and methods. Professional experience in a system administration role supporting multiple platforms and applications. Ability to obtain relevant security clearance. MSc or BSc in computer science, technology or security subject is an advantage. Cyber Security related certifications such as SANS, AZ-500, Security+ and CEH is an advantage. Access to own vehicle for company travel. We are committed to a hybrid working environment and therefore expectation is attendance at the office, a minimum of 3 days per week.
29/03/2023
Full time
Job purpose Cyber Security is responsible for discovering vulnerabilities and risks in networks, software systems and hardware with ongoing vulnerability scans, monitoring network data, and ensuring corporate and Datacentre systems are compliant and secure. Key Responsibilities and duties Daily investigation and monitoring of system logs from devices such as Firewalls, Azure, AV/EDR Platforms, Security Information and Event Management (SIEM) systems and the network environment to identify anomalies such as suspicious network traffic, alerts and indications of compromise. If any are identified, investigate any vulnerabilities and escalate resolution to prevent re-occurrence. Conduct investigations and reporting for incoming phishing emails, mitigate infection vector and discover origin in order to block senders. Conduct OSINT (Open Source Intelligence) against senders and liaise with NCSC to expedite cessation of further threats. Use Cyber Threat Intelligence to protect supply chain and partners. Manage the implementation and monitoring of Honeypots to detect intruders inside the network. Administer and monitor the AV/EDR control panel including the creation of new policies to ensure the compliance of all connected machines (Workstations and Servers in all production, EMS, BMS and Security networks). Smarthost Email Gateway administration including monitoring and reacting to Email born threats. Continued improvement works in order to enhance and adapt the Email Gateway's defensive policies. Conduct Phishing tests against employees and departments, collate results and create security awareness training. Administer and monitor the Web Application Firewall Proxy, review website activity and identify potential malicious websites. Assist the IT Security Manager with Cloud Security Assessments on proposed cloud SaaS. PaaS and IaaS solutions. Continual Cyber Security posture testing of the Workstation, Server, EMS/BMS network and CCTV environments, including testing of new vulnerabilities as they are discovered. Assist in the re-certification of IT Security related audits which include ISO 27001 and Cyber Essentials Plus accreditation scheme. Host, assist and remediate actions presented by internal/external auditors. Liaise with the IT Security Manager to conduct intelligence projects into current and evolving threats from various information security websites, dark net forums and Cyber Security groups using inhouse Cyber Threat Intelligence tools. Research new methods and tools which could be used against installed infrastructure, including carrying out internal penetration tests in order to improve the security posture of the organisation. Capture, review and investigation of received malware that bypasses security systems using Sandbox tools. Reverse engineer malware to discover C2 (Command and control Server) origins and ascertain IOC's (Indicators of Compromise) to confirm the infection vector and remediate. Conduct forensics on infected systems and create new security policies to vaccinate against further attacks. Assist Penetration Testers including completing prerequisites prior to arrival, creation and configuration of workspace, agreement on scope of works and technical knowledge of installed infrastructure including assistance where required. Cyber Security Penetration test remediation works including reporting vulnerabilities to the Senior Leadership Team (SLT) and NCSC, remediation of discovered vulnerabilities and proof of work within a strict time frame. Complete security reviews against all external public facing services such as our corporate website, ticketing system and future perimeter services. Liaise with Construction and contractors, implement best practices and build reviews of their hardware that is used within the network infrastructure. Recommend hardening procedures for equipment used in current and new buildings. Assist the IT Security Manager to provide security reports, talks, training and demonstrations in order to confirm Cyber Security posture. Assist the IT team with the patching of the estate including Corporate, Security, BMS and EMS Servers and workstations. This includes 3rd party software being used in the corporate environment. Continue to enhance security posture for the employees and company, introduce new tools and policies, assist with disaster recovery exercises. Assist the IT Security Manager in providing weekly and monthly threat intelligence reports for SLT. Continued survey of software used to ensure no company acquisitions affect ISO 27001 accreditation or security posture. Training and security awareness for all staff, create a security knowledgebase system that all staff can access. Experience, Skills and Qualifications Strong background in Cyber Security, IT and network systems, architectures and applications, such as knowledge of Windows OS, Linux OS, networking, Active Directory, VMWare and Azure. Experience with AV/EDR software, Email Gateway Smarthosts, SIEM, intrusion detection, Firewalls and web application Firewall content filtering. Knowledge of designing secure networks, systems and application architectures. Knowledge of disaster recovery, computer forensic tools, technologies and methods. Professional experience in a system administration role supporting multiple platforms and applications. Ability to obtain relevant security clearance. MSc or BSc in computer science, technology or security subject is an advantage. Cyber Security related certifications such as SANS, AZ-500, Security+ and CEH is an advantage. Access to own vehicle for company travel. We are committed to a hybrid working environment and therefore expectation is attendance at the office, a minimum of 3 days per week.
