The Opportunity: Our client, a large, multidisciplinary engineering consultancy, is looking to attract an OT Cyber Security Consultant to advise clients in the transport technology and energy industries on their compliance to Cyber Security industry standards (NIS-D, NIST, ISO 27001, ISA/IEC 62443, etc.). You will provide strategic advice and technical consultancy on IT and OT infrastructure, producing detailed risk assessments, technical reports and tailored solutions for end clients. This is a home based role working 2 days a week from a local office, I would be particularly interested in speaking to candidates based in the London, Birmingham, Bristol or Manchester areas. Skills and Experience: Strong knowledge of industry standards and regulatory requirements for Operational Technology (ISA/IEC 62443, etc.) Exposure to other relevant industry standards (NIS-D, NIST, ISO 27001, GDPR) Knowledge of Incident Management frameworks, Security incident analysis, digital forensics, crisis management, SOC operations and supporting tools Exceptional client facing skills, with the ability to present technical information to non-technical individuals Exposure to Cyber security in the Operational Technology, IoT/IIoT, Energy, Rail, industrial or Highways sectors would be highly beneficial Able to lead and develop a team of junior cyber security professionals Please call James Sample here at ISR to learn more .
26/06/2024
Full time
The Opportunity: Our client, a large, multidisciplinary engineering consultancy, is looking to attract an OT Cyber Security Consultant to advise clients in the transport technology and energy industries on their compliance to Cyber Security industry standards (NIS-D, NIST, ISO 27001, ISA/IEC 62443, etc.). You will provide strategic advice and technical consultancy on IT and OT infrastructure, producing detailed risk assessments, technical reports and tailored solutions for end clients. This is a home based role working 2 days a week from a local office, I would be particularly interested in speaking to candidates based in the London, Birmingham, Bristol or Manchester areas. Skills and Experience: Strong knowledge of industry standards and regulatory requirements for Operational Technology (ISA/IEC 62443, etc.) Exposure to other relevant industry standards (NIS-D, NIST, ISO 27001, GDPR) Knowledge of Incident Management frameworks, Security incident analysis, digital forensics, crisis management, SOC operations and supporting tools Exceptional client facing skills, with the ability to present technical information to non-technical individuals Exposure to Cyber security in the Operational Technology, IoT/IIoT, Energy, Rail, industrial or Highways sectors would be highly beneficial Able to lead and develop a team of junior cyber security professionals Please call James Sample here at ISR to learn more .
Compliance Manager - EdTech Schools shape young minds and build foundations for the future. Yet the education sector faces immense pressures. Overworked teachers, endless administrative tasks, and the constant need to do more with less. As Compliance Manager for this EdTech company, you'll play a crucial part in alleviating these pressures for schools. You'll help develop tools that free teachers and school staff to focus on what truly matters - fostering a learning environment that achieves great outcomes for all students. About the Job: Working alongside ex-teachers and EdTech engineers, you'll be part of a team that truly cares about improving education standards for everyone. As the first person to step into this role, you'll have total ownership and the full backing of senior leadership. You'll be given full autonomy to build the compliance framework from scratch. This includes creating and implementing policies/procedures, leading audits (ISO27001, ISO9001, PCI-DSS, Cyber Essentials Plus), and developing company-wide standards. Collaborating across product and engineering teams - you'll ensure the platform and product security is robust, and staff are suitably trained. You'll also handle due diligence for seamless integration as the company moves into an exciting new phase. About You: You're an experienced compliance professional with deep expertise in relevant frameworks. With excellent leadership, analytical, decision-making, and communication abilities, you thrive in fast-paced environments and can prioritise effectively. In particular, you'll need: Proven track record in compliance or infosec management roles In-depth mastery of ISO27001, ISO9001, PCI-DSS, Cyber Essentials Plus Prior experience with compliance tooling like SecureFrame is a plus In return, you'll get: 32 days of annual holiday (25 days leave + 7 company-wide days off) Enhanced parental leave - 20 weeks full pay for maternity/adoption, 6 weeks paternity A dedicated wellbeing team championing mindfulness, training, mental health, and more Flexible working arrangements tailored to you Social events, celebrations, community-building, and dog-friendly offices Professional development budget for training courses, memberships, financial coaching, and more Paid time to volunteer with charities of your choice Above all, your work will positively impact students and educators across the nation - paving the way to a better future for all. If you're ready to transform education for good, apply now. Everyone will get a response.
26/06/2024
Full time
Compliance Manager - EdTech Schools shape young minds and build foundations for the future. Yet the education sector faces immense pressures. Overworked teachers, endless administrative tasks, and the constant need to do more with less. As Compliance Manager for this EdTech company, you'll play a crucial part in alleviating these pressures for schools. You'll help develop tools that free teachers and school staff to focus on what truly matters - fostering a learning environment that achieves great outcomes for all students. About the Job: Working alongside ex-teachers and EdTech engineers, you'll be part of a team that truly cares about improving education standards for everyone. As the first person to step into this role, you'll have total ownership and the full backing of senior leadership. You'll be given full autonomy to build the compliance framework from scratch. This includes creating and implementing policies/procedures, leading audits (ISO27001, ISO9001, PCI-DSS, Cyber Essentials Plus), and developing company-wide standards. Collaborating across product and engineering teams - you'll ensure the platform and product security is robust, and staff are suitably trained. You'll also handle due diligence for seamless integration as the company moves into an exciting new phase. About You: You're an experienced compliance professional with deep expertise in relevant frameworks. With excellent leadership, analytical, decision-making, and communication abilities, you thrive in fast-paced environments and can prioritise effectively. In particular, you'll need: Proven track record in compliance or infosec management roles In-depth mastery of ISO27001, ISO9001, PCI-DSS, Cyber Essentials Plus Prior experience with compliance tooling like SecureFrame is a plus In return, you'll get: 32 days of annual holiday (25 days leave + 7 company-wide days off) Enhanced parental leave - 20 weeks full pay for maternity/adoption, 6 weeks paternity A dedicated wellbeing team championing mindfulness, training, mental health, and more Flexible working arrangements tailored to you Social events, celebrations, community-building, and dog-friendly offices Professional development budget for training courses, memberships, financial coaching, and more Paid time to volunteer with charities of your choice Above all, your work will positively impact students and educators across the nation - paving the way to a better future for all. If you're ready to transform education for good, apply now. Everyone will get a response.
