Join us as an Application Support Analyst and you will be responsible for providing support and troubleshooting for various applications and systems running primarily on Microsoft Windows platforms. You will join a team of IT professionals and work to maintain and optimise our applications, ensuring maximum uptime and user satisfaction. About us Media Concierge is a fast growing, independently owned and highly profitable multi-media, marketing and advertising network of solutions providers. With a portfolio of operations and teams around the UK and Ireland, we provide brands, publishers and agencies with the expertise, scope and scale to grow their businesses and reputations. Our group consists of a range of specialist businesses including digital media, advertising agency, direct marketing and cross-channel media executions. About the role: You'll provide administrative and technical support for in-house written Microsoft Windows-based applications, including troubleshooting and issue resolution. You'll work with other IT team members to identify and address application-related issues, including performance, security, and reliability, while maintaining and updating system and application documentation, including support procedures and user manuals. Key elements of your role will include: Testing and deploying application updates and patches, ensuring minimal disruption to users Monitoring application performance and proactively identifying potential issues or opportunities for improvement Collaborating with vendors to resolve software and hardware issues, and implementing new solutions as needed Developing and delivering training materials and presentations to users on how to use our applications effectively. Requirements: We are seeking candidates with 2+ years' experience in application support or a related role, with a focus on Microsoft Windows platforms. You'll also need: Strong technical knowledge of Microsoft Windows operating systems, applications, and related technologies Experience with scripting languages such as PowerShell is a plus, as is experience with Ubuntu Linux, Docker and related technologies Excellent problem-solving and troubleshooting skills Ability to communicate technical information to non-technical stakeholders Strong organisational and time-management skills. If you have a passion for technology and are skilled in Microsoft Windows application support, we'd love to discuss this exciting opportunity with you. To apply, email your CV and covering letter to Samantha Vine by clicking APPLY NOW.
01/04/2023
Full time
Join us as an Application Support Analyst and you will be responsible for providing support and troubleshooting for various applications and systems running primarily on Microsoft Windows platforms. You will join a team of IT professionals and work to maintain and optimise our applications, ensuring maximum uptime and user satisfaction. About us Media Concierge is a fast growing, independently owned and highly profitable multi-media, marketing and advertising network of solutions providers. With a portfolio of operations and teams around the UK and Ireland, we provide brands, publishers and agencies with the expertise, scope and scale to grow their businesses and reputations. Our group consists of a range of specialist businesses including digital media, advertising agency, direct marketing and cross-channel media executions. About the role: You'll provide administrative and technical support for in-house written Microsoft Windows-based applications, including troubleshooting and issue resolution. You'll work with other IT team members to identify and address application-related issues, including performance, security, and reliability, while maintaining and updating system and application documentation, including support procedures and user manuals. Key elements of your role will include: Testing and deploying application updates and patches, ensuring minimal disruption to users Monitoring application performance and proactively identifying potential issues or opportunities for improvement Collaborating with vendors to resolve software and hardware issues, and implementing new solutions as needed Developing and delivering training materials and presentations to users on how to use our applications effectively. Requirements: We are seeking candidates with 2+ years' experience in application support or a related role, with a focus on Microsoft Windows platforms. You'll also need: Strong technical knowledge of Microsoft Windows operating systems, applications, and related technologies Experience with scripting languages such as PowerShell is a plus, as is experience with Ubuntu Linux, Docker and related technologies Excellent problem-solving and troubleshooting skills Ability to communicate technical information to non-technical stakeholders Strong organisational and time-management skills. If you have a passion for technology and are skilled in Microsoft Windows application support, we'd love to discuss this exciting opportunity with you. To apply, email your CV and covering letter to Samantha Vine by clicking APPLY NOW.
The FinOps Analyst is a mid-level role, reporting to the DevOps Director and is responsible for establishing financial policies, reporting, forecasting, optimisation and corporate governance for Zellis Cloud spend in Microsoft Azure across both our corporate and customer estates. Working within the Customer IT Team alongside colleagues from Enterprise Architecture, Corporate IT, Software Engineering, Compliance, Information Security and various Product teams, you will drive financial accountability across our Cloud spend through high quality FinOps practices. The role will interact with key stakeholders across the business and will drive the accountability for Cloud cost efficiency across the organisation. Key responsibilities include: Working directly with our technical teams, finance and business management teams across the organisation. Driving optimisation through discovery, development and sharing of cost-saving opportunities. Translating financial insights into actionable recommendations, promoting cost-aware architecture design, and leveraging code to automate resource optimisation. Integrating Cloud cost optimisation tools, creating reusable design patterns and code modules to support optimisation and Cloud Finance Management (CFM) policies at the enterprise level. Supporting the Cloud monthly budget and forecasting process in managing consumption, chargebacks, show back and savings in collaboration with accounting, finance and technical owners. Supporting stakeholders in understanding their Cloud spend based on their business roadmap and budgeted forecast. Interacting with key stakeholders across the business and driving the accountability for Cloud cost efficiency across the organisation. Monitoring Cloud consumption at the account level to detect, investigate and escalate anomalies and unplanned spikes. Analysing, reporting and producing meaningful insights from large raw datasets within Cloud billing and usage tools. Designing, developing and maintaining reports and KPIs that provide detailed usage statistics of resources across the Zellis Cloud landscape. Seeking opportunities to apply automation to any tasks performed manually, following through to implementation. Ensuring a fully documented and repeatable process is in place to support our Cloud spend. Skills and experience required Minimum of two years relevant experience in Cloud FinOps/Cloud spend optimisation. Bachelor's degree in business, Finance, IT or analytics. Additional professional experience - Financial Analyst and/or Business Analyst background preferred. Knowledge of Cloud cost products (e.g. Cost Explorer, Azure Portal). Strong understanding of public Cloud players (e.g. AWS, Azure), their product portfolio and commercial models (Azure preferred). Prior experience building custom reports with PowerBI. General understanding of broad IT strategy and sourcing space and working market knowledge (e.g. key vendors, services and technology trends). Ability to work directly with technical teams, finance and business management teams across the organisation, including key stakeholders at a senior level. FinOps certification preferred. Good understanding of the principles of DevOps and Cloud Ops. Experience of working in environments subject to regulatory compliance and Information Security standards (e.g. SOC, ISO27001 and Cyber Essentials). Strong planning and organisational skills, including the ability to manage several workstreams simultaneously, whilst balancing business priorities and quality. A clear, concise communicator - both written and verbal - including to both technical and non-technical audiences. An understanding of the sourcing of public Cloud services, including Cloud sourcing strategy planning, strategic supplier selection, contracting and commercial negotiations. About us Zellis is the leading provider of payroll and HR solutions for the UK & Ireland. Together with Benefex and Moorepay we form the Zellis Group, serving a vast array of companies across every vertical and industry. Our purpose is to make people feel appreciated for the work they do - through precision, choice, and magic. We have over 50 years of heritage and industry experience - and we've been ahead of the curve throughout. More than half a century ago, we were founded as Peterborough Data Processing. Quite a lot has changed since then - not least our name. We were acquired by Northgate, becoming NorthgateArinso in 2007 and NGA Human Resources UK and Ireland in 2014, where we were joined by Moorepay. In 2018, the UK and Ireland division was sold to Bain Capital and now we operate as a standalone company, Zellis. After acquiring Benefex, we're now even better equipped to serve the complex needs of our customers. Our vision is to be the clear leader in pay, reward, analytics, and people experiences. We're proud of our culture and we work hard to create an environment where people want to join, belong to, and be part of a progressive organisation. Our values, which were defined with input from all of our 2,000 colleagues, are not empty words on a poster: Unstoppable together. Always learning. Make it count. Salary package Competitive base salary. 25 days annual leave, plus your birthday off + bank holidays. Private medical insurance. Life assurance 4x salary. Enhanced pension. Range of additional flexible benefits.
01/04/2023
Full time
The FinOps Analyst is a mid-level role, reporting to the DevOps Director and is responsible for establishing financial policies, reporting, forecasting, optimisation and corporate governance for Zellis Cloud spend in Microsoft Azure across both our corporate and customer estates. Working within the Customer IT Team alongside colleagues from Enterprise Architecture, Corporate IT, Software Engineering, Compliance, Information Security and various Product teams, you will drive financial accountability across our Cloud spend through high quality FinOps practices. The role will interact with key stakeholders across the business and will drive the accountability for Cloud cost efficiency across the organisation. Key responsibilities include: Working directly with our technical teams, finance and business management teams across the organisation. Driving optimisation through discovery, development and sharing of cost-saving opportunities. Translating financial insights into actionable recommendations, promoting cost-aware architecture design, and leveraging code to automate resource optimisation. Integrating Cloud cost optimisation tools, creating reusable design patterns and code modules to support optimisation and Cloud Finance Management (CFM) policies at the enterprise level. Supporting the Cloud monthly budget and forecasting process in managing consumption, chargebacks, show back and savings in collaboration with accounting, finance and technical owners. Supporting stakeholders in understanding their Cloud spend based on their business roadmap and budgeted forecast. Interacting with key stakeholders across the business and driving the accountability for Cloud cost efficiency across the organisation. Monitoring Cloud consumption at the account level to detect, investigate and escalate anomalies and unplanned spikes. Analysing, reporting and producing meaningful insights from large raw datasets within Cloud billing and usage tools. Designing, developing and maintaining reports and KPIs that provide detailed usage statistics of resources across the Zellis Cloud landscape. Seeking opportunities to apply automation to any tasks performed manually, following through to implementation. Ensuring a fully documented and repeatable process is in place to support our Cloud spend. Skills and experience required Minimum of two years relevant experience in Cloud FinOps/Cloud spend optimisation. Bachelor's degree in business, Finance, IT or analytics. Additional professional experience - Financial Analyst and/or Business Analyst background preferred. Knowledge of Cloud cost products (e.g. Cost Explorer, Azure Portal). Strong understanding of public Cloud players (e.g. AWS, Azure), their product portfolio and commercial models (Azure preferred). Prior experience building custom reports with PowerBI. General understanding of broad IT strategy and sourcing space and working market knowledge (e.g. key vendors, services and technology trends). Ability to work directly with technical teams, finance and business management teams across the organisation, including key stakeholders at a senior level. FinOps certification preferred. Good understanding of the principles of DevOps and Cloud Ops. Experience of working in environments subject to regulatory compliance and Information Security standards (e.g. SOC, ISO27001 and Cyber Essentials). Strong planning and organisational skills, including the ability to manage several workstreams simultaneously, whilst balancing business priorities and quality. A clear, concise communicator - both written and verbal - including to both technical and non-technical audiences. An understanding of the sourcing of public Cloud services, including Cloud sourcing strategy planning, strategic supplier selection, contracting and commercial negotiations. About us Zellis is the leading provider of payroll and HR solutions for the UK & Ireland. Together with Benefex and Moorepay we form the Zellis Group, serving a vast array of companies across every vertical and industry. Our purpose is to make people feel appreciated for the work they do - through precision, choice, and magic. We have over 50 years of heritage and industry experience - and we've been ahead of the curve throughout. More than half a century ago, we were founded as Peterborough Data Processing. Quite a lot has changed since then - not least our name. We were acquired by Northgate, becoming NorthgateArinso in 2007 and NGA Human Resources UK and Ireland in 2014, where we were joined by Moorepay. In 2018, the UK and Ireland division was sold to Bain Capital and now we operate as a standalone company, Zellis. After acquiring Benefex, we're now even better equipped to serve the complex needs of our customers. Our vision is to be the clear leader in pay, reward, analytics, and people experiences. We're proud of our culture and we work hard to create an environment where people want to join, belong to, and be part of a progressive organisation. Our values, which were defined with input from all of our 2,000 colleagues, are not empty words on a poster: Unstoppable together. Always learning. Make it count. Salary package Competitive base salary. 25 days annual leave, plus your birthday off + bank holidays. Private medical insurance. Life assurance 4x salary. Enhanced pension. Range of additional flexible benefits.