SC or DV Cleared Cyber Security/IA Manager - OUTSIDE IR35 - 12 month Contract - Cheltenham iO Associates are currently looking for an SC or DV Cleared Cyber Security/IA Manager for an initial 12 month contract role offering £550 a day (OUTSIDE IR35) - this is a 2 year project so there will be an extension after the initial 12 month period. The client has asked candidates to be onsite in Cheltenham and offer flexible working times around this. You must have active SC or DV Clearance to apply for this role. Any experience working with Defence Consultancies is highly desirable. This will be a 1 stage interview via Teams and our client is looking to interview candidates this and next week. They would like you to start ASAP - they can work with a 4 week notice period, but ideally want you to start sooner if possible. You will need the following experience (but are not limited to): NCSC Certified Cyber Professional (CCP) Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) ISO 27001 Lead Auditor and/or Implementer COMPTIA Security+ Certified Cyber Essentials Plus Assessor Various programme and project management qualifications If you're an SC or DV Cleared Cyber Security Manager looking for an initial 12-month contract (OUTSIDE IR35) offering up to £550 a day, then either apply below or send an updated CV and I will get in touch. The client is looking to fill the role ASAP so interviews (1-stage) will take place immediately. SC or DV Cleared Cyber Security/IA Manager - OUTSIDE IR35 - 12 month Contract - Cheltenham
28/03/2023
Project-based
SC or DV Cleared Cyber Security/IA Manager - OUTSIDE IR35 - 12 month Contract - Cheltenham iO Associates are currently looking for an SC or DV Cleared Cyber Security/IA Manager for an initial 12 month contract role offering £550 a day (OUTSIDE IR35) - this is a 2 year project so there will be an extension after the initial 12 month period. The client has asked candidates to be onsite in Cheltenham and offer flexible working times around this. You must have active SC or DV Clearance to apply for this role. Any experience working with Defence Consultancies is highly desirable. This will be a 1 stage interview via Teams and our client is looking to interview candidates this and next week. They would like you to start ASAP - they can work with a 4 week notice period, but ideally want you to start sooner if possible. You will need the following experience (but are not limited to): NCSC Certified Cyber Professional (CCP) Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) ISO 27001 Lead Auditor and/or Implementer COMPTIA Security+ Certified Cyber Essentials Plus Assessor Various programme and project management qualifications If you're an SC or DV Cleared Cyber Security Manager looking for an initial 12-month contract (OUTSIDE IR35) offering up to £550 a day, then either apply below or send an updated CV and I will get in touch. The client is looking to fill the role ASAP so interviews (1-stage) will take place immediately. SC or DV Cleared Cyber Security/IA Manager - OUTSIDE IR35 - 12 month Contract - Cheltenham
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Company is currently seeking a Manager of Linux Systems Administration. Candidate will lead a team highly talented Linux engineers to facilitate the administration of the computing environment. Provide team leadership required to support a large, complex Linux based computing environment and an increasing transition to infrastructure in Cloud. Assist in driving infrastructure as code mentality throughout the organization and demonstrate a passion for automation concepts and tools. Provide mentoring and direction to the team on DevOps and automation. Utilize customer service skills while acting as a technical resource to internal departments and system users. Responsibilities: Manage day to day operations of highly virtualized Linux compute infrastructure Provide status reporting (availability, performance capacity utilization) Create and maintain process & policy documentation Drive automation of Linux systems Develop Linux server team to align with the future technology roadmap. Forecast System demands and recommend upgrades, expansions and reconfiguration Resource planning Provide input into strategic compute infrastructure plans and help drive alignment with application teams, security and business Collaborate with application support teams to drive improvements in communication, architecture, and performance Act as a liaison for customer relations and represent server teams Manage enterprise server environment related projects Lead audit and security responsibilities that include routine reviews and reporting of technology policies and security compliance Ensure all server systems comply with regulatory