Job Title: Security Engineer Salary: £80,000 to £90,000 + Benefits We are seeking a Security Engineer, for a fast-growing FinTech firm, specialising in Wealth Management and Financial Advisory. As the first dedicated cybersecurity professional you'll play a pivotal role in establishing and fortifying the firm's cybersecurity infrastructure (Greenfield). The focus here is on application security/DevSecOps, we seek someone adept in AWS cloud computing and how to apply security controls in cloud applications and databases as well as experience with Docker containerisation and how it works under Kubernetes. Reporting directly to the CTO and collaborating closely with key stakeholders, including Engineering, Head of Platforms, and Head of Compliance, you'll be the go-to expert for all security matters. Required Experience: 5+ years of experience as a professional cybersecurity engineer. Proficiency in programming/Scripting languages such as Python, PowerShell, etc. Familiarity with industry-recognized frameworks (eg, CIS, ISO) and regulatory guidelines (eg, GDPR). Strong understanding of cloud computing and application of security controls in cloud architectures. Familiarity with distributed event stores such as Apache Kafka. Proficiency with operating systems (eg, Linux) and command-line interfaces. Experience with network security, incident management, and penetration testing. Familiarity with automated cloud-based CI/CD pipelines and secure software design principles. Responsibilities: Lead the implementation of cybersecurity measures, serving as the primary point of contact for all security-related matters. Collaborate closely with engineering teams to embed security-by-design principles into development processes. Conduct thorough reviews of existing tools and processes, identifying gaps and implementing enhancements to strengthen our security posture. Perform security scanning and vulnerability management, taking proactive measures to reduce operational risks. Monitor security alerts and implement mitigations to safeguard against potential threats and attacks. Develop and deploy tools and automation to streamline common security operations tasks. Introduce and integrate tools to enhance internal capabilities for routine security testing activities. Drive the development and enhancement of our cybersecurity strategy, with a focus on achieving industry certifications. Provide cybersecurity education and coaching to technology and business groups, fostering a culture of heightened awareness and responsibility. In addition to your technical prowess, we require strong communication skills and a collaborative mindset. You'll have the unique opportunity to shape and implement security measures from the ground up in a rapidly growing organisation. You'll have the opportunity to educate and coach both technology and business groups on cybersecurity best practices, fostering a culture of heightened awareness and responsibility across the organisation. If you're passionate about cybersecurity, eager to make a tangible impact and thrive in a fast-paced, innovative environment, we'd love to hear from you.
26/06/2024
Full time
Job Title: Security Engineer Salary: £80,000 to £90,000 + Benefits We are seeking a Security Engineer, for a fast-growing FinTech firm, specialising in Wealth Management and Financial Advisory. As the first dedicated cybersecurity professional you'll play a pivotal role in establishing and fortifying the firm's cybersecurity infrastructure (Greenfield). The focus here is on application security/DevSecOps, we seek someone adept in AWS cloud computing and how to apply security controls in cloud applications and databases as well as experience with Docker containerisation and how it works under Kubernetes. Reporting directly to the CTO and collaborating closely with key stakeholders, including Engineering, Head of Platforms, and Head of Compliance, you'll be the go-to expert for all security matters. Required Experience: 5+ years of experience as a professional cybersecurity engineer. Proficiency in programming/Scripting languages such as Python, PowerShell, etc. Familiarity with industry-recognized frameworks (eg, CIS, ISO) and regulatory guidelines (eg, GDPR). Strong understanding of cloud computing and application of security controls in cloud architectures. Familiarity with distributed event stores such as Apache Kafka. Proficiency with operating systems (eg, Linux) and command-line interfaces. Experience with network security, incident management, and penetration testing. Familiarity with automated cloud-based CI/CD pipelines and secure software design principles. Responsibilities: Lead the implementation of cybersecurity measures, serving as the primary point of contact for all security-related matters. Collaborate closely with engineering teams to embed security-by-design principles into development processes. Conduct thorough reviews of existing tools and processes, identifying gaps and implementing enhancements to strengthen our security posture. Perform security scanning and vulnerability management, taking proactive measures to reduce operational risks. Monitor security alerts and implement mitigations to safeguard against potential threats and attacks. Develop and deploy tools and automation to streamline common security operations tasks. Introduce and integrate tools to enhance internal capabilities for routine security testing activities. Drive the development and enhancement of our cybersecurity strategy, with a focus on achieving industry certifications. Provide cybersecurity education and coaching to technology and business groups, fostering a culture of heightened awareness and responsibility. In addition to your technical prowess, we require strong communication skills and a collaborative mindset. You'll have the unique opportunity to shape and implement security measures from the ground up in a rapidly growing organisation. You'll have the opportunity to educate and coach both technology and business groups on cybersecurity best practices, fostering a culture of heightened awareness and responsibility across the organisation. If you're passionate about cybersecurity, eager to make a tangible impact and thrive in a fast-paced, innovative environment, we'd love to hear from you.