Cyber Security Compliance Analyst Summary: Salary: Competitive Grade: 3B Contract Type: Permanent Location: London Reporting to: Senior Cyber Security Compliance Manager Division: IT The Purpose of the Role Under the management of the Senior Cyber Security Compliance Manager, the Cyber Security Compliance Manager is responsible for maintaining the Cyber Security policy and standard suite and ensure alignment with the controls in our GRC tool. They are responsible for the annual review and update of the ISMS documentation and the POL security policies and standards Furthermore, the role requires subject matter expertise in the maintenance of an information security management system and the underlying components of running an ongoing security awareness campaign, the Cyber Security Compliance Manager will accountable for the planning of the annual security awareness campaign as well as execute the associated communication plan. The Cyber Security Compliance Manager is also responsible for managing third party assurance. They will be conducting cyber security reviews on suppliers, contract reviews on existing and new third parties and providing security attestations to internal and external contacts when required. For this, establishing good relationships with adjacent teams such as Procurement, wider Cyber and IT is necessary. In addition, they will be independently required to support and provide advice to ongoing projects running in the Post Office and support reviews of external suppliers. Some technical experience and good knowledge of Cyber security and Information Assurance are required. Flexibility within this role is essential due to the diverse nature of Post Office's business. Working cohesively with other members of the wider IT Security, IT, Risk and Compliance and Data Protection teams is essential. As part of the Cyber Security Compliance team, the role requires cohesive and supportive relationships to be developed both within and outside of the team. The role will support the function to build a successful brand and be known as a 'go-to' team for all matters relating to information security compliance. This is an excellent opportunity for candidates who want to bridge the gap between technical security management and the business side of information security assurance. Principal Accountabilities • Maintain the Cyber Security Policy and Standard set to ensure that it is kept up to date and change control applied. These documents would also need to be uploaded to the intranet site and changes communicated both internally and to our suppliers. • Manage changes in modifying the scope of the ISMS based on the business needs, providing our clients, partners, and suppliers' assurance of our security governance. • Identify shortfalls within business processes and advise the business on the resolution along with the appropriate timescales. • Conduct cyber risk assessments, both rapid and in depth, for third parties, depending of business needs. • Lead and maintain the mitigation plans for the various third parties that ensures compliance to POL policies and standards. • Conduct contract reviews for ongoing and new suppliers. • Relationship management with leaders of other functions and business units. • Manage and deliver the ongoing Security Awareness Campaign and defining value through metrics, both for the back office and within the branches. • Support business areas in developing a positive security culture. • Be visible to Post Office staff and stakeholders and regularly activities to build trust with people involved in security, demonstrate insight, knowledge and add value. • Escalate issues to the Head of Cyber Security Compliance. • Support supplier reviews and internal Post Office projects, which will feed into the supplier management framework to assess suppliers against a maturity scale. Qualifications, Experience & Skills • Experience in cyber security, information security, IT security or similar area. • Qualifications such as CISM, CISA, CISSP, CRISC are desirable. • Experience conducting external security reviews, risk assessments and assurance reviews. • Experience creating treatment plans and reporting on findings. • Experience conducting contract reviews. • Understanding of cyber security threats, vulnerabilities and their impact in systems and various environments within the organisation. • Deep understanding of security controls' standards such as ISO27002, NIST CSF, COBIT, etc. • Strong Information Security knowledge (preferably with at least 5 years of experience). • Knowledge of ISO27001, ISMS, Cyber Essentials Plus and ISO22301 Business Continuity. • Practical and current knowledge of information security threats, countermeasures, mitigation and industry best practices. • Experience of implementing a security awareness and culture change programme. • Excellent communication and report writing skills. • Experience at the organisation and management of meetings. • Strong influencing and communication skills to ensure effective stakeholder management across all levels within the organization. • Strategic thinking to ensure the role makes a significant contribution to the business becoming commercially sustainable in the longer term. • Self-starter with positive proactive attitude and able to work collaboratively. • Organised and structured in approach. • Excellent team-working skills. • Diplomacy and tenacity. • Report writing. About Post Office The Post Office has thrived at the heart of high streets and local communities across the UK for over 370 years. As one of the country's most trusted brands, we take our commitment to providing essential services to customers across the UK very seriously. We're the UK's largest retail network, as well as the largest financial services provider in the UK, with over 11,600 branches nationwide - more than all of the UK's banks and building societies put together. We know that the best way to provide a great service for customers is to evolve our business and adapt to their changing needs. That's why we have a range of over 170 products and services, from personal financial services like banking, insurance, payments and travel money, to telecoms and, of course, mails. And we're improving our online and in store experience for customers. We know that our customers never stop changing, so neither will we. We're here, in person, for the people who rely on us. Our Ways of Working underpin everything we do, they are the "How" of our business strategy. They differentiate our business and aim to inspire great behaviours and align our colleagues around specific actions in order to be the organisation we want to be, and achieve our business goals. By living the Ways of Working each day, you will help make that vision a reality and enable our cultural transformation. In short: Working in partnership , as one team , we deliver amazing results! The Post Office embraces diversity and inclusion in the workplace and actively promote working without discrimination. We are also a Disability Confident Employer and are committed to interviewing disabled people who meet our minimum criteria for the job.
01/04/2023
Full time
Cyber Security Compliance Analyst Summary: Salary: Competitive Grade: 3B Contract Type: Permanent Location: London Reporting to: Senior Cyber Security Compliance Manager Division: IT The Purpose of the Role Under the management of the Senior Cyber Security Compliance Manager, the Cyber Security Compliance Manager is responsible for maintaining the Cyber Security policy and standard suite and ensure alignment with the controls in our GRC tool. They are responsible for the annual review and update of the ISMS documentation and the POL security policies and standards Furthermore, the role requires subject matter expertise in the maintenance of an information security management system and the underlying components of running an ongoing security awareness campaign, the Cyber Security Compliance Manager will accountable for the planning of the annual security awareness campaign as well as execute the associated communication plan. The Cyber Security Compliance Manager is also responsible for managing third party assurance. They will be conducting cyber security reviews on suppliers, contract reviews on existing and new third parties and providing security attestations to internal and external contacts when required. For this, establishing good relationships with adjacent teams such as Procurement, wider Cyber and IT is necessary. In addition, they will be independently required to support and provide advice to ongoing projects running in the Post Office and support reviews of external suppliers. Some technical experience and good knowledge of Cyber security and Information Assurance are required. Flexibility within this role is essential due to the diverse nature of Post Office's business. Working cohesively with other members of the wider IT Security, IT, Risk and Compliance and Data Protection teams is essential. As part of the Cyber Security Compliance team, the role requires cohesive and supportive relationships to be developed both within and outside of the team. The role will support the function to build a successful brand and be known as a 'go-to' team for all matters relating to information security compliance. This is an excellent opportunity for candidates who want to bridge the gap between technical security management and the business side of information security assurance. Principal Accountabilities • Maintain the Cyber Security Policy and Standard set to ensure that it is kept up to date and change control applied. These documents would also need to be uploaded to the intranet site and changes communicated both internally and to our suppliers. • Manage changes in modifying the scope of the ISMS based on the business needs, providing our clients, partners, and suppliers' assurance of our security governance. • Identify shortfalls within business processes and advise the business on the resolution along with the appropriate timescales. • Conduct cyber risk assessments, both rapid and in depth, for third parties, depending of business needs. • Lead and maintain the mitigation plans for the various third parties that ensures compliance to POL policies and standards. • Conduct contract reviews for ongoing and new suppliers. • Relationship management with leaders of other functions and business units. • Manage and deliver the ongoing Security Awareness Campaign and defining value through metrics, both for the back office and within the branches. • Support business areas in developing a positive security culture. • Be visible to Post Office staff and stakeholders and regularly activities to build trust with people involved in security, demonstrate insight, knowledge and add value. • Escalate issues to the Head of Cyber Security Compliance. • Support supplier reviews and internal Post Office projects, which will feed into the supplier management framework to assess suppliers against a maturity scale. Qualifications, Experience & Skills • Experience in cyber security, information security, IT security or similar area. • Qualifications such as CISM, CISA, CISSP, CRISC are desirable. • Experience conducting external security reviews, risk assessments and assurance reviews. • Experience creating treatment plans and reporting on findings. • Experience conducting contract reviews. • Understanding of cyber security threats, vulnerabilities and their impact in systems and various environments within the organisation. • Deep understanding of security controls' standards such as ISO27002, NIST CSF, COBIT, etc. • Strong Information Security knowledge (preferably with at least 5 years of experience). • Knowledge of ISO27001, ISMS, Cyber Essentials Plus and ISO22301 Business Continuity. • Practical and current knowledge of information security threats, countermeasures, mitigation and industry best practices. • Experience of implementing a security awareness and culture change programme. • Excellent communication and report writing skills. • Experience at the organisation and management of meetings. • Strong influencing and communication skills to ensure effective stakeholder management across all levels within the organization. • Strategic thinking to ensure the role makes a significant contribution to the business becoming commercially sustainable in the longer term. • Self-starter with positive proactive attitude and able to work collaboratively. • Organised and structured in approach. • Excellent team-working skills. • Diplomacy and tenacity. • Report writing. About Post Office The Post Office has thrived at the heart of high streets and local communities across the UK for over 370 years. As one of the country's most trusted brands, we take our commitment to providing essential services to customers across the UK very seriously. We're the UK's largest retail network, as well as the largest financial services provider in the UK, with over 11,600 branches nationwide - more than all of the UK's banks and building societies put together. We know that the best way to provide a great service for customers is to evolve our business and adapt to their changing needs. That's why we have a range of over 170 products and services, from personal financial services like banking, insurance, payments and travel money, to telecoms and, of course, mails. And we're improving our online and in store experience for customers. We know that our customers never stop changing, so neither will we. We're here, in person, for the people who rely on us. Our Ways of Working underpin everything we do, they are the "How" of our business strategy. They differentiate our business and aim to inspire great behaviours and align our colleagues around specific actions in order to be the organisation we want to be, and achieve our business goals. By living the Ways of Working each day, you will help make that vision a reality and enable our cultural transformation. In short: Working in partnership , as one team , we deliver amazing results! The Post Office embraces diversity and inclusion in the workplace and actively promote working without discrimination. We are also a Disability Confident Employer and are committed to interviewing disabled people who meet our minimum criteria for the job.
Cyber Security Engineer Summary: Grade: 3B Contract Type: Permanent Location: London Reporting to: Head of Cyber Operations Division: CISO The Purpose of the Role This role will be responsible for delivering new security capabilities within the cloud, branch and college environments to improve the overall security posture of Postoffice. To support the long-term strategic goals of Cyber Operations Teams. We act as the first line of defense for attacks aimed against us internally or externally. The successful candidate will contribute to cross functional collaboration to ensure appropriate security measures, technologies and processes are in place. This role will report to the Security Engineering Lead. Principal Accountabilities As a Cyber Security Engineer, you will be responsible for the engineering code configuration of multiple systems Working along side SOC and other cyber teams. You would be expected to show: • Office365 Cyber Threat and Management capabilities, including digital policy configuration, DLP, AIP, Intune and other MS security event mechanisms. • SIEM use case development, testing and false-positive tuning for Sentinel as primary with additional initiatives in cloud SIEMS for Splunk and AWS Security Hub. • Working with tools such as; Mimecast, Symantec Endpoint Protection, ServiceNow • Security event triage and investigation of alerts from multiple sources. • Help fine tune and improve SIEM use cases and Microsoft polices. • Support threat hunting based on threat intelligence and improve alerting. • Influence and drive continuous improvement in our SecOps capabilities. • Demonstrable experience in SecOps and working with technologies such as SIEM, SOAR and EDR. • Good level of understanding of threat actors and Tactics, Techniques, and Procedures utilised. Coordination and prioritisation of efforts will be at the discretion of the Cyber Engineering Lead. This role also includes a close working alignment with SOC Analysts to ensure effective monitoring is delivered. Qualifications, Experience & Skills Ideally have experience in the below: • AZ-500 or comparable level of knowledge • Understanding and being able articulate emerging threats and incidents to different audiences, including technical, operations management, senior management and executives. • Using industry leading technology to create detections to threats to our networks from external and internal threat actors. • Overseeing the day to day maintenance of Security tooling • Working with senior stakeholders to support a threat led approach to generate mitigation and countermeasures through SIEM use case • Working with third-party suppliers and vendors • Taking part in post-incident reviews and proposing engineering resolutions to improve results in any future recurrence • Excellent team player but also confident working on own initiative. • Strong communication skills (both written and oral) and interpersonal skills at all levels • An understanding of network infrastructure such as VPNs, firewalls, switches, routers, LANs, Intrusion Detection, vulnerability scanning etc. • A good understanding of cyber security concepts and systems/solutions such as IDM, EDR, DLP, SIEM, SSO etc. • Understanding of the Cyber Kill Chain and MITRE ATT&CK • Worked with or an understanding of EDR systems such as Defender or Symantec. • Commissioning Splunk infrastructure such as heavy and universal forwarders • Configuring and setting up data connectors within Sentinel • The creation and maintenance of Log Analytic Workspaces • experience with Microsoft KQL Experience required: • Excellent self-motivation skills • Proven experience or demonstrate working knowledge of Splunk or Sentinel. • Ability to share knowledge with the wider team • Business player with an appreciation of the wider implications of the unit to the future success of the Post Office. • Sound analytical skills. • A keen interest in cyber security with an enthusiasm for personal and professional growth • At least 5 years' experience in SecOps or IT Security. • Familiarity with enterprise security controls and security best practices for Windows, Linux, and Mac systems or similar • Experience working with Python and Linux shell scripts or similar • Experience or demonstrable knowledge in Incident response, log analysis, Log ingestion and event data sources. About Post Office The Post Office has thrived at the heart of high streets and local communities across the UK for over 370 years. As one of the country's most trusted brands, we take our commitment to providing essential services to customers across the UK very seriously. We're the UK's largest retail network, as well as the largest financial services provider in the UK, with over 11,600 branches nationwide - more than all of the UK's banks and building societies put together. We know that the best way to provide a great service for customers is to evolve our business and adapt to their changing needs. That's why we have a range of over 170 products and services, from personal financial services like banking, insurance, payments and travel money, to telecoms and, of course, mails. And we're improving our online and in store experience for customers. We know that our customers never stop changing, so neither will we. Securing the future Post Office's future: We are working hard to ensure that the next chapter of the Post Office's history is a bright one. We are the current guardians of an iconic business and we want to hand over a thriving network of branches which can continue to provide essential products and services for our customers for many years to come. This is a uniquely exciting and challenging time for the Post Office - we're shaping the future and creating a business we can all be proud of. Working at the Post Office: Post Office colleagues are the driving force behind our business. Whether they are in our branches or supporting from our offices, we are proud of the energy, commitment and customer focus our people all have in common. All Post Office people are guided by our three values and behaviours: We care by always thinking customer We strive to make things ever better through honest challenge We commit to decisive deliver The Post Office embraces diversity and inclusion in the workplace and actively promote working without discrimination. We are also a Disability Confident Employer and are committed to interviewing disabled people who meet our minimum criteria for the job.