requirements Work with auditors to remediate and closeout all remediation, regulatory, and audit findings Draft proposals to tackle technology challenges and work with vendors to provide best solution at optimal cost Responsible for change management process for server infrastructure Use good judgment and escalate when necessary and keep management informed Performance Management and development of the team members Qualifications: Excellent communication and people management skills Ability to work effectively with clients, technical staff, consultants and vendors Ability to work well under pressure and within deadlines Experience with disaster recovery testing and creating technical/process documentation Ability to communicate well and manage a team located in multiple cities Good consultative, communication, analytical, and judgment skills Strong background in Compute (Linux) administration Working knowledge of Virtualization and Storage infrastructure Working knowledge and experience in Cloud Infrastructure Linux Systems (Redhat and Amazon linux) EMC storage VMWare virtualization Cloud technologies (AWS) CI/CD (Terraform, Jenkins, Artifactory, Github) Automation (Ansible, Python) Bachelor's degree (or equivalent) in Computer Science or a related discipline Minimum 7 years of experience in Compute (Linux) administration Minimum 3 years of experience in Cloud technologies and CI/CD technologies Minimum 3 years of experience in managing people and leading projects. Experience in a regulated/financial industry a plus
27/03/2023
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Company is currently seeking a Manager of Linux Systems Administration. Candidate will lead a team highly talented Linux engineers to facilitate the administration of the computing environment. Provide team leadership required to support a large, complex Linux based computing environment and an increasing transition to infrastructure in Cloud. Assist in driving infrastructure as code mentality throughout the organization and demonstrate a passion for automation concepts and tools. Provide mentoring and direction to the team on DevOps and automation. Utilize customer service skills while acting as a technical resource to internal departments and system users. Responsibilities: Manage day to day operations of highly virtualized Linux compute infrastructure Provide status reporting (availability, performance capacity utilization) Create and maintain process & policy documentation Drive automation of Linux systems Develop Linux server team to align with the future technology roadmap. Forecast System demands and recommend upgrades, expansions and reconfiguration Resource planning Provide input into strategic compute infrastructure plans and help drive alignment with application teams, security and business Collaborate with application support teams to drive improvements in communication, architecture, and performance Act as a liaison for customer relations and represent server teams Manage enterprise server environment related projects Lead audit and security responsibilities that include routine reviews and reporting of technology policies and security compliance Ensure all server systems comply with regulatory requirements Work with auditors to remediate and closeout all remediation, regulatory, and audit findings Draft proposals to tackle technology challenges and work with vendors to provide best solution at optimal cost Responsible for change management process for server infrastructure Use good judgment and escalate when necessary and keep management informed Performance Management and development of the team members Qualifications: Excellent communication and people management skills Ability to work effectively with clients, technical staff, consultants and vendors Ability to work well under pressure and within deadlines Experience with disaster recovery testing and creating technical/process documentation Ability to communicate well and manage a team located in multiple cities Good consultative, communication, analytical, and judgment skills Strong background in Compute (Linux) administration Working knowledge of Virtualization and Storage infrastructure Working knowledge and experience in Cloud Infrastructure Linux Systems (Redhat and Amazon linux) EMC storage VMWare virtualization Cloud technologies (AWS) CI/CD (Terraform, Jenkins, Artifactory, Github) Automation (Ansible, Python) Bachelor's degree (or equivalent) in Computer Science or a related discipline Minimum 7 years of experience in Compute (Linux) administration Minimum 3 years of experience in Cloud technologies and CI/CD technologies Minimum 3 years of experience in managing people and leading projects. Experience in a regulated/financial industry a plus