Hamilton Barnes are representing a leading Insurance company renowned for its stability and innovation, which translates to exceptional client trust and loyalty. We have an exciting opportunity to join their dynamic team in their vibrant office in the heart of London. The client is offering a 6-month contract with the view to extension for over 12 months. The ideal candidate will be proficient in design, implementation, and integrate new automations and components to their cybersecurity incident response platform. Key Responsibilities: Design and build new cybersecurity orchestration automation via API integrations. Maintain and improve the performance, scalability, and reliability of the existing automations within the cybersecurity orchestration platform. Conduct research to identify and implement new techniques and tools that can enhance the effectiveness and efficiency of the cybersecurity orchestration automation platform. What You Will I deally Bring: Passion, drive, and a belief in the value of cybersecurity automation as an enabler of business performance. Experience in python development in complex corporate environments. A track record of successful delivery in API integrations developed with Python. The ability to communicate with a broad spectrum of stakeholders effectively - from cybersecurity analysts to application owners. Experience working with SOAR capabilities development. Knowledge of detection rule development, covering tools (such as SIEM, EDRs) and industry frameworks (such as MITRE ATT&CK®). Contract Details: Duration: 6 months Location: London/Hybrid Day Rate: Up to £575 Per Day (Inside IR35) Start Date: Immediate
26/06/2024
Project-based
Hamilton Barnes are representing a leading Insurance company renowned for its stability and innovation, which translates to exceptional client trust and loyalty. We have an exciting opportunity to join their dynamic team in their vibrant office in the heart of London. The client is offering a 6-month contract with the view to extension for over 12 months. The ideal candidate will be proficient in design, implementation, and integrate new automations and components to their cybersecurity incident response platform. Key Responsibilities: Design and build new cybersecurity orchestration automation via API integrations. Maintain and improve the performance, scalability, and reliability of the existing automations within the cybersecurity orchestration platform. Conduct research to identify and implement new techniques and tools that can enhance the effectiveness and efficiency of the cybersecurity orchestration automation platform. What You Will I deally Bring: Passion, drive, and a belief in the value of cybersecurity automation as an enabler of business performance. Experience in python development in complex corporate environments. A track record of successful delivery in API integrations developed with Python. The ability to communicate with a broad spectrum of stakeholders effectively - from cybersecurity analysts to application owners. Experience working with SOAR capabilities development. Knowledge of detection rule development, covering tools (such as SIEM, EDRs) and industry frameworks (such as MITRE ATT&CK®). Contract Details: Duration: 6 months Location: London/Hybrid Day Rate: Up to £575 Per Day (Inside IR35) Start Date: Immediate
IT Security Engineer Glasgow - Hybrid working 3 days per week in the office £50,000 - £55,000 + benefits Fantastic new permanent opportunity for an experienced IT Security Engineer with a broad background within IT Infrastrucutre and security engineering and operations for this specialist financial services analytics business based in Glasgow. As a specialist Security Engineer, you will work as part of their DevSecOps team based in Glasgow. The role will involve working closely with the wider technology teams to enhance their cyber maturity. Furthermore, it provides the opportunity to contribute towards the implementation and management of various security technologies. Main responsibilities: Analysing security events and incidents relating to internal and customer assets. Designing and developing SIEM security use cases. Designing and implementing security controls and secure configurations. Maintaining proactive vulnerability scanning ensuring that all known vulnerabilities are addressed in line with policy. Collaborating with development teams to implement secure development practices. Configuring and maintaining security tooling across the infrastructure. Collaborating on maturing security incident management processes and playbooks. Collaborating with third-party led security tests, assessments and audits of our information security information security policies, procedures, and systems. Identifying, assessing, managing, remediating, and tracking information security risks through our risk management framework and ensuring key risks are reported to the CISO. Performing regular internal security audits aligned to ISO/IEC 27001 and SOC2 controls. Developing our security awareness training programme aligned with internal security policies. Comfortable engaging with customers and internal stakeholders to discuss security related matters. Skills Required: Proven hands-on experience as an IT Security Engineer or similar working with tools such as SIEM, vulnerability management, endpoint detection & response (EDR), applications security, identity, and access management, etc. Ability to work in a small high performing team, collaborating with other technical resources whilst aligning to the security strategy. Technical knowledge and experience with SIEM, SOAR, IDPS, DDoS, Malware Protection, Vulnerability Management, and Application Security tooling, etc. Knowledge of Information Security frameworks (CIS, NIST, NCSC CAF), supporting processes and toolsets. Ability to breakdown and solve complex problems across multiple domains and successfully lead the recovery of major and/or complex security incidents. Knowledge and experience of threat hunting and problem-solving through reviewing logs and identifying anomalous activities (Desirable). For any further queries regarding the role, please contact Danny Palmer at (see below)
25/06/2024
Full time
IT Security Engineer Glasgow - Hybrid working 3 days per week in the office £50,000 - £55,000 + benefits Fantastic new permanent opportunity for an experienced IT Security Engineer with a broad background within IT Infrastrucutre and security engineering and operations for this specialist financial services analytics business based in Glasgow. As a specialist Security Engineer, you will work as part of their DevSecOps team based in Glasgow. The role will involve working closely with the wider technology teams to enhance their cyber maturity. Furthermore, it provides the opportunity to contribute towards the implementation and management of various security technologies. Main responsibilities: Analysing security events and incidents relating to internal and customer assets. Designing and developing SIEM security use cases. Designing and implementing security controls and secure configurations. Maintaining proactive vulnerability scanning ensuring that all known vulnerabilities are addressed in line with policy. Collaborating with development teams to implement secure development practices. Configuring and maintaining security tooling across the infrastructure. Collaborating on maturing security incident management processes and playbooks. Collaborating with third-party led security tests, assessments and audits of our information security information security policies, procedures, and systems. Identifying, assessing, managing, remediating, and tracking information security risks through our risk management framework and ensuring key risks are reported to the CISO. Performing regular internal security audits aligned to ISO/IEC 27001 and SOC2 controls. Developing our security awareness training programme aligned with internal security policies. Comfortable engaging with customers and internal stakeholders to discuss security related matters. Skills Required: Proven hands-on experience as an IT Security Engineer or similar working with tools such as SIEM, vulnerability management, endpoint detection & response (EDR), applications security, identity, and access management, etc. Ability to work in a small high performing team, collaborating with other technical resources whilst aligning to the security strategy. Technical knowledge and experience with SIEM, SOAR, IDPS, DDoS, Malware Protection, Vulnerability Management, and Application Security tooling, etc. Knowledge of Information Security frameworks (CIS, NIST, NCSC CAF), supporting processes and toolsets. Ability to breakdown and solve complex problems across multiple domains and successfully lead the recovery of major and/or complex security incidents. Knowledge and experience of threat hunting and problem-solving through reviewing logs and identifying anomalous activities (Desirable). For any further queries regarding the role, please contact Danny Palmer at (see below)