01/04/2023
Full time
Cyber Security Engineer Summary: Grade: 3B Contract Type: Permanent Location: London Reporting to: Head of Cyber Operations Division: CISO The Purpose of the Role This role will be responsible for delivering new security capabilities within the cloud, branch and college environments to improve the overall security posture of Postoffice. To support the long-term strategic goals of Cyber Operations Teams. We act as the first line of defense for attacks aimed against us internally or externally. The successful candidate will contribute to cross functional collaboration to ensure appropriate security measures, technologies and processes are in place. This role will report to the Security Engineering Lead. Principal Accountabilities As a Cyber Security Engineer, you will be responsible for the engineering code configuration of multiple systems Working along side SOC and other cyber teams. You would be expected to show: • Office365 Cyber Threat and Management capabilities, including digital policy configuration, DLP, AIP, Intune and other MS security event mechanisms. • SIEM use case development, testing and false-positive tuning for Sentinel as primary with additional initiatives in cloud SIEMS for Splunk and AWS Security Hub. • Working with tools such as; Mimecast, Symantec Endpoint Protection, ServiceNow • Security event triage and investigation of alerts from multiple sources. • Help fine tune and improve SIEM use cases and Microsoft polices. • Support threat hunting based on threat intelligence and improve alerting. • Influence and drive continuous improvement in our SecOps capabilities. • Demonstrable experience in SecOps and working with technologies such as SIEM, SOAR and EDR. • Good level of understanding of threat actors and Tactics, Techniques, and Procedures utilised. Coordination and prioritisation of efforts will be at the discretion of the Cyber Engineering Lead. This role also includes a close working alignment with SOC Analysts to ensure effective monitoring is delivered. Qualifications, Experience & Skills Ideally have experience in the below: • AZ-500 or comparable level of knowledge • Understanding and being able articulate emerging threats and incidents to different audiences, including technical, operations management, senior management and executives. • Using industry leading technology to create detections to threats to our networks from external and internal threat actors. • Overseeing the day to day maintenance of Security tooling • Working with senior stakeholders to support a threat led approach to generate mitigation and countermeasures through SIEM use case • Working with third-party suppliers and vendors • Taking part in post-incident reviews and proposing engineering resolutions to improve results in any future recurrence • Excellent team player but also confident working on own initiative. • Strong communication skills (both written and oral) and interpersonal skills at all levels • An understanding of network infrastructure such as VPNs, firewalls, switches, routers, LANs, Intrusion Detection, vulnerability scanning etc. • A good understanding of cyber security concepts and systems/solutions such as IDM, EDR, DLP, SIEM, SSO etc. • Understanding of the Cyber Kill Chain and MITRE ATT&CK • Worked with or an understanding of EDR systems such as Defender or Symantec. • Commissioning Splunk infrastructure such as heavy and universal forwarders • Configuring and setting up data connectors within Sentinel • The creation and maintenance of Log Analytic Workspaces • experience with Microsoft KQL Experience required: • Excellent self-motivation skills • Proven experience or demonstrate working knowledge of Splunk or Sentinel. • Ability to share knowledge with the wider team • Business player with an appreciation of the wider implications of the unit to the future success of the Post Office. • Sound analytical skills. • A keen interest in cyber security with an enthusiasm for personal and professional growth • At least 5 years' experience in SecOps or IT Security. • Familiarity with enterprise security controls and security best practices for Windows, Linux, and Mac systems or similar • Experience working with Python and Linux shell scripts or similar • Experience or demonstrable knowledge in Incident response, log analysis, Log ingestion and event data sources. About Post Office The Post Office has thrived at the heart of high streets and local communities across the UK for over 370 years. As one of the country's most trusted brands, we take our commitment to providing essential services to customers across the UK very seriously. We're the UK's largest retail network, as well as the largest financial services provider in the UK, with over 11,600 branches nationwide - more than all of the UK's banks and building societies put together. We know that the best way to provide a great service for customers is to evolve our business and adapt to their changing needs. That's why we have a range of over 170 products and services, from personal financial services like banking, insurance, payments and travel money, to telecoms and, of course, mails. And we're improving our online and in store experience for customers. We know that our customers never stop changing, so neither will we. Securing the future Post Office's future: We are working hard to ensure that the next chapter of the Post Office's history is a bright one. We are the current guardians of an iconic business and we want to hand over a thriving network of branches which can continue to provide essential products and services for our customers for many years to come. This is a uniquely exciting and challenging time for the Post Office - we're shaping the future and creating a business we can all be proud of. Working at the Post Office: Post Office colleagues are the driving force behind our business. Whether they are in our branches or supporting from our offices, we are proud of the energy, commitment and customer focus our people all have in common. All Post Office people are guided by our three values and behaviours: We care by always thinking customer We strive to make things ever better through honest challenge We commit to decisive deliver The Post Office embraces diversity and inclusion in the workplace and actively promote working without discrimination. We are also a Disability Confident Employer and are committed to interviewing disabled people who meet our minimum criteria for the job.
Cyber Security Compliance Analyst Summary: Salary: Competitive Grade: 3B Contract Type: Permanent Location: London Reporting to: Senior Cyber Security Compliance Manager Division: IT The Purpose of the Role Under the management of the Senior Cyber Security Compliance Manager, the Cyber Security Compliance Manager is responsible for maintaining the Cyber Security policy and standard suite and ensure alignment with the controls in our GRC tool. They are responsible for the annual review and update of the ISMS documentation and the POL security policies and standards Furthermore, the role requires subject matter expertise in the maintenance of an information security management system and the underlying components of running an ongoing security awareness campaign, the Cyber Security Compliance Manager will accountable for the planning of the annual security awareness campaign as well as execute the associated communication plan. The Cyber Security Compliance Manager is also responsible for managing third party assurance. They will be conducting cyber security reviews on suppliers, contract reviews on existing and new third parties and providing security attestations to internal and external contacts when required. For this, establishing good relationships with adjacent teams such as Procurement, wider Cyber and IT is necessary. In addition, they will be independently required to support and provide advice to ongoing projects running in the Post Office and support reviews of external suppliers. Some technical experience and good knowledge of Cyber security and Information Assurance are required. Flexibility within this role is essential due to the diverse nature of Post Office's business. Working cohesively with other members of the wider IT Security, IT, Risk and Compliance and Data Protection teams is essential. As part of the Cyber Security Compliance team, the role requires cohesive and supportive relationships to be developed both within and outside of the team. The role will support the function to build a successful brand and be known as a 'go-to' team for all matters relating to information security compliance. This is an excellent opportunity for candidates who want to bridge the gap between technical security management and the business side of information security assurance. Principal Accountabilities • Maintain the Cyber Security Policy and Standard set to ensure that it is kept up to date and change control applied. These documents would also need to be uploaded to the intranet site and changes communicated both internally and to our suppliers. • Manage changes in modifying the scope of the ISMS based on the business needs, providing our clients, partners, and suppliers' assurance of our security governance. • Identify shortfalls within business processes and advise the business on the resolution along with the appropriate timescales. • Conduct cyber risk assessments, both rapid and in depth, for third parties, depending of business needs. • Lead and maintain the mitigation plans for the various third parties that ensures compliance to POL policies and standards. • Conduct contract reviews for ongoing and new suppliers. • Relationship management with leaders of other functions and business units. • Manage and deliver the ongoing Security Awareness Campaign and defining value through metrics, both for the back office and within the branches. • Support business areas in developing a positive security culture. • Be visible to Post Office staff and stakeholders and regularly activities to build trust with people involved in security, demonstrate insight, knowledge and add value. • Escalate issues to the Head of Cyber Security Compliance. • Support supplier reviews and internal Post Office projects, which will feed into the supplier management framework to assess suppliers against a maturity scale. Qualifications, Experience & Skills • Experience in cyber security, information security, IT security or similar area. • Qualifications such as CISM, CISA, CISSP, CRISC are desirable. • Experience conducting external security reviews, risk assessments and assurance reviews. • Experience creating treatment plans and reporting on findings. • Experience conducting contract reviews. • Understanding of cyber security threats, vulnerabilities and their impact in systems and various environments within the organisation. • Deep understanding of security controls' standards such as ISO27002, NIST CSF, COBIT, etc. • Strong Information Security knowledge (preferably with at least 5 years of experience). • Knowledge of ISO27001, ISMS, Cyber Essentials Plus and ISO22301 Business Continuity. • Practical and current knowledge of information security threats, countermeasures, mitigation and industry best practices. • Experience of implementing a security awareness and culture change programme. • Excellent communication and report writing skills. • Experience at the organisation and management of meetings. • Strong influencing and communication skills to ensure effective stakeholder management across all levels within the organization. • Strategic thinking to ensure the role makes a significant contribution to the business becoming commercially sustainable in the longer term. • Self-starter with positive proactive attitude and able to work collaboratively. • Organised and structured in approach. • Excellent team-working skills. • Diplomacy and tenacity. • Report writing. About Post Office The Post Office has thrived at the heart of high streets and local communities across the UK for over 370 years. As one of the country's most trusted brands, we take our commitment to providing essential services to customers across the UK very seriously. We're the UK's largest retail network, as well as the largest financial services provider in the UK, with over 11,600 branches nationwide - more than all of the UK's banks and building societies put together. We know that the best way to provide a great service for customers is to evolve our business and adapt to their changing needs. That's why we have a range of over 170 products and services, from personal financial services like banking, insurance, payments and travel money, to telecoms and, of course, mails. And we're improving our online and in store experience for customers. We know that our customers never stop changing, so neither will we. We're here, in person, for the people who rely on us. Our Ways of Working underpin everything we do, they are the "How" of our business strategy. They differentiate our business and aim to inspire great behaviours and align our colleagues around specific actions in order to be the organisation we want to be, and achieve our business goals. By living the Ways of Working each day, you will help make that vision a reality and enable our cultural transformation. In short: Working in partnership , as one team , we deliver amazing results! The Post Office embraces diversity and inclusion in the workplace and actively promote working without discrimination. We are also a Disability Confident Employer and are committed to interviewing disabled people who meet our minimum criteria for the job.
01/04/2023
Full time
Cyber Security Compliance Analyst Summary: Salary: Competitive Grade: 3B Contract Type: Permanent Location: London Reporting to: Senior Cyber Security Compliance Manager Division: IT The Purpose of the Role Under the management of the Senior Cyber Security Compliance Manager, the Cyber Security Compliance Manager is responsible for maintaining the Cyber Security policy and standard suite and ensure alignment with the controls in our GRC tool. They are responsible for the annual review and update of the ISMS documentation and the POL security policies and standards Furthermore, the role requires subject matter expertise in the maintenance of an information security management system and the underlying components of running an ongoing security awareness campaign, the Cyber Security Compliance Manager will accountable for the planning of the annual security awareness campaign as well as execute the associated communication plan. The Cyber Security Compliance Manager is also responsible for managing third party assurance. They will be conducting cyber security reviews on suppliers, contract reviews on existing and new third parties and providing security attestations to internal and external contacts when required. For this, establishing good relationships with adjacent teams such as Procurement, wider Cyber and IT is necessary. In addition, they will be independently required to support and provide advice to ongoing projects running in the Post Office and support reviews of external suppliers. Some technical experience and good knowledge of Cyber security and Information Assurance are required. Flexibility within this role is essential due to the diverse nature of Post Office's business. Working cohesively with other members of the wider IT Security, IT, Risk and Compliance and Data Protection teams is essential. As part of the Cyber Security Compliance team, the role requires cohesive and supportive relationships to be developed both within and outside of the team. The role will support the function to build a successful brand and be known as a 'go-to' team for all matters relating to information security compliance. This is an excellent opportunity for candidates who want to bridge the gap between technical security management and the business side of information security assurance. Principal Accountabilities • Maintain the Cyber Security Policy and Standard set to ensure that it is kept up to date and change control applied. These documents would also need to be uploaded to the intranet site and changes communicated both internally and to our suppliers. • Manage changes in modifying the scope of the ISMS based on the business needs, providing our clients, partners, and suppliers' assurance of our security governance. • Identify shortfalls within business processes and advise the business on the resolution along with the appropriate timescales. • Conduct cyber risk assessments, both rapid and in depth, for third parties, depending of business needs. • Lead and maintain the mitigation plans for the various third parties that ensures compliance to POL policies and standards. • Conduct contract reviews for ongoing and new suppliers. • Relationship management with leaders of other functions and business units. • Manage and deliver the ongoing Security Awareness Campaign and defining value through metrics, both for the back office and within the branches. • Support business areas in developing a positive security culture. • Be visible to Post Office staff and stakeholders and regularly activities to build trust with people involved in security, demonstrate insight, knowledge and add value. • Escalate issues to the Head of Cyber Security Compliance. • Support supplier reviews and internal Post Office projects, which will feed into the supplier management framework to assess suppliers against a maturity scale. Qualifications, Experience & Skills • Experience in cyber security, information security, IT security or similar area. • Qualifications such as CISM, CISA, CISSP, CRISC are desirable. • Experience conducting external security reviews, risk assessments and assurance reviews. • Experience creating treatment plans and reporting on findings. • Experience conducting contract reviews. • Understanding of cyber security threats, vulnerabilities and their impact in systems and various environments within the organisation. • Deep understanding of security controls' standards such as ISO27002, NIST CSF, COBIT, etc. • Strong Information Security knowledge (preferably with at least 5 years of experience). • Knowledge of ISO27001, ISMS, Cyber Essentials Plus and ISO22301 Business Continuity. • Practical and current knowledge of information security threats, countermeasures, mitigation and industry best practices. • Experience of implementing a security awareness and culture change programme. • Excellent communication and report writing skills. • Experience at the organisation and management of meetings. • Strong influencing and communication skills to ensure effective stakeholder management across all levels within the organization. • Strategic thinking to ensure the role makes a significant contribution to the business becoming commercially sustainable in the longer term. • Self-starter with positive proactive attitude and able to work collaboratively. • Organised and structured in approach. • Excellent team-working skills. • Diplomacy and tenacity. • Report writing. About Post Office The Post Office has thrived at the heart of high streets and local communities across the UK for over 370 years. As one of the country's most trusted brands, we take our commitment to providing essential services to customers across the UK very seriously. We're the UK's largest retail network, as well as the largest financial services provider in the UK, with over 11,600 branches nationwide - more than all of the UK's banks and building societies put together. We know that the best way to provide a great service for customers is to evolve our business and adapt to their changing needs. That's why we have a range of over 170 products and services, from personal financial services like banking, insurance, payments and travel money, to telecoms and, of course, mails. And we're improving our online and in store experience for customers. We know that our customers never stop changing, so neither will we. We're here, in person, for the people who rely on us. Our Ways of Working underpin everything we do, they are the "How" of our business strategy. They differentiate our business and aim to inspire great behaviours and align our colleagues around specific actions in order to be the organisation we want to be, and achieve our business goals. By living the Ways of Working each day, you will help make that vision a reality and enable our cultural transformation. In short: Working in partnership , as one team , we deliver amazing results! The Post Office embraces diversity and inclusion in the workplace and actively promote working without discrimination. We are also a Disability Confident Employer and are committed to interviewing disabled people who meet our minimum criteria for the job.