Our client is seeking an experienced and dedicated Infrastructure Technical Lead to join their team. This role offers a unique opportunity for a seasoned professional with a strong background in IT infrastructure and cloud services, coupled with exceptional leadership skills. The successful candidate will have the chance to design and deliver top-tier solutions, ensuring all projects adhere to necessary cyber security standards. Senior Infrastructure Engineer (Team Lead) Salary: Up to £55000 + Car Allowance + Bonus Location: Newton-Le-Willows (2-3 days a week on site) Our client is seeking an experienced and dedicated Infrastructure Technical Lead to join their dynamic team. This role offers a unique opportunity for a seasoned professional with a strong background in IT infrastructure and cloud services, coupled with exceptional leadership skills. The successful candidate will have the chance to design and deliver top-tier solutions, ensuring all projects adhere to necessary cyber security standards. With a focus on effective team management and smooth incident management, this role is perfect for those who thrive in fast-paced environments. Additionally, the ability to provide accurate reporting on infrastructure delivery is essential, showcasing your organisational skills. What you'll do: As an Infrastructure Technical Lead, you will be at the forefront of technical delivery, strategy, and leadership within the IT Operations Teams. Your role will involve participating actively in the development and delivery of the IT Infrastructure, Microsoft cloud estate, supporting services and applications. You will ensure adherence to information security standards, corporate governance policies, and standards. Working closely with senior leadership, you will help develop and deliver IT strategies that align with company's goals and objectives. Managing a team of experienced Infrastructure Operations Engineers, you will provide excellent support in all aspects of IT infrastructure operations. Your responsibilities also include supporting the design of best-in-class IT infrastructure and cloud services solutions. Furthermore, you will be responsible for providing accurate reporting on the delivery of IT Infrastructure and services across a wide range of activities. Provide technical delivery, strategy and leadership across the IT Operations Teams Participate in the development and active delivery of the IT Infrastructure, Microsoft cloud estate, supporting services and applications Ensure information security, corporate governance, policies and standards are adhered to Work closely with senior leadership to develop and deliver IT strategies that align with company's goals and objectives Manage a team of experienced Infrastructure Operations Engineers to provide excellent support in all aspects of IT infrastructure Operations Support the design of best in breed IT infrastructure and cloud services and solutions Responsible for providing accurate reporting on the delivery of IT Infrastructure, and services across the full range of activity What you bring: The ideal candidate for this Infrastructure Technical Lead position brings a wealth of experience in both technical expertise and leadership. With a strong background in IT infrastructure and cloud services, you have proven your ability to design and deliver top-tier solutions. Your understanding of cyber security standards ensures that all projects adhere to necessary regulations. Your leadership skills shine through your ability to manage teams effectively, while your experience in incident management ensures smooth operations. Your ability to provide accurate reporting on infrastructure delivery is a testament to your organisational skills. Proven skills in Networking, VMware, MPLS, Storage and backup solutions Experience with Azure, data factory, power apps Strong knowledge of IT Security Ability to manage teams effectively Experience in incident management within an IT operations context Strong technical background in IT infrastructure and cloud services What sets this company apart: Our client is a leading organisation with a strong commitment to excellence and innovation. They offer an inclusive and supportive work environment where every team member is valued for their unique contributions. Their focus on continuous learning and development ensures that their employees are always at the forefront of industry advancements. This is an exciting opportunity to join a dynamic team and make a significant impact. Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates
25/06/2024
Full time
Our client is seeking an experienced and dedicated Infrastructure Technical Lead to join their team. This role offers a unique opportunity for a seasoned professional with a strong background in IT infrastructure and cloud services, coupled with exceptional leadership skills. The successful candidate will have the chance to design and deliver top-tier solutions, ensuring all projects adhere to necessary cyber security standards. Senior Infrastructure Engineer (Team Lead) Salary: Up to £55000 + Car Allowance + Bonus Location: Newton-Le-Willows (2-3 days a week on site) Our client is seeking an experienced and dedicated Infrastructure Technical Lead to join their dynamic team. This role offers a unique opportunity for a seasoned professional with a strong background in IT infrastructure and cloud services, coupled with exceptional leadership skills. The successful candidate will have the chance to design and deliver top-tier solutions, ensuring all projects adhere to necessary cyber security standards. With a focus on effective team management and smooth incident management, this role is perfect for those who thrive in fast-paced environments. Additionally, the ability to provide accurate reporting on infrastructure delivery is essential, showcasing your organisational skills. What you'll do: As an Infrastructure Technical Lead, you will be at the forefront of technical delivery, strategy, and leadership within the IT Operations Teams. Your role will involve participating actively in the development and delivery of the IT Infrastructure, Microsoft cloud estate, supporting services and applications. You will ensure adherence to information security standards, corporate governance policies, and standards. Working closely with senior leadership, you will help develop and deliver IT strategies that align with company's goals and objectives. Managing a team of experienced Infrastructure Operations Engineers, you will provide excellent support in all aspects of IT infrastructure operations. Your responsibilities also include supporting the design of best-in-class IT infrastructure and cloud services solutions. Furthermore, you will be responsible for providing accurate reporting on the delivery of IT Infrastructure and services across a wide range of activities. Provide technical delivery, strategy and leadership across the IT Operations Teams Participate in the development and active delivery of the IT Infrastructure, Microsoft cloud estate, supporting services and applications Ensure information security, corporate governance, policies and standards are adhered to Work closely with senior leadership to develop and deliver IT strategies that align with company's goals and objectives Manage a team of experienced Infrastructure Operations Engineers to provide excellent support in all aspects of IT infrastructure Operations Support the design of best in breed IT infrastructure and cloud services and solutions Responsible for providing accurate reporting on the delivery of IT Infrastructure, and services across the full range of activity What you bring: The ideal candidate for this Infrastructure Technical Lead position brings a wealth of experience in both technical expertise and leadership. With a strong background in IT infrastructure and cloud services, you have proven your ability to design and deliver top-tier solutions. Your understanding of cyber security standards ensures that all projects adhere to necessary regulations. Your leadership skills shine through your ability to manage teams effectively, while your experience in incident management ensures smooth operations. Your ability to provide accurate reporting on infrastructure delivery is a testament to your organisational skills. Proven skills in Networking, VMware, MPLS, Storage and backup solutions Experience with Azure, data factory, power apps Strong knowledge of IT Security Ability to manage teams effectively Experience in incident management within an IT operations context Strong technical background in IT infrastructure and cloud services What sets this company apart: Our client is a leading organisation with a strong commitment to excellence and innovation. They offer an inclusive and supportive work environment where every team member is valued for their unique contributions. Their focus on continuous learning and development ensures that their employees are always at the forefront of industry advancements. This is an exciting opportunity to join a dynamic team and make a significant impact. Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates
Key Responsibilities: Define Penetration Test Strategy Support the development of security testing within the Hardware in The Loop, (HiLs), test rigs supporting Product Engineering to develop further capability in this area Governance and Assurance of the 1LoD Pen Testing Squad within DPP in line with Regulations and Vehicle Type Approval Build and Run a Certified Forensic Pen Test Lab Develop cutting edge Vulnerability and Pen Test Techniques which can be flowed into the 1LoD Pen Test Service and HiLS and ViLS functional testing Work with Management to ensure information security risk findings are reviewed and solutions are implemented, and risks are properly managed Monitor and measure company compliance with its Security Penetration Policies and Procedures as well as worldwide standards and laws to ensure organizational compliance Lead and build an Automotive Certified Forensic Pen Test Lab Development of common attacks and vulnerabilities to develop Penetration Testing scopes for ECUs, Vehicle and Connected Offboard Systems Uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and revision of Penetration Testing scope Your Profile Key skills/knowledge/experience: Proven Penetration Testing experience and track record of delivery in a field relevant to the role, eg In-Vehicle Network, (CAN, FLexray etc.), Embedded systems security, threats and attacks within Infotainment, Telematics, Power Train etc. Good experience in EMBEDDED AUTOMOTIVE SECURITY PEN TESTING Experience of security assessment and Penetration Testing Tools within Vehicle Electrical Architecture and external interfaces such as Bluetooth, WiFi, Mobile Communications, etc. Technical understanding of Automotive cyber security controls at both ECU and Vehicle level Previous experience of Autosar Architecture, RTE integration and SecOC Knowledge of ASpice, ISO21434, R155, R156, R157 Good understanding of automotive communication busses (CAN and Ethernet mandatory, Flexray and LIN desirable) Git experience required
25/06/2024
Full time
Key Responsibilities: Define Penetration Test Strategy Support the development of security testing within the Hardware in The Loop, (HiLs), test rigs supporting Product Engineering to develop further capability in this area Governance and Assurance of the 1LoD Pen Testing Squad within DPP in line with Regulations and Vehicle Type Approval Build and Run a Certified Forensic Pen Test Lab Develop cutting edge Vulnerability and Pen Test Techniques which can be flowed into the 1LoD Pen Test Service and HiLS and ViLS functional testing Work with Management to ensure information security risk findings are reviewed and solutions are implemented, and risks are properly managed Monitor and measure company compliance with its Security Penetration Policies and Procedures as well as worldwide standards and laws to ensure organizational compliance Lead and build an Automotive Certified Forensic Pen Test Lab Development of common attacks and vulnerabilities to develop Penetration Testing scopes for ECUs, Vehicle and Connected Offboard Systems Uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and revision of Penetration Testing scope Your Profile Key skills/knowledge/experience: Proven Penetration Testing experience and track record of delivery in a field relevant to the role, eg In-Vehicle Network, (CAN, FLexray etc.), Embedded systems security, threats and attacks within Infotainment, Telematics, Power Train etc. Good experience in EMBEDDED AUTOMOTIVE SECURITY PEN TESTING Experience of security assessment and Penetration Testing Tools within Vehicle Electrical Architecture and external interfaces such as Bluetooth, WiFi, Mobile Communications, etc. Technical understanding of Automotive cyber security controls at both ECU and Vehicle level Previous experience of Autosar Architecture, RTE integration and SecOC Knowledge of ASpice, ISO21434, R155, R156, R157 Good understanding of automotive communication busses (CAN and Ethernet mandatory, Flexray and LIN desirable) Git experience required
SOC Engineer (with Elastic Experience) - On-site 5 days per week. Contract Type: Inside IR35 - £635 Security Clearance: Active SC is a must-have Methods has a leading cybersecurity function dedicated to safeguarding businesses from evolving digital threats. We are seeking a talented and motivated Security Operations Center (SOC) Engineer with essential experience in Elastic to join our team. If you're passionate about protecting critical data and infrastructure while leveraging cutting-edge technologies, we want to hear from you. Key Responsibilities: SIEM Management : Utilize your expertise in Security Information and Event Management (SIEM) systems, especially Elastic, to configure, monitor, and manage security alerts and incidents. Leverage Elastic's capabilities to analyze and correlate security data for rapid threat detection and response. Elastic Stack Proficiency: Demonstrate deep knowledge and hands-on experience with the Elastic Stack (Elasticsearch, Logstash, Kibana) for security data analysis and threat intelligence. KQL Query Development: Create advanced Kusto Query Language (KQL) queries to proactively identify potential security threats within Azure environments. Harness the power of data analytics to enhance our security posture and provide Real Time threat intelligence. Networking Security: Implement and maintain network security controls and protocols to protect against unauthorized access, data breaches, and network anomalies. Collaborate with network teams to ensure the security of critical infrastructure. Syslog Management: Configure and maintain syslog Servers to collect and analyze logs from various systems and devices. Identify and investigate security incidents leveraging syslog data to enhance threat detection and incident response capabilities. Azure Security Expertise: Work closely with Azure security tools and services to enhance cloud security, including Identity and Access Management (IAM), Network Security Groups (NSG), and Azure Firewall. Continuously improve security policies and practices in line with Azure best practices. Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field. Proven experience in a SOC role, demonstrating strong analytical and problem-solving skills. Deep knowledge of SIEM solutions, with a focus on Elastic and KQL. Familiarity with Azure security and networking principles. Understanding of syslog and log management. Relevant certifications such as CompTIA Security+, CISSP, or Microsoft Certified: Azure Security Engineer Associate are a bonus.
25/06/2024
Project-based
SOC Engineer (with Elastic Experience) - On-site 5 days per week. Contract Type: Inside IR35 - £635 Security Clearance: Active SC is a must-have Methods has a leading cybersecurity function dedicated to safeguarding businesses from evolving digital threats. We are seeking a talented and motivated Security Operations Center (SOC) Engineer with essential experience in Elastic to join our team. If you're passionate about protecting critical data and infrastructure while leveraging cutting-edge technologies, we want to hear from you. Key Responsibilities: SIEM Management : Utilize your expertise in Security Information and Event Management (SIEM) systems, especially Elastic, to configure, monitor, and manage security alerts and incidents. Leverage Elastic's capabilities to analyze and correlate security data for rapid threat detection and response. Elastic Stack Proficiency: Demonstrate deep knowledge and hands-on experience with the Elastic Stack (Elasticsearch, Logstash, Kibana) for security data analysis and threat intelligence. KQL Query Development: Create advanced Kusto Query Language (KQL) queries to proactively identify potential security threats within Azure environments. Harness the power of data analytics to enhance our security posture and provide Real Time threat intelligence. Networking Security: Implement and maintain network security controls and protocols to protect against unauthorized access, data breaches, and network anomalies. Collaborate with network teams to ensure the security of critical infrastructure. Syslog Management: Configure and maintain syslog Servers to collect and analyze logs from various systems and devices. Identify and investigate security incidents leveraging syslog data to enhance threat detection and incident response capabilities. Azure Security Expertise: Work closely with Azure security tools and services to enhance cloud security, including Identity and Access Management (IAM), Network Security Groups (NSG), and Azure Firewall. Continuously improve security policies and practices in line with Azure best practices. Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field. Proven experience in a SOC role, demonstrating strong analytical and problem-solving skills. Deep knowledge of SIEM solutions, with a focus on Elastic and KQL. Familiarity with Azure security and networking principles. Understanding of syslog and log management. Relevant certifications such as CompTIA Security+, CISSP, or Microsoft Certified: Azure Security Engineer Associate are a bonus.