Cyber Security Engineer Summary: Grade: 3B Contract Type: Permanent Location: London Reporting to: Head of Cyber Operations Division: CISO The Purpose of the Role This role will be responsible for delivering new security capabilities within the cloud, branch and college environments to improve the overall security posture of Postoffice. To support the long-term strategic goals of Cyber Operations Teams. We act as the first line of defense for attacks aimed against us internally or externally. The successful candidate will contribute to cross functional collaboration to ensure appropriate security measures, technologies and processes are in place. This role will report to the Security Engineering Lead. Principal Accountabilities As a Cyber Security Engineer, you will be responsible for the engineering code configuration of multiple systems Working along side SOC and other cyber teams. You would be expected to show: • Office365 Cyber Threat and Management capabilities, including digital policy configuration, DLP, AIP, Intune and other MS security event mechanisms. • SIEM use case development, testing and false-positive tuning for Sentinel as primary with additional initiatives in cloud SIEMS for Splunk and AWS Security Hub. • Working with tools such as; Mimecast, Symantec Endpoint Protection, ServiceNow • Security event triage and investigation of alerts from multiple sources. • Help fine tune and improve SIEM use cases and Microsoft polices. • Support threat hunting based on threat intelligence and improve alerting. • Influence and drive continuous improvement in our SecOps capabilities. • Demonstrable experience in SecOps and working with technologies such as SIEM, SOAR and EDR. • Good level of understanding of threat actors and Tactics, Techniques, and Procedures utilised. Coordination and prioritisation of efforts will be at the discretion of the Cyber Engineering Lead. This role also includes a close working alignment with SOC Analysts to ensure effective monitoring is delivered. Qualifications, Experience & Skills Ideally have experience in the below: • AZ-500 or comparable level of knowledge • Understanding and being able articulate emerging threats and incidents to different audiences, including technical, operations management, senior management and executives. • Using industry leading technology to create detections to threats to our networks from external and internal threat actors. • Overseeing the day to day maintenance of Security tooling • Working with senior stakeholders to support a threat led approach to generate mitigation and countermeasures through SIEM use case • Working with third-party suppliers and vendors • Taking part in post-incident reviews and proposing engineering resolutions to improve results in any future recurrence • Excellent team player but also confident working on own initiative. • Strong communication skills (both written and oral) and interpersonal skills at all levels • An understanding of network infrastructure such as VPNs, firewalls, switches, routers, LANs, Intrusion Detection, vulnerability scanning etc. • A good understanding of cyber security concepts and systems/ solutions such as IDM, EDR, DLP, SIEM, SSO etc. • Understanding of the Cyber Kill Chain and MITRE ATT&CK • Worked with or an understanding of EDR systems such as Defender or Symantec. • Commissioning Splunk infrastructure such as heavy and universal forwarders • Configuring and setting up data connectors within Sentinel • The creation and maintenance of Log Analytic Workspaces • experience with Microsoft KQL Experience required: • Excellent self-motivation skills • Proven experience or demonstrate working knowledge of Splunk or Sentinel. • Ability to share knowledge with the wider team • Business player with an appreciation of the wider implications of the unit to the future success of the Post Office. • Sound analytical skills. • A keen interest in cyber security with an enthusiasm for personal and professional growth • At least 5 years' experience in SecOps or IT Security. • Familiarity with enterprise security controls and security best practices for Windows, Linux, and Mac systems or similar • Experience working with Python and Linux shell scripts or similar • Experience or demonstrable knowledge in Incident response, log analysis, Log ingestion and event data sources. About Post Office The Post Office has thrived at the heart of high streets and local communities across the UK for over 370 years. As one of the country's most trusted brands, we take our commitment to providing essential services to customers across the UK very seriously. We're the UK's largest retail network, as well as the largest financial services provider in the UK, with over 11,600 branches nationwide - more than all of the UK's banks and building societies put together. We know that the best way to provide a great service for customers is to evolve our business and adapt to their changing needs. That's why we have a range of over 170 products and services, from personal financial services like banking, insurance, payments and travel money, to telecoms and, of course, mails. And we're improving our online and in store experience for customers. We know that our customers never stop changing, so neither will we. Securing the future Post Office's future: We are working hard to ensure that the next chapter of the Post Office's history is a bright one. We are the current guardians of an iconic business and we want to hand over a thriving network of branches which can continue to provide essential products and services for our customers for many years to come. This is a uniquely exciting and challenging time for the Post Office - we're shaping the future and creating a business we can all be proud of. Working at the Post Office: Post Office colleagues are the driving force behind our business. Whether they are in our branches or supporting from our offices, we are proud of the energy, commitment and customer focus our people all have in common. All Post Office people are guided by our three values and behaviours: We care by always thinking customer We strive to make things ever better through honest challenge We commit to decisive deliver The Post Office embraces diversity and inclusion in the workplace and actively promote working without discrimination. We are also a Disability Confident Employer and are committed to interviewing disabled people who meet our minimum criteria for the job.
01/04/2023
Full time
Cyber Security Engineer Summary: Grade: 3B Contract Type: Permanent Location: London Reporting to: Head of Cyber Operations Division: CISO The Purpose of the Role This role will be responsible for delivering new security capabilities within the cloud, branch and college environments to improve the overall security posture of Postoffice. To support the long-term strategic goals of Cyber Operations Teams. We act as the first line of defense for attacks aimed against us internally or externally. The successful candidate will contribute to cross functional collaboration to ensure appropriate security measures, technologies and processes are in place. This role will report to the Security Engineering Lead. Principal Accountabilities As a Cyber Security Engineer, you will be responsible for the engineering code configuration of multiple systems Working along side SOC and other cyber teams. You would be expected to show: • Office365 Cyber Threat and Management capabilities, including digital policy configuration, DLP, AIP, Intune and other MS security event mechanisms. • SIEM use case development, testing and false-positive tuning for Sentinel as primary with additional initiatives in cloud SIEMS for Splunk and AWS Security Hub. • Working with tools such as; Mimecast, Symantec Endpoint Protection, ServiceNow • Security event triage and investigation of alerts from multiple sources. • Help fine tune and improve SIEM use cases and Microsoft polices. • Support threat hunting based on threat intelligence and improve alerting. • Influence and drive continuous improvement in our SecOps capabilities. • Demonstrable experience in SecOps and working with technologies such as SIEM, SOAR and EDR. • Good level of understanding of threat actors and Tactics, Techniques, and Procedures utilised. Coordination and prioritisation of efforts will be at the discretion of the Cyber Engineering Lead. This role also includes a close working alignment with SOC Analysts to ensure effective monitoring is delivered. Qualifications, Experience & Skills Ideally have experience in the below: • AZ-500 or comparable level of knowledge • Understanding and being able articulate emerging threats and incidents to different audiences, including technical, operations management, senior management and executives. • Using industry leading technology to create detections to threats to our networks from external and internal threat actors. • Overseeing the day to day maintenance of Security tooling • Working with senior stakeholders to support a threat led approach to generate mitigation and countermeasures through SIEM use case • Working with third-party suppliers and vendors • Taking part in post-incident reviews and proposing engineering resolutions to improve results in any future recurrence • Excellent team player but also confident working on own initiative. • Strong communication skills (both written and oral) and interpersonal skills at all levels • An understanding of network infrastructure such as VPNs, firewalls, switches, routers, LANs, Intrusion Detection, vulnerability scanning etc. • A good understanding of cyber security concepts and systems/ solutions such as IDM, EDR, DLP, SIEM, SSO etc. • Understanding of the Cyber Kill Chain and MITRE ATT&CK • Worked with or an understanding of EDR systems such as Defender or Symantec. • Commissioning Splunk infrastructure such as heavy and universal forwarders • Configuring and setting up data connectors within Sentinel • The creation and maintenance of Log Analytic Workspaces • experience with Microsoft KQL Experience required: • Excellent self-motivation skills • Proven experience or demonstrate working knowledge of Splunk or Sentinel. • Ability to share knowledge with the wider team • Business player with an appreciation of the wider implications of the unit to the future success of the Post Office. • Sound analytical skills. • A keen interest in cyber security with an enthusiasm for personal and professional growth • At least 5 years' experience in SecOps or IT Security. • Familiarity with enterprise security controls and security best practices for Windows, Linux, and Mac systems or similar • Experience working with Python and Linux shell scripts or similar • Experience or demonstrable knowledge in Incident response, log analysis, Log ingestion and event data sources. About Post Office The Post Office has thrived at the heart of high streets and local communities across the UK for over 370 years. As one of the country's most trusted brands, we take our commitment to providing essential services to customers across the UK very seriously. We're the UK's largest retail network, as well as the largest financial services provider in the UK, with over 11,600 branches nationwide - more than all of the UK's banks and building societies put together. We know that the best way to provide a great service for customers is to evolve our business and adapt to their changing needs. That's why we have a range of over 170 products and services, from personal financial services like banking, insurance, payments and travel money, to telecoms and, of course, mails. And we're improving our online and in store experience for customers. We know that our customers never stop changing, so neither will we. Securing the future Post Office's future: We are working hard to ensure that the next chapter of the Post Office's history is a bright one. We are the current guardians of an iconic business and we want to hand over a thriving network of branches which can continue to provide essential products and services for our customers for many years to come. This is a uniquely exciting and challenging time for the Post Office - we're shaping the future and creating a business we can all be proud of. Working at the Post Office: Post Office colleagues are the driving force behind our business. Whether they are in our branches or supporting from our offices, we are proud of the energy, commitment and customer focus our people all have in common. All Post Office people are guided by our three values and behaviours: We care by always thinking customer We strive to make things ever better through honest challenge We commit to decisive deliver The Post Office embraces diversity and inclusion in the workplace and actively promote working without discrimination. We are also a Disability Confident Employer and are committed to interviewing disabled people who meet our minimum criteria for the job.
Technical Writer 6 month contract Inside IR35 Hybrid (2 days on site) Description: A new demand has arisen within our Global client who require a Technical Writer to join them on an initial 6 month contract with high likelihood of extension, this will be on an Inside IR35 engagement. They are keen to onboard this Technical Writer, which will likely take the form of Business Analysts with experience of significant requirements gathering. In essence, the client have a series of sessions with their end client and the ask is for the individual to join the team in order to very accurately capture everything discussed during those sessions, this is important owed to this information being critical to allowing the client to understand what they're building for the customer, which the customer will sign-off there and then after said meeting. These sessions will run from 4 hours to 2 days depending on complexity. The suggestion was that the individuals sought will come from a Business Analysis background and will have very much a 'can-do' attitude. There will be an ask to spend time in the end clients offices to physically meet customers from April onwards, at least on a weekly basis. Top skills; - 3+ years' Business Analysis/Technical Writing experience. Ideally looking for a background engaging in an Infrastructure-related, or Cloud-related project so as to be familiar with the terminology. - 1 x Data Centre Migration/Cloud Migration project. This would be a nice to have, but any project experience on a project akin to the aforementioned would be extremely relevant. If you are looking for a new contract opportunity and feel your experience matches the above requirements please apply to this job add and/or send your CV to: (see below) Kind Regards, Job Title: Technical Writer Location: London, UK Job Type: Contract Trading as TEKsystems. Allegis Group Limited, Bracknell, RG12 1RT, United Kingdom. No Allegis Group Limited operates as an Employment Business and Employment Agency as set out in the Conduct of Employment Agencies and Employment Businesses Regulations 2003. TEKsystems is a company within the Allegis Group network of companies (collectively referred to as "Allegis Group"). Aerotek, Aston Carter, EASi, Talentis Solutions, TEKsystems, Stamford Consultants and The Stamford Group are Allegis Group brands. If you apply, your personal data will be processed as described in the Allegis Group Online Privacy Notice available at our website. To access our Online Privacy Notice, which explains what information we may collect, use, share, and store about you, and describes your rights and choices about this, please go our website. We are part of a global network of companies and as a result, the personal data you provide will be shared within Allegis Group and transferred and processed outside the UK, Switzerland and European Economic Area subject to the protections described in the Allegis Group Online Privacy Notice. We store personal data in the UK, EEA, Switzerland and the USA. If you would like to exercise your privacy rights, please visit the "Contacting Us" section of our Online Privacy Notice on our website for details on how to contact us. To protect your privacy and security, we may take steps to verify your identity, such as a password and user ID if there is an account associated with your request, or identifying information such as your address or date of birth, before proceeding with your request. commitments under the UK Data Protection Act, EU-U.S. Privacy Shield or the Swiss-U.S. Privacy Shield.