Engineering Manager - Europe About my client: They are a leading security firm dedicated to safeguarding our clients' digital assets. They are looking for an exceptional Engineering Manager to join our Spain, Italy or Portugal based team. If you are passionate about cybersecurity and have a proven record of leading successful engineering teams, we would love to connect with you! Key Responsibilities: Talent Acquisition and Development: Recruit, nurture, and advance top technical talent to sustain and strengthen our industry leadership. Product Roadmap Development: Partner with product managers to develop a practical roadmap for our products. Technical Guidance: Support development teams in the design and construction of resilient software solutions. Feature Management: Manage features from initial design through to deployment and ongoing maintenance. Interdepartmental Collaboration: Coordinate with cross-functional teams across various locations to ensure seamless and effective operations. Ideal Candidate Profile: OS Internals Expertise: Deep knowledge of low-level OS internals on either macOS or Linux. Security Product Development: Proven experience in creating endpoint security solutions like Data Loss Prevention (DLP) or Endpoint Detection and Response (EDR) applications. Programming Proficiency: Advanced skills in C++ or Swift are highly beneficial. Engineering Leadership Experience: Previous experience as an Engineering Manager with a track record of leading teams that have successfully launched major features and releases. Leadership and Communication: Strong leadership, mentorship, communication, and collaboration skills, especially within distributed teams. Qualifications: Bachelor's degree in Computer Science, Engineering, or a related field. At least 5 years of experience in software engineering, with a minimum of 2 years in a managerial role. Proven success in leading technical teams and delivering complex projects on schedule. Exceptional problem-solving abilities and attention to detail. Proficiency in English is required; knowledge of Spanish is an advantage. Location: This role is based in Spain. Candidates must either be located in Spain or willing to relocate. Benefits: Competitive salary and a comprehensive benefits package. A chance to work in a dynamic and forward-thinking security firm. Opportunities for professional development and career growth. A flexible and supportive work environment. If you are ready to take on a challenging and rewarding role in a leading security firm, apply now to join our team and make a significant impact in the field of cybersecurity!
24/06/2024
Full time
Engineering Manager - Europe About my client: They are a leading security firm dedicated to safeguarding our clients' digital assets. They are looking for an exceptional Engineering Manager to join our Spain, Italy or Portugal based team. If you are passionate about cybersecurity and have a proven record of leading successful engineering teams, we would love to connect with you! Key Responsibilities: Talent Acquisition and Development: Recruit, nurture, and advance top technical talent to sustain and strengthen our industry leadership. Product Roadmap Development: Partner with product managers to develop a practical roadmap for our products. Technical Guidance: Support development teams in the design and construction of resilient software solutions. Feature Management: Manage features from initial design through to deployment and ongoing maintenance. Interdepartmental Collaboration: Coordinate with cross-functional teams across various locations to ensure seamless and effective operations. Ideal Candidate Profile: OS Internals Expertise: Deep knowledge of low-level OS internals on either macOS or Linux. Security Product Development: Proven experience in creating endpoint security solutions like Data Loss Prevention (DLP) or Endpoint Detection and Response (EDR) applications. Programming Proficiency: Advanced skills in C++ or Swift are highly beneficial. Engineering Leadership Experience: Previous experience as an Engineering Manager with a track record of leading teams that have successfully launched major features and releases. Leadership and Communication: Strong leadership, mentorship, communication, and collaboration skills, especially within distributed teams. Qualifications: Bachelor's degree in Computer Science, Engineering, or a related field. At least 5 years of experience in software engineering, with a minimum of 2 years in a managerial role. Proven success in leading technical teams and delivering complex projects on schedule. Exceptional problem-solving abilities and attention to detail. Proficiency in English is required; knowledge of Spanish is an advantage. Location: This role is based in Spain. Candidates must either be located in Spain or willing to relocate. Benefits: Competitive salary and a comprehensive benefits package. A chance to work in a dynamic and forward-thinking security firm. Opportunities for professional development and career growth. A flexible and supportive work environment. If you are ready to take on a challenging and rewarding role in a leading security firm, apply now to join our team and make a significant impact in the field of cybersecurity!
OT Security Lead Location: Various sites around Yorkshire Renumeration: Up to £72,000 plus discretionary 10% Bonus and £5,500 Car Allowance Your new company I'm currently hiring exclusively for a production business based in Yorkshire for an Operational Technology Security Lead to travel across and enhance the security of various production sites. The ideal candidate will be well-experienced in OT security within the FMCG sector and will have a background of developing and driving OT Security strategies, and hands-on experience assessing machinery, production equipment and engineering processes for security risks. This role will involve travelling to sites and enhancing the security posture of an FMCG organisation's OT estate. Therefore, the ability to independently travel to various sites is absolutely necessary. What you'll be doing: Reporting to the Head of Engineering and working with the Head of IT Security, you'll be travelling to sites in the North of England (largely Yorkshire based) and working with engineers to understand their ways of working, their machinery and equipment, with the view to identifying potential security risks Working with engineering teams in a solution-focused way to understand, identify and mitigate potential cyber risks. Working collaboratively with site staff, senior stakeholders and third parties to develop your OT Security Strategy Developing a thorough understanding of the current state OT estate, documenting measures for improvement and remediation Following up with the relevant parties to ensure adherence to your strategy in line with the principles relevant to OT Security standards eg IEC62443 Developing an understanding of critical OT services and systems and developing disaster recovery plans Using your contemporary knowledge of cybersecurity and Operational Technology as a whole to continually enhance the overall security of the business across various sites What I'm looking for: OT Security experience within a FMCG environment would be ideal but experience within translatable organisation types and sectors will be considered Applied understanding of core OT Security standards and systems commonly adhered to and used. eg IEC62443, SCADA systems Experience engaging comfortably with various areas of a business in a solution focused way with the view to enhancing their overall security posture within Operational Technology Ability to effectively articulate OT Risk to stakeholders inside and outside of engineering and IT capacities Ability to develop and drive an all-encompassing OT Security Strategy across multiple sites What you'll get in return In addition to a salary up to £72,000 per year, you'll also receive: 10% Discretionary Bonus £5,500 car allowance 25 days annual leave, not including bank holidays Annual Target Bonus Private medical insurance Pension up to 8% matched Company sharesave scheme Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
24/06/2024
Full time