31/03/2023
Project-based
Technical Writer 6 month contract Inside IR35 Hybrid (2 days on site) Description: A new demand has arisen within our Global client who require a Technical Writer to join them on an initial 6 month contract with high likelihood of extension, this will be on an Inside IR35 engagement. They are keen to onboard this Technical Writer, which will likely take the form of Business Analysts with experience of significant requirements gathering. In essence, the client have a series of sessions with their end client and the ask is for the individual to join the team in order to very accurately capture everything discussed during those sessions, this is important owed to this information being critical to allowing the client to understand what they're building for the customer, which the customer will sign-off there and then after said meeting. These sessions will run from 4 hours to 2 days depending on complexity. The suggestion was that the individuals sought will come from a Business Analysis background and will have very much a 'can-do' attitude. There will be an ask to spend time in the end clients offices to physically meet customers from April onwards, at least on a weekly basis. Top skills; - 3+ years' Business Analysis/Technical Writing experience. Ideally looking for a background engaging in an Infrastructure-related, or Cloud-related project so as to be familiar with the terminology. - 1 x Data Centre Migration/Cloud Migration project. This would be a nice to have, but any project experience on a project akin to the aforementioned would be extremely relevant. If you are looking for a new contract opportunity and feel your experience matches the above requirements please apply to this job add and/or send your CV to: (see below) Kind Regards, Job Title: Technical Writer Location: London, UK Job Type: Contract Trading as TEKsystems. Allegis Group Limited, Bracknell, RG12 1RT, United Kingdom. No Allegis Group Limited operates as an Employment Business and Employment Agency as set out in the Conduct of Employment Agencies and Employment Businesses Regulations 2003. TEKsystems is a company within the Allegis Group network of companies (collectively referred to as "Allegis Group"). Aerotek, Aston Carter, EASi, Talentis Solutions, TEKsystems, Stamford Consultants and The Stamford Group are Allegis Group brands. If you apply, your personal data will be processed as described in the Allegis Group Online Privacy Notice available at our website. To access our Online Privacy Notice, which explains what information we may collect, use, share, and store about you, and describes your rights and choices about this, please go our website. We are part of a global network of companies and as a result, the personal data you provide will be shared within Allegis Group and transferred and processed outside the UK, Switzerland and European Economic Area subject to the protections described in the Allegis Group Online Privacy Notice. We store personal data in the UK, EEA, Switzerland and the USA. If you would like to exercise your privacy rights, please visit the "Contacting Us" section of our Online Privacy Notice on our website for details on how to contact us. To protect your privacy and security, we may take steps to verify your identity, such as a password and user ID if there is an account associated with your request, or identifying information such as your address or date of birth, before proceeding with your request. commitments under the UK Data Protection Act, EU-U.S. Privacy Shield or the Swiss-U.S. Privacy Shield.
Business/Systems Analyst - HR & Payroll required by a global services organisation, to be based remotely, who has recently embarked on global HR and payroll transformation programmes. Role - Business/Systems Analyst - HR & Payroll Location - Remote Skills - Business Analyst, Business Analysis, Systems Analyst, Systems Analysis, HR, Payroll, Agile, Waterfall Salary - £30,000 to £40,000 + benefits The Business/Systems Analyst - HR & Payroll will have some background in business and systems analysis, an understanding of HR and payroll applications, knowledge of both Agile and Waterfall methodologies and possess good problem solving, initiative and communication competencies. Your role will be responsible for driving both efficiency, stability, security, standardisation and innovation across my clients HR and payroll applications. Duties will include working closely with the Senior Business/Systems Analyst - HR & Payroll and IT Product Manager, own the analysis and documentation of as-is systems, contribute to testing activities and help resolve any BAU issues. In return my client can offer a competitive base salary and the opportunity to join an organisation at the very start of their global HR and payroll transformation programmes. Gilbert Scott Associates Ltd is an equal opportunities employment business and employment agency and welcomes applications from all candidates.
31/03/2023
Full time
Business/Systems Analyst - HR & Payroll required by a global services organisation, to be based remotely, who has recently embarked on global HR and payroll transformation programmes. Role - Business/Systems Analyst - HR & Payroll Location - Remote Skills - Business Analyst, Business Analysis, Systems Analyst, Systems Analysis, HR, Payroll, Agile, Waterfall Salary - £30,000 to £40,000 + benefits The Business/Systems Analyst - HR & Payroll will have some background in business and systems analysis, an understanding of HR and payroll applications, knowledge of both Agile and Waterfall methodologies and possess good problem solving, initiative and communication competencies. Your role will be responsible for driving both efficiency, stability, security, standardisation and innovation across my clients HR and payroll applications. Duties will include working closely with the Senior Business/Systems Analyst - HR & Payroll and IT Product Manager, own the analysis and documentation of as-is systems, contribute to testing activities and help resolve any BAU issues. In return my client can offer a competitive base salary and the opportunity to join an organisation at the very start of their global HR and payroll transformation programmes. Gilbert Scott Associates Ltd is an equal opportunities employment business and employment agency and welcomes applications from all candidates.
3rd Line Support/Third Line Support Type: Permanent Location: Witney - Office based An exciting opportunity for a 3rd Line candidate to join a growing wealth management company. This role is project focused with a small amount of BAU support. The chosen candidate will be in charge of maintaining the infrastructure and delivering on projects for the company. Duties and Responsibilities: To configure and deploy infrastructure items including Servers, networks and all IT peripherals, for example: UPS, printers, scanners, mobiles devices, laptops and thin clients. To monitor and manage the IT systems using appropriate tools, and with the aid of the IT Supplier/Consultants where appropriate, in order to maximise performance and uptime. To be an effective point of contact for Internal IT, resolving issues or referring to 3rd parties as appropriate Identify areas where improvements can be made in the IT service. Take responsibility for assigned Projects and deliver them to time, cost and quality. Maintaining a high level of Cyber Security awareness and being proactive in securing our infrastructure and systems. Mentor and train other members of the Internal IT Team. Skills and Knowledge Requirements: Experience of VMWare and Virtualisation Experience of Supporting and Implementing Microsoft Server VMWare Microsoft SQL Citrix Supporting Microsoft (Office) 365 Including: Email, Teams, OneDrive, SharePoint Good working knowledge of Multi-Factor Authentication Good working knowledge of networking: Firewalls, Switches, Patching and Wi-Fi Experience of supporting backup tools such as Veeam Supporting Domain Services including: Active Directory and Group Policy Ability to deliver major system upgrades, complete change control and project work Excellent documentation skills with an eye for details and accuracy: technical change controls, user guides, business processes, standards, policies and procedures Third Line Support/3rd Line Support/Third Line Engineer/3rd Line Engineer/3rd Line Technician/Third Line Technician/IT Infrastructure Analyst/IT Infrastructure Engineer/3rd Line Support Engineer/Third Line Support Engineer/3rd Line Infrastructure Support/Third Line Infrastructure Support/2nd/3rd Line Support
31/03/2023
Full time
3rd Line Support/Third Line Support Type: Permanent Location: Witney - Office based An exciting opportunity for a 3rd Line candidate to join a growing wealth management company. This role is project focused with a small amount of BAU support. The chosen candidate will be in charge of maintaining the infrastructure and delivering on projects for the company. Duties and Responsibilities: To configure and deploy infrastructure items including Servers, networks and all IT peripherals, for example: UPS, printers, scanners, mobiles devices, laptops and thin clients. To monitor and manage the IT systems using appropriate tools, and with the aid of the IT Supplier/Consultants where appropriate, in order to maximise performance and uptime. To be an effective point of contact for Internal IT, resolving issues or referring to 3rd parties as appropriate Identify areas where improvements can be made in the IT service. Take responsibility for assigned Projects and deliver them to time, cost and quality. Maintaining a high level of Cyber Security awareness and being proactive in securing our infrastructure and systems. Mentor and train other members of the Internal IT Team. Skills and Knowledge Requirements: Experience of VMWare and Virtualisation Experience of Supporting and Implementing Microsoft Server VMWare Microsoft SQL Citrix Supporting Microsoft (Office) 365 Including: Email, Teams, OneDrive, SharePoint Good working knowledge of Multi-Factor Authentication Good working knowledge of networking: Firewalls, Switches, Patching and Wi-Fi Experience of supporting backup tools such as Veeam Supporting Domain Services including: Active Directory and Group Policy Ability to deliver major system upgrades, complete change control and project work Excellent documentation skills with an eye for details and accuracy: technical change controls, user guides, business processes, standards, policies and procedures Third Line Support/3rd Line Support/Third Line Engineer/3rd Line Engineer/3rd Line Technician/Third Line Technician/IT Infrastructure Analyst/IT Infrastructure Engineer/3rd Line Support Engineer/Third Line Support Engineer/3rd Line Infrastructure Support/Third Line Infrastructure Support/2nd/3rd Line Support
Solutions Architect One day a week in the office (Monday's) - Offices at Wembley Stadium Full Time - Permanent Gerrard White are working with a leading charity in delivering outstanding grassroots football facilities to clubs and communities across the UK. They are looking for a Solutions Architect will lead on the high-level design of all enterprise services to ensure that all systems and applications developed, outsourced, or purchased integrates correctly into the architecture to provide a coherent platform which is well documented on an application portfolio. The post-holder will also be responsible for reviewing existing Legacy applications, assessing, and proposing direction and designing and implementing the future state systems architecture required to meet the needs of the organisation. The post holder will work closely with the Business Analyst and stakeholder teams within the organisation to ensure that the functional business requirements are delivered, as well as leading the development team when designing innovative solutions. This is an ideal opportunity for an experienced and enthusiastic Solutions Architect who is looking to take a key role within a sport-focussed organisation and enjoys developing the skills within an organisation following the implementation of and improvements to technology solutions. Principal contacts Internal: Head of Technology, Scrum Master, Business Analyst, Chief Finance Officer, Director of Grant Management, Director of Programmes, Director of Brand, Development Team. External: External software suppliers, Data analysts from our funding partners Key responsibilities: Managing the internal development team for our Grant Application and Management processes. Ensuring the design and architecture of our services meet the current and future data and technology needs. Understanding the dependencies, interoperability, future viability, and cybersecurity requirements of our technology stacks across the entire service catalogue, including making recommendations for commissioning and decommissioning services as needed. Support the Scrum Master to facilitate development activities, processes, or work packages to ensure the delivery of new grant offerings and system functionality improvements as specified in the product development roadmap. Supporting the Scrum Master, Business Analyst and development team in resource planning, capacity planning, task/story creation, refinement, and effort/story-pointing. Suggesting improvements for and outlining the benefits of improvements in production processes for the development team to optimise resource allocation. Regularly reporting progress with stakeholders, including raising risks, issues and other noteworthy project items in a timely manner and supporting in resolution. Ensure that system benefits are understood and realised at all levels. Ensure that all information collected, utilised, and disseminated via its systems is done so according to all legislative and regulatory requirements (ie, Data Protection Act, EU General Data Protection Regulation). Other activity Undertake duties as can be expected to ensure the department's smooth running and efficiency. Carry out duties and responsibilities of the post in compliance with policies - especially Equal Opportunities and Health & Safety. PERSON SPECIFICATION Qualifications & Experience Related computer engineering degree or significant industry experience Good technical understanding of development frameworks, value cycles, business processes, business requirements and UAT (User Acceptance Testing) methodologies Extensive experience with the end-to-end software delivery cycle Evidence of collaboratively working within Agile/Scrum teams, and experience in influencing and co-ordinating external suppliers to meet the data and technology need. Strong knowledge of Microsoft Dynamics 365, PowerApps and Power BI technologies Working knowledge of JIRA Experience of translating business requirements into a well optimised and elegant technical design, supported by development teams. Experience of successfully managing a small team of people; motivating and inspiring them to achieve objectives Skills and abilities Ability to critically evaluate business requirements and turn them into effective solution designs/proposals across the full technology stack. Proven ability in working with multiple development frameworks, methodologies, and solutions. Exceptional team management skills; able to communicate technical matters, both verbally and in writing, to both skilled and non-skilled staff. Strong time and capacity management skills; able to work across the organisation on multiple projects simultaneously, managing expectations and prioritising workloads. Able to manage moving deadlines and changing priorities and maintain a flexible mindset when managing conflicting priorities across the business. Have a demonstrable ability to use your technical skills to break down the problem/solution into deliverables for the development team to build and test. You are flexible & adaptable in applying your skills wherever required, depending on the current needs of the team. In return you will get a competitive salary alongside an outstanding benefits package that includes - 8% employers' contribution (6% employee) Private Medical - Personal - AXA Group Health Cash Plan (optical, physio, dental) £30 gym subsidy 2% collective bonus (discretionary) - based on KPI's being hit Free Wembley match tickets - England, FA Cup (Semi/Final), League Cup, Charity Shield 25 days holiday
31/03/2023
Full time
Solutions Architect One day a week in the office (Monday's) - Offices at Wembley Stadium Full Time - Permanent Gerrard White are working with a leading charity in delivering outstanding grassroots football facilities to clubs and communities across the UK. They are looking for a Solutions Architect will lead on the high-level design of all enterprise services to ensure that all systems and applications developed, outsourced, or purchased integrates correctly into the architecture to provide a coherent platform which is well documented on an application portfolio. The post-holder will also be responsible for reviewing existing Legacy applications, assessing, and proposing direction and designing and implementing the future state systems architecture required to meet the needs of the organisation. The post holder will work closely with the Business Analyst and stakeholder teams within the organisation to ensure that the functional business requirements are delivered, as well as leading the development team when designing innovative solutions. This is an ideal opportunity for an experienced and enthusiastic Solutions Architect who is looking to take a key role within a sport-focussed organisation and enjoys developing the skills within an organisation following the implementation of and improvements to technology solutions. Principal contacts Internal: Head of Technology, Scrum Master, Business Analyst, Chief Finance Officer, Director of Grant Management, Director of Programmes, Director of Brand, Development Team. External: External software suppliers, Data analysts from our funding partners Key responsibilities: Managing the internal development team for our Grant Application and Management processes. Ensuring the design and architecture of our services meet the current and future data and technology needs. Understanding the dependencies, interoperability, future viability, and cybersecurity requirements of our technology stacks across the entire service catalogue, including making recommendations for commissioning and decommissioning services as needed. Support the Scrum Master to facilitate development activities, processes, or work packages to ensure the delivery of new grant offerings and system functionality improvements as specified in the product development roadmap. Supporting the Scrum Master, Business Analyst and development team in resource planning, capacity planning, task/story creation, refinement, and effort/story-pointing. Suggesting improvements for and outlining the benefits of improvements in production processes for the development team to optimise resource allocation. Regularly reporting progress with stakeholders, including raising risks, issues and other noteworthy project items in a timely manner and supporting in resolution. Ensure that system benefits are understood and realised at all levels. Ensure that all information collected, utilised, and disseminated via its systems is done so according to all legislative and regulatory requirements (ie, Data Protection Act, EU General Data Protection Regulation). Other activity Undertake duties as can be expected to ensure the department's smooth running and efficiency. Carry out duties and responsibilities of the post in compliance with policies - especially Equal Opportunities and Health & Safety. PERSON SPECIFICATION Qualifications & Experience Related computer engineering degree or significant industry experience Good technical understanding of development frameworks, value cycles, business processes, business requirements and UAT (User Acceptance Testing) methodologies Extensive experience with the end-to-end software delivery cycle Evidence of collaboratively working within Agile/Scrum teams, and experience in influencing and co-ordinating external suppliers to meet the data and technology need. Strong knowledge of Microsoft Dynamics 365, PowerApps and Power BI technologies Working knowledge of JIRA Experience of translating business requirements into a well optimised and elegant technical design, supported by development teams. Experience of successfully managing a small team of people; motivating and inspiring them to achieve objectives Skills and abilities Ability to critically evaluate business requirements and turn them into effective solution designs/proposals across the full technology stack. Proven ability in working with multiple development frameworks, methodologies, and solutions. Exceptional team management skills; able to communicate technical matters, both verbally and in writing, to both skilled and non-skilled staff. Strong time and capacity management skills; able to work across the organisation on multiple projects simultaneously, managing expectations and prioritising workloads. Able to manage moving deadlines and changing priorities and maintain a flexible mindset when managing conflicting priorities across the business. Have a demonstrable ability to use your technical skills to break down the problem/solution into deliverables for the development team to build and test. You are flexible & adaptable in applying your skills wherever required, depending on the current needs of the team. In return you will get a competitive salary alongside an outstanding benefits package that includes - 8% employers' contribution (6% employee) Private Medical - Personal - AXA Group Health Cash Plan (optical, physio, dental) £30 gym subsidy 2% collective bonus (discretionary) - based on KPI's being hit Free Wembley match tickets - England, FA Cup (Semi/Final), League Cup, Charity Shield 25 days holiday
Lead Cyber Operations Analyst Whitehall Resources are currently looking for a Lead Cyber Operations Analyst based in Cheshire for an initial 6-month contract. * UMBRELLA COMPANY ONLY.* Key Accountabilities: - Responsible for the management of security events, including triaging, escalation, response and post incident review. - Maturing incident triaging methods and developing controls to detect and prevent attackers from executing their objectives. - Maintaining a good understanding of the regulatory requirements of performing monitoring and incident response functions globally. - Maintaining a functional understanding of the latest approaches used in detecting attacker techniques. - Act as an authority in analysis approaches and techniques used in Malware analysis, Digital forensics and Countermeasure development. - Authorize control deployment or containment and eradication actions or strategies. - Understand and act on intelligence provided by other teams and external sources. - Provide support to other security investigational functions as required. - Provide general advice and guidance on Information Security related matters. - Available for 'out of hours' support and investigation for security incident escalation. Stakeholder Management and Leadership: The role incorporates a natural level of Stakeholder Management, with a requirement to be able to effectively communicate and articulate risks, associated with security events at a technical and non-technical level dependent on audience. In addition, the role holder will be a mentor to peers, and will be required to maintain relationships. within the wider CSO department and business units, to identify areas of collaboration and improvement. Decision-making and Problem Solving: Cyber Operations Lead Analysts are required to apply decision-making logic to adequately react to security events affecting the Group through the interpretation of event data, provided by a range of technologies including (but not limited to), web Proxy, Firewalls, IDS, MPS, network devices, endpoint security products, SOAR etc. Confident in their ability to remain calm, controlled and focused in pressure situations, whilst adept at identifying, understanding and evaluating operational risks and issues. Those who thrive in fast-paced environments, who are able to take proportionate and appropriate actions. Risk and Control Objective: Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Policies and Policy Standards. Essential Skills/Basic Qualifications: - Necessary to have Splunk experience (5 years), Microsoft Defender, Experience of working in the Cloud and exposure to Cyber operations. - Experience and detailed technical knowledge within all the phases of incident response. - Experience presenting to executive and technical audiences both internally and at industry events, - Incident Response technology stack. - Cyber Kill Chain, Intelligence Driven Defence and Security architectures. - Red, Blue and Purple team operations and management - Incident Response procedures, with technical ability to 'take control, and co-ordinate' major security incidents - Security monitoring, incident response and mitigation, web application security, threat research or intelligence analysis - Attack surface reduction, using intelligence to increase controls before a threat manifests Desirable skills/Preferred Qualifications: - Certification in at least one of the following: - GIAC Certified Incident Hander - GIAC Certified Intrusion Analyst - GIAC Reverse Engineering Malware Comprehensive knowledge and application of: - Cyber Kill Chain and MITRE ATT&CK mapping of incidents and controls - Intelligence Driven Defence - Attack detection development and tuning - Cyber threat hunting, anomaly detection and control deployment automation. - Ability to identify operational risks and issues in a Real Time environment and take proportionate and appropriate actions. - Reporting writing based on complex data with accuracy, brevity, and speed. All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description. Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.
31/03/2023
Project-based
Lead Cyber Operations Analyst Whitehall Resources are currently looking for a Lead Cyber Operations Analyst based in Cheshire for an initial 6-month contract. * UMBRELLA COMPANY ONLY.* Key Accountabilities: - Responsible for the management of security events, including triaging, escalation, response and post incident review. - Maturing incident triaging methods and developing controls to detect and prevent attackers from executing their objectives. - Maintaining a good understanding of the regulatory requirements of performing monitoring and incident response functions globally. - Maintaining a functional understanding of the latest approaches used in detecting attacker techniques. - Act as an authority in analysis approaches and techniques used in Malware analysis, Digital forensics and Countermeasure development. - Authorize control deployment or containment and eradication actions or strategies. - Understand and act on intelligence provided by other teams and external sources. - Provide support to other security investigational functions as required. - Provide general advice and guidance on Information Security related matters. - Available for 'out of hours' support and investigation for security incident escalation. Stakeholder Management and Leadership: The role incorporates a natural level of Stakeholder Management, with a requirement to be able to effectively communicate and articulate risks, associated with security events at a technical and non-technical level dependent on audience. In addition, the role holder will be a mentor to peers, and will be required to maintain relationships. within the wider CSO department and business units, to identify areas of collaboration and improvement. Decision-making and Problem Solving: Cyber Operations Lead Analysts are required to apply decision-making logic to adequately react to security events affecting the Group through the interpretation of event data, provided by a range of technologies including (but not limited to), web Proxy, Firewalls, IDS, MPS, network devices, endpoint security products, SOAR etc. Confident in their ability to remain calm, controlled and focused in pressure situations, whilst adept at identifying, understanding and evaluating operational risks and issues. Those who thrive in fast-paced environments, who are able to take proportionate and appropriate actions. Risk and Control Objective: Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Policies and Policy Standards. Essential Skills/Basic Qualifications: - Necessary to have Splunk experience (5 years), Microsoft Defender, Experience of working in the Cloud and exposure to Cyber operations. - Experience and detailed technical knowledge within all the phases of incident response. - Experience presenting to executive and technical audiences both internally and at industry events, - Incident Response technology stack. - Cyber Kill Chain, Intelligence Driven Defence and Security architectures. - Red, Blue and Purple team operations and management - Incident Response procedures, with technical ability to 'take control, and co-ordinate' major security incidents - Security monitoring, incident response and mitigation, web application security, threat research or intelligence analysis - Attack surface reduction, using intelligence to increase controls before a threat manifests Desirable skills/Preferred Qualifications: - Certification in at least one of the following: - GIAC Certified Incident Hander - GIAC Certified Intrusion Analyst - GIAC Reverse Engineering Malware Comprehensive knowledge and application of: - Cyber Kill Chain and MITRE ATT&CK mapping of incidents and controls - Intelligence Driven Defence - Attack detection development and tuning - Cyber threat hunting, anomaly detection and control deployment automation. - Ability to identify operational risks and issues in a Real Time environment and take proportionate and appropriate actions. - Reporting writing based on complex data with accuracy, brevity, and speed. All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description. Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.
*We are unable to sponsor as this is a permanent Full time role* A prestigious fortune 500 is on the search for a BUSINESS CONTINUITY ANALYST III. This role is to focus on business continuity crisis management, some risk analysis, and Disaster Recovery. They will need experience with ISO22301, 27001, NIST, CCM, and PCI DSS. Responsibilities: Works with business teams across the global organization to execute the ES Business Continuity Management program framework, extending processes as necessary to help business partners identify confidentiality, availability and integrity risk and manage mitigation to an acceptable level. Determines and evaluates the current state of Business Continuity (BC) and Disaster Recovery (DR) planning within assigned Company GIS departments and helps facilitate the improvement and maintenance of each of those plans, considering best practices, industry standards and critical areas of focus for the company. Implements and maintains the Business Continuity Automated Notification system. Leads the Business Impact Analysis execution and maintenance. Provides coaching, training, and problem-solving assistance to other analysts. Leads testing and training exercises for all Company entities as defined by Executive Leadership. Maintain and improve BC/DR document repository. Identify changes required to improve BC/DR plans and validate those plan changes with live tests and tabletop exercises with various areas of the global business. Conducts BC/DR Plan reviews throughout the company to ensure necessary documentation is kept up to date. Conducts testing and validation of these plans and work with teams to ensure they are viable and meet Internal Audit and regulatory compliance obligations. Executes development, documentation, and training of team members on an Automated Notification System. Identifies maturity options for DR roadmap in coordination with other analysts and BCM Manager. Executes project management for DR exercises. Develop and maintain BC/DR training programs for all company departments and locations. BC/DR support for the company key locations. Conduct periodic call notification tests with all departments, including C-level executives. Work to maintain BC Intranet website and other communications channels and repositories. Provides inputs to global business continuity management processes in developing controls needed for the mitigation of risks for business processes which are not compliant with information security and risk frameworks Collaboratively works to influence and socialize strategies, standards, policies, procedures, communications, and governance. Coordinates deployment and measurement of security awareness efforts across Company global business units Aligns individual goals to team goals with OKRs Serves as subject matter expert in providing advice to global business units regarding compliance with applicable frameworks including ISO 22301, 27001, NIST Cybersecurity Framework (CSF), Cloud Controls Matrix (CCM) and standards including the Payment Card Industry Data Security Standard (PCI DSS) as well as other frameworks and standards as required. Preferred Education & Experience: 6 - 15 years industry experience College degree or equivalent with emphasis on Computer Science courses Proficient in Microsoft products (Word, Excel, PowerPoint, MS Project, etc.) Skilled in project management Certified Business Continuity Professional (CBCP) preferred Experience working with ISO 22301, 27001, ISO 27005 (or similar) security framework, NIST RMF standards in operational IT environment preferred Operational experience in applying risk frameworks to technologies (including cloud, containers) and continuous processes (including DevOps and Agile software deployment) helpful
31/03/2023
Full time
*We are unable to sponsor as this is a permanent Full time role* A prestigious fortune 500 is on the search for a BUSINESS CONTINUITY ANALYST III. This role is to focus on business continuity crisis management, some risk analysis, and Disaster Recovery. They will need experience with ISO22301, 27001, NIST, CCM, and PCI DSS. Responsibilities: Works with business teams across the global organization to execute the ES Business Continuity Management program framework, extending processes as necessary to help business partners identify confidentiality, availability and integrity risk and manage mitigation to an acceptable level. Determines and evaluates the current state of Business Continuity (BC) and Disaster Recovery (DR) planning within assigned Company GIS departments and helps facilitate the improvement and maintenance of each of those plans, considering best practices, industry standards and critical areas of focus for the company. Implements and maintains the Business Continuity Automated Notification system. Leads the Business Impact Analysis execution and maintenance. Provides coaching, training, and problem-solving assistance to other analysts. Leads testing and training exercises for all Company entities as defined by Executive Leadership. Maintain and improve BC/DR document repository. Identify changes required to improve BC/DR plans and validate those plan changes with live tests and tabletop exercises with various areas of the global business. Conducts BC/DR Plan reviews throughout the company to ensure necessary documentation is kept up to date. Conducts testing and validation of these plans and work with teams to ensure they are viable and meet Internal Audit and regulatory compliance obligations. Executes development, documentation, and training of team members on an Automated Notification System. Identifies maturity options for DR roadmap in coordination with other analysts and BCM Manager. Executes project management for DR exercises. Develop and maintain BC/DR training programs for all company departments and locations. BC/DR support for the company key locations. Conduct periodic call notification tests with all departments, including C-level executives. Work to maintain BC Intranet website and other communications channels and repositories. Provides inputs to global business continuity management processes in developing controls needed for the mitigation of risks for business processes which are not compliant with information security and risk frameworks Collaboratively works to influence and socialize strategies, standards, policies, procedures, communications, and governance. Coordinates deployment and measurement of security awareness efforts across Company global business units Aligns individual goals to team goals with OKRs Serves as subject matter expert in providing advice to global business units regarding compliance with applicable frameworks including ISO 22301, 27001, NIST Cybersecurity Framework (CSF), Cloud Controls Matrix (CCM) and standards including the Payment Card Industry Data Security Standard (PCI DSS) as well as other frameworks and standards as required. Preferred Education & Experience: 6 - 15 years industry experience College degree or equivalent with emphasis on Computer Science courses Proficient in Microsoft products (Word, Excel, PowerPoint, MS Project, etc.) Skilled in project management Certified Business Continuity Professional (CBCP) preferred Experience working with ISO 22301, 27001, ISO 27005 (or similar) security framework, NIST RMF standards in operational IT environment preferred Operational experience in applying risk frameworks to technologies (including cloud, containers) and continuous processes (including DevOps and Agile software deployment) helpful
.Net Developer/Support Analyst Leeds (Hybrid) Permanent To £70,000 (DOE) + Benefits .Net Developer/Support Analyst needed for a superb career opportunity based in Leeds. Start Ideally April 2023. This role will be available as a Hybrid working role, up to Max 2 days in Leeds when required but mainly working from home. A chance for a .NET Developer/Support Analys t to work with a leading global digital transformation business delivering large-scale, long-term IT projects for the Government sector. Essential experience: Must be proficient in .NET latest framework, C#, MVC, Rest API programming) .NET, Hands on experience in .NET technologies with C# development experience (especially micro-services). Knowledge AWS Cloud + experience in SQS Implementation, development and support. Advantageous: AWS Cloud Watch, Splunk, Rabbit MQ Graphana monitoring experience + A+ Government/Public sector experience. SC Security Clearance preferred (must be fully eligible to undergo the SC security vetting process- lived and worked in the UK for 5 years minimum). Roles & Responsibility: Confident working to critical deadlines + experience of supporting and coordinating independently with multiple users in medium to large scale SLA based environments. Application Live Production applications on daily basis with Production Operations/Service team Production incidents using Service Management tools. Support application end users for queries as and when required. Support and Monitor applications as per the tools stacks used on the programme. As a part of the current (DevOps team) develop and test solutions for live incidents. Responsible for development and testing as per Agile DevOps approach, involves CI/CD process and tools management and implementation. Experience of support in managing data issues, reconciliation Responsible for continuous enhancements /fixes required for application performance and tuning at Front End & Back End- Database level when required with priority for production -live issues.