OT Security Lead Location: Various sites around Yorkshire Renumeration: Up to £72,000 plus discretionary 10% Bonus and £5,500 Car Allowance Your new company I'm currently hiring exclusively for a production business based in Yorkshire for an Operational Technology Security Lead to travel across and enhance the security of various production sites. The ideal candidate will be well-experienced in OT security within the FMCG sector and will have a background of developing and driving OT Security strategies, and hands-on experience assessing machinery, production equipment and engineering processes for security risks. This role will involve travelling to sites and enhancing the security posture of an FMCG organisation's OT estate. Therefore, the ability to independently travel to various sites is absolutely necessary. What you'll be doing: Reporting to the Head of Engineering and working with the Head of IT Security, you'll be travelling to sites in the North of England (largely Yorkshire based) and working with engineers to understand their ways of working, their machinery and equipment, with the view to identifying potential security risks Working with engineering teams in a solution-focused way to understand, identify and mitigate potential cyber risks. Working collaboratively with site staff, senior stakeholders and third parties to develop your OT Security Strategy Developing a thorough understanding of the current state OT estate, documenting measures for improvement and remediation Following up with the relevant parties to ensure adherence to your strategy in line with the principles relevant to OT Security standards eg IEC62443 Developing an understanding of critical OT services and systems and developing disaster recovery plans Using your contemporary knowledge of cybersecurity and Operational Technology as a whole to continually enhance the overall security of the business across various sites What I'm looking for: OT Security experience within a FMCG environment would be ideal but experience within translatable organisation types and sectors will be considered Applied understanding of core OT Security standards and systems commonly adhered to and used. eg IEC62443, SCADA systems Experience engaging comfortably with various areas of a business in a solution focused way with the view to enhancing their overall security posture within Operational Technology Ability to effectively articulate OT Risk to stakeholders inside and outside of engineering and IT capacities Ability to develop and drive an all-encompassing OT Security Strategy across multiple sites What you'll get in return In addition to a salary up to £72,000 per year, you'll also receive: 10% Discretionary Bonus £5,500 car allowance 25 days annual leave, not including bank holidays Annual Target Bonus Private medical insurance Pension up to 8% matched Company sharesave scheme Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
Technical Writer (Grade 6) About the University of ManchesterThe University of Manchester has a rich heritage of discovery, social change and a pioneering spirit, which has been at the heart of what we do since 1824. When you join our University, you become part of a truly diverse and global community of staff, students and alumni all focused on ensuring that we are recognised for the excellence of our people, research, learning and innovation, and for the benefits we bring to society.The University is a world-leading research and teaching institution with a wide range of IT systems and platforms serving more than 75,000 stakeholders worldwide. About the RoleBased within the Information Security and Identity and Access Management (IS and IDAM) division, The Technical Writer will be responsible for creating various technical materials, including operating procedures, runbooks, and other documentation, to support the successful execution of the programme. Technical writer responsibilities Evaluates the documentation aspects of continuous improvement activities for the Cyber Security function and develops plans to address documentation needs. Designs the overall information structure and graphical style for documentation and other forms of information need to support business change and standard operating procedures. Creates and evaluates complex, well-engineered documentation deliverables for security improvement activities, ensuring alignment with the agreed requirements and making optimal use of the chosen mediums for dissemination. Working alongside colleagues in the Security Delivery Team, documents user requirements with stakeholders to agree and finalise detailed requirements. Develops and produces high-quality technical documentation, including operating procedures, runbooks and other materials. Collaborates with subject matter experts and relevant technical teams from across IT Services to gather information and verify the technical accuracy in documentation. Seeks feedback and incorporate revisions based on input from stakeholders. Reviews and edits documentation for grammar, clarity, consistency and adherence to established standards. Understands the implications of publishing technical content and manages the associated risks. Ensures accuracy, clarity and compliance with relevant standards and guidelines in all produced documents. Maintains a document repository and version control system for all security-related documentation to ensure proper organisation and accessibility of all technical materials. Updates existing documentation as required to reflect changes in processes, systems or requirements. Person Specification Previous experience of writing technical documentation, including standard operating procedures, runbooks, etc. (preferably within an IT or Cyber Security environment). Very strong written and verbal communication skills. Experience with testing and evaluating the effectiveness of documentation. Strong skills with document management and version control. Ability to understand highly technical information and translate this into documentation that is easily understood and accessible. Desirable qualifications: ITIL V4. Salary/PackageThis is a (grade 6) position offering a competitive salary (depending on experience), along with 29 days annual leave (plus 4 closure days over Christmas and 8 bank holidays), flexible working (office based at least two days a week) and an attractive pension scheme (up to 21% employer contributions).The closing date for applications is on 12/04/2024.Hays Technology have been retained by The University of Manchester to manage the recruitment of this role. For all enquiries, please contact Luke Struan-Robertson at Hays Technology. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
24/06/2024
Full time
Technical Writer (Grade 6) About the University of ManchesterThe University of Manchester has a rich heritage of discovery, social change and a pioneering spirit, which has been at the heart of what we do since 1824. When you join our University, you become part of a truly diverse and global community of staff, students and alumni all focused on ensuring that we are recognised for the excellence of our people, research, learning and innovation, and for the benefits we bring to society.The University is a world-leading research and teaching institution with a wide range of IT systems and platforms serving more than 75,000 stakeholders worldwide. About the RoleBased within the Information Security and Identity and Access Management (IS and IDAM) division, The Technical Writer will be responsible for creating various technical materials, including operating procedures, runbooks, and other documentation, to support the successful execution of the programme. Technical writer responsibilities Evaluates the documentation aspects of continuous improvement activities for the Cyber Security function and develops plans to address documentation needs. Designs the overall information structure and graphical style for documentation and other forms of information need to support business change and standard operating procedures. Creates and evaluates complex, well-engineered documentation deliverables for security improvement activities, ensuring alignment with the agreed requirements and making optimal use of the chosen mediums for dissemination. Working alongside colleagues in the Security Delivery Team, documents user requirements with stakeholders to agree and finalise detailed requirements. Develops and produces high-quality technical documentation, including operating procedures, runbooks and other materials. Collaborates with subject matter experts and relevant technical teams from across IT Services to gather information and verify the technical accuracy in documentation. Seeks feedback and incorporate revisions based on input from stakeholders. Reviews and edits documentation for grammar, clarity, consistency and adherence to established standards. Understands the implications of publishing technical content and manages the associated risks. Ensures accuracy, clarity and compliance with relevant standards and guidelines in all produced documents. Maintains a document repository and version control system for all security-related documentation to ensure proper organisation and accessibility of all technical materials. Updates existing documentation as required to reflect changes in processes, systems or requirements. Person Specification Previous experience of writing technical documentation, including standard operating procedures, runbooks, etc. (preferably within an IT or Cyber Security environment). Very strong written and verbal communication skills. Experience with testing and evaluating the effectiveness of documentation. Strong skills with document management and version control. Ability to understand highly technical information and translate this into documentation that is easily understood and accessible. Desirable qualifications: ITIL V4. Salary/PackageThis is a (grade 6) position offering a competitive salary (depending on experience), along with 29 days annual leave (plus 4 closure days over Christmas and 8 bank holidays), flexible working (office based at least two days a week) and an attractive pension scheme (up to 21% employer contributions).The closing date for applications is on 12/04/2024.Hays Technology have been retained by The University of Manchester to manage the recruitment of this role. For all enquiries, please contact Luke Struan-Robertson at Hays Technology. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