31/03/2023
Full time
.Net Developer/Support Analyst Leeds (Hybrid) Permanent To £70,000 (DOE) + Benefits .Net Developer/Support Analyst needed for a superb career opportunity based in Leeds. Start Ideally April 2023. This role will be available as a Hybrid working role, up to Max 2 days in Leeds when required but mainly working from home. A chance for a .NET Developer/Support Analys t to work with a leading global digital transformation business delivering large-scale, long-term IT projects for the Government sector. Essential experience: Must be proficient in .NET latest framework, C#, MVC, Rest API programming) .NET, Hands on experience in .NET technologies with C# development experience (especially micro-services). Knowledge AWS Cloud + experience in SQS Implementation, development and support. Advantageous: AWS Cloud Watch, Splunk, Rabbit MQ Graphana monitoring experience + A+ Government/Public sector experience. SC Security Clearance preferred (must be fully eligible to undergo the SC security vetting process- lived and worked in the UK for 5 years minimum). Roles & Responsibility: Confident working to critical deadlines + experience of supporting and coordinating independently with multiple users in medium to large scale SLA based environments. Application Live Production applications on daily basis with Production Operations/Service team Production incidents using Service Management tools. Support application end users for queries as and when required. Support and Monitor applications as per the tools stacks used on the programme. As a part of the current (DevOps team) develop and test solutions for live incidents. Responsible for development and testing as per Agile DevOps approach, involves CI/CD process and tools management and implementation. Experience of support in managing data issues, reconciliation Responsible for continuous enhancements /fixes required for application performance and tuning at Front End & Back End- Database level when required with priority for production -live issues.
Application Support Analyst Permanent - London (Hybrid) - £45,000 - £55,000 - Benefits included Our client in the professional services industry are looking for an Application Support Analyst with experience working with Document and email management systems such as ITAPP and IManage. The right candidate will be you will be responsible for providing high level technical support for various applications and technologies used by the organization. You will be responsible for troubleshooting application issues as well as providing guidance and training to our team on the use of these technologies. Additionally, you will be responsible for managing a variety of applications and environments, ensuring that they are properly configured and maintained. Key requirements: iManage on premise and cloud Support and Administration SCCM and M365/Intune Support and Administration M365 administration and architecture - Intune, Exchange online, SharePoint online, Teams and Power App/BI Manage, Develop, Troubleshoot, Replace and Deploy software, images and security updates/solutions to Desktop and Mobile Devices Manage and apply desktop settings and Group policies using Ivanti Appsense/Microsoft GPO/Intune Settings Development, administration, and management of Microsoft 365. Including policy design, backups and reporting Web Filter solutions (Cisco Umbrella, ForcePoint (Websense) Palo Alto Firewalls (rules and policies) and Global Protect VPN client Knowledge of Legal and other Applications such as the following would be advantageous but not essential: CRM (InterAction) BigHand - Digital dictation and document creation Comparison Software (Litera, Microsoft 365) HighQ Time Recording solutions (Intapp, Carpe diem) Cost Recovery Solutions PaperCut or Uniflow Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
31/03/2023
Full time
Application Support Analyst Permanent - London (Hybrid) - £45,000 - £55,000 - Benefits included Our client in the professional services industry are looking for an Application Support Analyst with experience working with Document and email management systems such as ITAPP and IManage. The right candidate will be you will be responsible for providing high level technical support for various applications and technologies used by the organization. You will be responsible for troubleshooting application issues as well as providing guidance and training to our team on the use of these technologies. Additionally, you will be responsible for managing a variety of applications and environments, ensuring that they are properly configured and maintained. Key requirements: iManage on premise and cloud Support and Administration SCCM and M365/Intune Support and Administration M365 administration and architecture - Intune, Exchange online, SharePoint online, Teams and Power App/BI Manage, Develop, Troubleshoot, Replace and Deploy software, images and security updates/solutions to Desktop and Mobile Devices Manage and apply desktop settings and Group policies using Ivanti Appsense/Microsoft GPO/Intune Settings Development, administration, and management of Microsoft 365. Including policy design, backups and reporting Web Filter solutions (Cisco Umbrella, ForcePoint (Websense) Palo Alto Firewalls (rules and policies) and Global Protect VPN client Knowledge of Legal and other Applications such as the following would be advantageous but not essential: CRM (InterAction) BigHand - Digital dictation and document creation Comparison Software (Litera, Microsoft 365) HighQ Time Recording solutions (Intapp, Carpe diem) Cost Recovery Solutions PaperCut or Uniflow Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
M365 Cloud Application Analyst for Law Firm - Great Opportunity Example projects, the candidate will be working on Data labelling Date retention Microsoft products being launched and updated Password less logins Compliance and discovery Security Intune and autopilot - Great if you have this Skill sets needed: M365 services side Must have lead projects/processes Tenancy level configuration Conditional access Integrating with other 3rd parties Sensitivity labels Managing and administering tenancy Get involved in projects to offer tenancy Hands on- experience with lead role SME Clear communication vital - technical and non technical Support everything with Data - massive with their strategy going forward Progress updates with data - high level report Capture resources and explain to business Must be able to research and identify how it relates to Business - may not be guidance so needs initiatives Forming new process staff will not understand anything so needs to be able to articulate new processes to business etc How and when can improvements be brought in (automation) Relationship building quickly Once a week in office but can increase to 2 (Canary Wharf) Morning calls to Australia No on call but maybe overtime
31/03/2023
Full time
M365 Cloud Application Analyst for Law Firm - Great Opportunity Example projects, the candidate will be working on Data labelling Date retention Microsoft products being launched and updated Password less logins Compliance and discovery Security Intune and autopilot - Great if you have this Skill sets needed: M365 services side Must have lead projects/processes Tenancy level configuration Conditional access Integrating with other 3rd parties Sensitivity labels Managing and administering tenancy Get involved in projects to offer tenancy Hands on- experience with lead role SME Clear communication vital - technical and non technical Support everything with Data - massive with their strategy going forward Progress updates with data - high level report Capture resources and explain to business Must be able to research and identify how it relates to Business - may not be guidance so needs initiatives Forming new process staff will not understand anything so needs to be able to articulate new processes to business etc How and when can improvements be brought in (automation) Relationship building quickly Once a week in office but can increase to 2 (Canary Wharf) Morning calls to Australia No on call but maybe overtime
Opus Recruitment Solutions Ltd
Amsterdam, Noord-Holland
Senior Cloud Engineer | €85,000 - €95,000 | Remote - Amsterdam Are you keen to work for one of the first businesses of it's kind? Maybe you're interested in making a positive contribution to the environment with your work? I am currently supporting a market-leader in climate technology and solutions who are dedicated to helping climate change, moving forward. They are looking for a strong Senior Security Engineer to take the lead in the company's overall security posture, you will be responsible for driving the security strategy of the business forward. You will optimise the current infrastructure from a security perspective, contribute to engineering tooling, cloud landscape design and data security strategy. You will also lead the systems security, foster a security-first mindsest and support the overall aims of the business to secure a greener planet together. Key skills: 5+ years experience in security engineer/analyst role - ideally SaaS background. Hands-on experience applying security to cloud tecnologies - securing CD pipeline, secure Infrastructure as Code, container security. Azure Cloud Security Administration and Azure Security Centre experience. Certifications in AZ900, AZ500, SC900 would be beneficial. In return Salary up to and around €95,000 Flexible/remote working And more! Backed by Microsoft through their carbon neutral pledge, by joining this business you will have the opportunity to contribute to the next generation of improving the way carbon emissions are measured, reported and verified. If you'd be keen to hear more about where you can make an active difference in society get in touch with me, Charlotte Perry-Evans Senior Cloud Engineer | €85,000 - €95,000 | Remote - Amsterdam
31/03/2023
Full time
Senior Cloud Engineer | €85,000 - €95,000 | Remote - Amsterdam Are you keen to work for one of the first businesses of it's kind? Maybe you're interested in making a positive contribution to the environment with your work? I am currently supporting a market-leader in climate technology and solutions who are dedicated to helping climate change, moving forward. They are looking for a strong Senior Security Engineer to take the lead in the company's overall security posture, you will be responsible for driving the security strategy of the business forward. You will optimise the current infrastructure from a security perspective, contribute to engineering tooling, cloud landscape design and data security strategy. You will also lead the systems security, foster a security-first mindsest and support the overall aims of the business to secure a greener planet together. Key skills: 5+ years experience in security engineer/analyst role - ideally SaaS background. Hands-on experience applying security to cloud tecnologies - securing CD pipeline, secure Infrastructure as Code, container security. Azure Cloud Security Administration and Azure Security Centre experience. Certifications in AZ900, AZ500, SC900 would be beneficial. In return Salary up to and around €95,000 Flexible/remote working And more! Backed by Microsoft through their carbon neutral pledge, by joining this business you will have the opportunity to contribute to the next generation of improving the way carbon emissions are measured, reported and verified. If you'd be keen to hear more about where you can make an active difference in society get in touch with me, Charlotte Perry-Evans Senior Cloud Engineer | €85,000 - €95,000 | Remote - Amsterdam
Governance, Risk & Compliance Manager Start: ASAP Role: Perm Salary: £53,353.00 - £61,823.00 Other Benefits: Generous pension scheme 32 days Annual Leave + Bank Holidays Christmas shutdown Flexible Working Scheme (that is not hybrid working) Childcare services and childcare vouchers Subsidised gym membership (new facilities at Ravelin Sports Centre) Purpose of Job: Under the direction of the Head of Cyber Security, the Governance, Risk and Compliance Manager, leads the security assessment function, in accordance with internal controls compliance, regulatory and departmental policy and procedures. The Governance, Risk and Compliance Manager will develop and manage the risk management framework, control matrices, and all related dashboards, and will make recommendations for senior management consideration. This position is responsible for compliance with the internal controls, regulatory and information security policies and procedures. The role holder works closely with internal/external auditors, and regulatory agencies and will ensure that supporting documentation is available as applicable. The Governance, Risk, and Compliance Manager, line manages and develops the Governance, Risk, and Compliance Analyst within their team. Key Responsibilities: Support the Head of Cyber Security in developing and maintaining the Cyber Security Strategy, ensuring that it delivers against the strategic aims. Define and deliver an IT Governance, Risk and Compliance Framework. Align the framework with information technology with business objectives, while managing risk and meeting regulatory compliance requirements. Responsible for the management and successful implementation of Cyber Security Improvement Programme, policy work packages. Responsible for assessing and documenting of the compliance and risk posture. Lead on the communication and development of a cyber security culture across the institution, raising awareness and increasing the understanding of security through the application of policy and practice. Ensuring that this is articulated in a way. Responsible for the creation, maintenance and delivery of a cyber security awareness campaign and training for colleagues that is understandable to a non-technical audience. Line manage, support, challenge and develop the Cyber Security Governance & Compliance team members. Define and deliver clear and actionable reporting metrics and dashboards regarding cyber security governance and compliance activities. Develop a strategy for audits, compliance checks and external assessment processes for internal/external auditors. Be responsible for vulnerability and threat risk assessment and prioritisation. Attend and actively participate in the IS Security Monthly Review. Own the risk log and produce a monthly security report. Build and maintain a strong working relationship with vendors and partners. Be responsible for ensuring that stakeholders understand and establish acceptable levels of risk, and recommend activities that will proactively reduce the potential for incidents. To manage budgets associated with governance, risk and compliance activities and ensure ongoing costs are captured in recurrent budgets. Provide project and operational budget reports as required. Support and advise on cyber security requirements for the development and delivery of new IT services. Make recommendations regarding the effectiveness of the security controls for the IT systems and services. Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure cyber security and compliance with relevant legislation and legal requirements. Must Haves: - Risk Management Experience Ability to interact with Product Teams Ability to do Light weight Audits Up to date knowledge of IS27001 Audited experience Excellent communication skills Ability to undertake verbal updates, reports and meetings Excellent Stakeholder management Be a self-starter with hands on experience Management experience highly desired but not essential Certes Computing (and all of its subsidiary companies) is committed to promoting equality and diversity in its business operations.