21/06/2024
Full time
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
20/06/2024
Full time
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Network Engineer Role: Data Network Engineer Location: Perth, Inverness, Glasgow, or Aberdeen (with travel to one of these offices) Benefits: Comprehensive package supporting finances, wellbeing, and family Working Pattern: Permanent, Full-time, 2 days in the office per week Join the team and play a key role in designing and securing data network infrastructure for renewable resources across Scotland. Key Responsibilities Network Design: Lead the technical design for the Cyber Resilience for Operational Technology (CROT) programme. Implement standards and act as the technical focal point for the OT Network. Network Topology: Understand and document LAN and WAN network topologies, conducting deep dives as needed. Strategy Development: Assist in creating a Network strategy and work with suppliers to implement it. Risk Mitigation: Assess network risks and develop strategies to minimize them. Technology Evaluation: Identify and evaluate new technologies, leading the design and selection of future platforms. Required Skills Network Expertise: Strong knowledge of LAN, WAN, QoS, and Firewall technologies. Security Knowledge: Understanding of network security techniques and mitigations, ideally for industrial control systems. Communication: Excellent oral and written communication skills for liaising with senior stakeholders and translating complex requirements. Problem-Solving: Strong problem-solving skills with the ability to create effective plans and reports. SCADA and Industrial Control Systems: Beneficial but not essential knowledge of SCADA networks, industrial control systems, and relevant security standards. Ready to Make a Difference? Apply Now
20/06/2024
Full time
Network Engineer Role: Data Network Engineer Location: Perth, Inverness, Glasgow, or Aberdeen (with travel to one of these offices) Benefits: Comprehensive package supporting finances, wellbeing, and family Working Pattern: Permanent, Full-time, 2 days in the office per week Join the team and play a key role in designing and securing data network infrastructure for renewable resources across Scotland. Key Responsibilities Network Design: Lead the technical design for the Cyber Resilience for Operational Technology (CROT) programme. Implement standards and act as the technical focal point for the OT Network. Network Topology: Understand and document LAN and WAN network topologies, conducting deep dives as needed. Strategy Development: Assist in creating a Network strategy and work with suppliers to implement it. Risk Mitigation: Assess network risks and develop strategies to minimize them. Technology Evaluation: Identify and evaluate new technologies, leading the design and selection of future platforms. Required Skills Network Expertise: Strong knowledge of LAN, WAN, QoS, and Firewall technologies. Security Knowledge: Understanding of network security techniques and mitigations, ideally for industrial control systems. Communication: Excellent oral and written communication skills for liaising with senior stakeholders and translating complex requirements. Problem-Solving: Strong problem-solving skills with the ability to create effective plans and reports. SCADA and Industrial Control Systems: Beneficial but not essential knowledge of SCADA networks, industrial control systems, and relevant security standards. Ready to Make a Difference? Apply Now
Spectrum IT Recruitment (South) Ltd
Fareham, Hampshire
Senior Engineer| LAMP Salary £70,000 plus benefits and bonus Your digital identity is at risk! Malware, Ransomware, Cryptojacking, Trojan Viruses. In 2023, cybercrime cost UK businesses an estimated £21 billion. But don't think its the just the big corporates at risk, the average cybercrime value in the UK is just over £10,000 demonstrating that personal finance and small business cybercrime is rife. Would you like to be part of the solution? We are working with an award winning leader in the field of cyber security. They are on a mission to build a safer digital world for you and your future self! They have built a suite of innovative products designed to offer superior protection against a broad spectrum of online threats. The role of Senior PHP Engineer is 1 of 3 new vacancies in the team demonstrating the success of the products and increasing demand for a robust cyber solution. Working with a talented software team managed by one of the UK's leading tech entrepreneurs, you will be helping to plan and develop security solutions, migration to improved cloud services and help with support and maintenance of security and storage services. The work is aimed at more Back End development with an emphasis on Agile processes, systems optimisation, TDD and embracing modern development practices. The company also uses PHPUnit/Selenium to ensure high standards of development. Essential Skills & Experience 5+ years experience of Object Oriented programming. Deep knowledge of PHP from version 5 upwards. MySQL Git Beneficial Skills: Kubernetes GCP Docker Load Balancing TDD Code Review If you would like to join this talented team and work from their stunning offices in Whiteley, Hampshire, please get in touch ASAP. On top of a competitive salary (approx £70k) the company offer some fantastic financial and lifestyle benefits including; free access to local gym and health spa, onsite chef (free cooked breakfast & lunch!), childcare vouchers, cycle to work scheme, pension, BUPA healthcare, invetment in training and personal development. To be considered for this position please send your CV to (see below) or call. Spectrum IT Recruitment (South) Limited is acting as an Employment Agency in relation to this vacancy.
20/06/2024
Full time
Senior Engineer| LAMP Salary £70,000 plus benefits and bonus Your digital identity is at risk! Malware, Ransomware, Cryptojacking, Trojan Viruses. In 2023, cybercrime cost UK businesses an estimated £21 billion. But don't think its the just the big corporates at risk, the average cybercrime value in the UK is just over £10,000 demonstrating that personal finance and small business cybercrime is rife. Would you like to be part of the solution? We are working with an award winning leader in the field of cyber security. They are on a mission to build a safer digital world for you and your future self! They have built a suite of innovative products designed to offer superior protection against a broad spectrum of online threats. The role of Senior PHP Engineer is 1 of 3 new vacancies in the team demonstrating the success of the products and increasing demand for a robust cyber solution. Working with a talented software team managed by one of the UK's leading tech entrepreneurs, you will be helping to plan and develop security solutions, migration to improved cloud services and help with support and maintenance of security and storage services. The work is aimed at more Back End development with an emphasis on Agile processes, systems optimisation, TDD and embracing modern development practices. The company also uses PHPUnit/Selenium to ensure high standards of development. Essential Skills & Experience 5+ years experience of Object Oriented programming. Deep knowledge of PHP from version 5 upwards. MySQL Git Beneficial Skills: Kubernetes GCP Docker Load Balancing TDD Code Review If you would like to join this talented team and work from their stunning offices in Whiteley, Hampshire, please get in touch ASAP. On top of a competitive salary (approx £70k) the company offer some fantastic financial and lifestyle benefits including; free access to local gym and health spa, onsite chef (free cooked breakfast & lunch!), childcare vouchers, cycle to work scheme, pension, BUPA healthcare, invetment in training and personal development. To be considered for this position please send your CV to (see below) or call. Spectrum IT Recruitment (South) Limited is acting as an Employment Agency in relation to this vacancy.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
19/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
19/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.