31/03/2023
Full time
Governance, Risk & Compliance Manager Start: ASAP Role: Perm Salary: £53,353.00 - £61,823.00 Other Benefits: Generous pension scheme 32 days Annual Leave + Bank Holidays Christmas shutdown Flexible Working Scheme (that is not hybrid working) Childcare services and childcare vouchers Subsidised gym membership (new facilities at Ravelin Sports Centre) Purpose of Job: Under the direction of the Head of Cyber Security, the Governance, Risk and Compliance Manager, leads the security assessment function, in accordance with internal controls compliance, regulatory and departmental policy and procedures. The Governance, Risk and Compliance Manager will develop and manage the risk management framework, control matrices, and all related dashboards, and will make recommendations for senior management consideration. This position is responsible for compliance with the internal controls, regulatory and information security policies and procedures. The role holder works closely with internal/external auditors, and regulatory agencies and will ensure that supporting documentation is available as applicable. The Governance, Risk, and Compliance Manager, line manages and develops the Governance, Risk, and Compliance Analyst within their team. Key Responsibilities: Support the Head of Cyber Security in developing and maintaining the Cyber Security Strategy, ensuring that it delivers against the strategic aims. Define and deliver an IT Governance, Risk and Compliance Framework. Align the framework with information technology with business objectives, while managing risk and meeting regulatory compliance requirements. Responsible for the management and successful implementation of Cyber Security Improvement Programme, policy work packages. Responsible for assessing and documenting of the compliance and risk posture. Lead on the communication and development of a cyber security culture across the institution, raising awareness and increasing the understanding of security through the application of policy and practice. Ensuring that this is articulated in a way. Responsible for the creation, maintenance and delivery of a cyber security awareness campaign and training for colleagues that is understandable to a non-technical audience. Line manage, support, challenge and develop the Cyber Security Governance & Compliance team members. Define and deliver clear and actionable reporting metrics and dashboards regarding cyber security governance and compliance activities. Develop a strategy for audits, compliance checks and external assessment processes for internal/external auditors. Be responsible for vulnerability and threat risk assessment and prioritisation. Attend and actively participate in the IS Security Monthly Review. Own the risk log and produce a monthly security report. Build and maintain a strong working relationship with vendors and partners. Be responsible for ensuring that stakeholders understand and establish acceptable levels of risk, and recommend activities that will proactively reduce the potential for incidents. To manage budgets associated with governance, risk and compliance activities and ensure ongoing costs are captured in recurrent budgets. Provide project and operational budget reports as required. Support and advise on cyber security requirements for the development and delivery of new IT services. Make recommendations regarding the effectiveness of the security controls for the IT systems and services. Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure cyber security and compliance with relevant legislation and legal requirements. Must Haves: - Risk Management Experience Ability to interact with Product Teams Ability to do Light weight Audits Up to date knowledge of IS27001 Audited experience Excellent communication skills Ability to undertake verbal updates, reports and meetings Excellent Stakeholder management Be a self-starter with hands on experience Management experience highly desired but not essential Certes Computing (and all of its subsidiary companies) is committed to promoting equality and diversity in its business operations.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* Prestigious Enterprise Company is currently seeking a Business Continuity Disaster Recovery Analyst. Candidate will assess processes to identify gaps in business processes and controls and assist in the design and documentation of processes to address the gaps in order to drive compliance in alignment with the program objectives. Additional responsibilities include design, implementation, and facilitation of BCM metrics. Responsibilities: Works with business teams across the global organization to execute the ES Business Continuity Management program framework, extending processes as necessary to help business partners identify confidentiality, availability and integrity risk and manage mitigation to an acceptable level. Determines and evaluates the current state of Business Continuity (BC) and Disaster Recovery (DR) planning within assigned departments and helps facilitate the improvement and maintenance of each of those plans, considering best practices, industry standards and critical areas of focus . Implements and maintains the Business Continuity Automated Notification system. Leads the Business Impact Analysis execution and maintenance. Provides coaching, training, and problem-solving assistance to other analysts. Leads testing and training exercises for all entities as defined by Executive Leadership. Maintain and improve BC/DR document repository. Identify changes required to improve BC/DR plans and validate those plan changes with live tests and tabletop exercises with various areas of the global business. Conducts BC/DR Plan reviews to ensure necessary documentation is kept up to date. Conducts testing and validation of these plans and work with teams to ensure they are viable and meet Internal Audit and regulatory compliance obligations. Executes development, documentation, and training of team members on an Automated Notification System. Identifies maturity options for DR roadmap in coordination with other analysts and BCM Manager. Executes project management for DR exercises. Develop and maintain BC/DR training programs for all departments and locations. BC/DR support for the key locations. Conduct periodic call notification tests with all departments, including C-level executives. Work to maintain BC Intranet website and other communications channels and repositories. Provides inputs to global business continuity management processes in developing controls needed for the mitigation of risks for business processes which are not compliant with information security and risk frameworks Collaboratively works to influence and socialize strategies, standards, policies, procedures, communications, and governance. Coordinates deployment and measurement of security awareness efforts across global business units Aligns individual goals to team goals with OKRs Serves as subject matter expert in providing advice to global business units regarding compliance with applicable frameworks including ISO 22301, 27001, NIST Cybersecurity Framework (CSF), Cloud Controls Matrix (CCM) and standards including the Payment Card Industry Data Security Standard (PCI DSS) as well as other frameworks and standards as required. Preferred Education & Experience: 6 + years industry experience College degree or equivalent with emphasis on Computer Science courses Candidate should have great inter-personal skills and be a self-starter Good verbal and written communication, facilitation, and interpersonal skills Proficient in Microsoft products (Word, Excel, PowerPoint, MS Project, etc.) Skilled in project management Certified Business Continuity Professional (CBCP) preferred Experience working with ISO 22301, 27001, ISO 27005 (or similar) security framework, NIST RMF standards in operational IT environment preferred Operational experience in applying risk frameworks to technologies (including cloud, containers) and continuous processes (including DevOps and Agile software deployment) helpful Must be able to work in a collaborative team environment
31/03/2023
Full time
*We are unable to sponsor for this permanent Full time role* Prestigious Enterprise Company is currently seeking a Business Continuity Disaster Recovery Analyst. Candidate will assess processes to identify gaps in business processes and controls and assist in the design and documentation of processes to address the gaps in order to drive compliance in alignment with the program objectives. Additional responsibilities include design, implementation, and facilitation of BCM metrics. Responsibilities: Works with business teams across the global organization to execute the ES Business Continuity Management program framework, extending processes as necessary to help business partners identify confidentiality, availability and integrity risk and manage mitigation to an acceptable level. Determines and evaluates the current state of Business Continuity (BC) and Disaster Recovery (DR) planning within assigned departments and helps facilitate the improvement and maintenance of each of those plans, considering best practices, industry standards and critical areas of focus . Implements and maintains the Business Continuity Automated Notification system. Leads the Business Impact Analysis execution and maintenance. Provides coaching, training, and problem-solving assistance to other analysts. Leads testing and training exercises for all entities as defined by Executive Leadership. Maintain and improve BC/DR document repository. Identify changes required to improve BC/DR plans and validate those plan changes with live tests and tabletop exercises with various areas of the global business. Conducts BC/DR Plan reviews to ensure necessary documentation is kept up to date. Conducts testing and validation of these plans and work with teams to ensure they are viable and meet Internal Audit and regulatory compliance obligations. Executes development, documentation, and training of team members on an Automated Notification System. Identifies maturity options for DR roadmap in coordination with other analysts and BCM Manager. Executes project management for DR exercises. Develop and maintain BC/DR training programs for all departments and locations. BC/DR support for the key locations. Conduct periodic call notification tests with all departments, including C-level executives. Work to maintain BC Intranet website and other communications channels and repositories. Provides inputs to global business continuity management processes in developing controls needed for the mitigation of risks for business processes which are not compliant with information security and risk frameworks Collaboratively works to influence and socialize strategies, standards, policies, procedures, communications, and governance. Coordinates deployment and measurement of security awareness efforts across global business units Aligns individual goals to team goals with OKRs Serves as subject matter expert in providing advice to global business units regarding compliance with applicable frameworks including ISO 22301, 27001, NIST Cybersecurity Framework (CSF), Cloud Controls Matrix (CCM) and standards including the Payment Card Industry Data Security Standard (PCI DSS) as well as other frameworks and standards as required. Preferred Education & Experience: 6 + years industry experience College degree or equivalent with emphasis on Computer Science courses Candidate should have great inter-personal skills and be a self-starter Good verbal and written communication, facilitation, and interpersonal skills Proficient in Microsoft products (Word, Excel, PowerPoint, MS Project, etc.) Skilled in project management Certified Business Continuity Professional (CBCP) preferred Experience working with ISO 22301, 27001, ISO 27005 (or similar) security framework, NIST RMF standards in operational IT environment preferred Operational experience in applying risk frameworks to technologies (including cloud, containers) and continuous processes (including DevOps and Agile software deployment) helpful Must be able to work in a collaborative team environment
Request Technology - Craig Johnson
Lake Forest, Illinois
*We are unable to sponsor for this permanent Full time role* Prestigious Enterprise Company is currently seeking a Business Continuity Disaster Recovery Analyst. Candidate will assess processes to identify gaps in business processes and controls and assist in the design and documentation of processes to address the gaps in order to drive compliance in alignment with the program objectives. Additional responsibilities include design, implementation, and facilitation of BCM metrics. Responsibilities: Works with business teams across the global organization to execute the ES Business Continuity Management program framework, extending processes as necessary to help business partners identify confidentiality, availability and integrity risk and manage mitigation to an acceptable level. Determines and evaluates the current state of Business Continuity (BC) and Disaster Recovery (DR) planning within assigned departments and helps facilitate the improvement and maintenance of each of those plans, considering best practices, industry standards and critical areas of focus . Implements and maintains the Business Continuity Automated Notification system. Leads the Business Impact Analysis execution and maintenance. Provides coaching, training, and problem-solving assistance to other analysts. Leads testing and training exercises for all entities as defined by Executive Leadership. Maintain and improve BC/DR document repository. Identify changes required to improve BC/DR plans and validate those plan changes with live tests and tabletop exercises with various areas of the global business. Conducts BC/DR Plan reviews to ensure necessary documentation is kept up to date. Conducts testing and validation of these plans and work with teams to ensure they are viable and meet Internal Audit and regulatory compliance obligations. Executes development, documentation, and training of team members on an Automated Notification System. Identifies maturity options for DR roadmap in coordination with other analysts and BCM Manager. Executes project management for DR exercises. Develop and maintain BC/DR training programs for all departments and locations. BC/DR support for the key locations. Conduct periodic call notification tests with all departments, including C-level executives. Work to maintain BC Intranet website and other communications channels and repositories. Provides inputs to global business continuity management processes in developing controls needed for the mitigation of risks for business processes which are not compliant with information security and risk frameworks Collaboratively works to influence and socialize strategies, standards, policies, procedures, communications, and governance. Coordinates deployment and measurement of security awareness efforts across global business units Aligns individual goals to team goals with OKRs Serves as subject matter expert in providing advice to global business units regarding compliance with applicable frameworks including ISO 22301, 27001, NIST Cybersecurity Framework (CSF), Cloud Controls Matrix (CCM) and standards including the Payment Card Industry Data Security Standard (PCI DSS) as well as other frameworks and standards as required. Preferred Education & Experience: 6 + years industry experience College degree or equivalent with emphasis on Computer Science courses Candidate should have great inter-personal skills and be a self-starter Good verbal and written communication, facilitation, and interpersonal skills Proficient in Microsoft products (Word, Excel, PowerPoint, MS Project, etc.) Skilled in project management Certified Business Continuity Professional (CBCP) preferred Experience working with ISO 22301, 27001, ISO 27005 (or similar) security framework, NIST RMF standards in operational IT environment preferred Operational experience in applying risk frameworks to technologies (including cloud, containers) and continuous processes (including DevOps and Agile software deployment) helpful Must be able to work in a collaborative team environment
31/03/2023
Full time
*We are unable to sponsor for this permanent Full time role* Prestigious Enterprise Company is currently seeking a Business Continuity Disaster Recovery Analyst. Candidate will assess processes to identify gaps in business processes and controls and assist in the design and documentation of processes to address the gaps in order to drive compliance in alignment with the program objectives. Additional responsibilities include design, implementation, and facilitation of BCM metrics. Responsibilities: Works with business teams across the global organization to execute the ES Business Continuity Management program framework, extending processes as necessary to help business partners identify confidentiality, availability and integrity risk and manage mitigation to an acceptable level. Determines and evaluates the current state of Business Continuity (BC) and Disaster Recovery (DR) planning within assigned departments and helps facilitate the improvement and maintenance of each of those plans, considering best practices, industry standards and critical areas of focus . Implements and maintains the Business Continuity Automated Notification system. Leads the Business Impact Analysis execution and maintenance. Provides coaching, training, and problem-solving assistance to other analysts. Leads testing and training exercises for all entities as defined by Executive Leadership. Maintain and improve BC/DR document repository. Identify changes required to improve BC/DR plans and validate those plan changes with live tests and tabletop exercises with various areas of the global business. Conducts BC/DR Plan reviews to ensure necessary documentation is kept up to date. Conducts testing and validation of these plans and work with teams to ensure they are viable and meet Internal Audit and regulatory compliance obligations. Executes development, documentation, and training of team members on an Automated Notification System. Identifies maturity options for DR roadmap in coordination with other analysts and BCM Manager. Executes project management for DR exercises. Develop and maintain BC/DR training programs for all departments and locations. BC/DR support for the key locations. Conduct periodic call notification tests with all departments, including C-level executives. Work to maintain BC Intranet website and other communications channels and repositories. Provides inputs to global business continuity management processes in developing controls needed for the mitigation of risks for business processes which are not compliant with information security and risk frameworks Collaboratively works to influence and socialize strategies, standards, policies, procedures, communications, and governance. Coordinates deployment and measurement of security awareness efforts across global business units Aligns individual goals to team goals with OKRs Serves as subject matter expert in providing advice to global business units regarding compliance with applicable frameworks including ISO 22301, 27001, NIST Cybersecurity Framework (CSF), Cloud Controls Matrix (CCM) and standards including the Payment Card Industry Data Security Standard (PCI DSS) as well as other frameworks and standards as required. Preferred Education & Experience: 6 + years industry experience College degree or equivalent with emphasis on Computer Science courses Candidate should have great inter-personal skills and be a self-starter Good verbal and written communication, facilitation, and interpersonal skills Proficient in Microsoft products (Word, Excel, PowerPoint, MS Project, etc.) Skilled in project management Certified Business Continuity Professional (CBCP) preferred Experience working with ISO 22301, 27001, ISO 27005 (or similar) security framework, NIST RMF standards in operational IT environment preferred Operational experience in applying risk frameworks to technologies (including cloud, containers) and continuous processes (including DevOps and Agile software deployment) helpful Must be able to work in a collaborative team environment
NO SPONSORSHIP Business Continuity & Disaster Recovery Analyst SALARY: $125k - $135K LOCATION: Lake Forest, IL/Chicago, IL Looking for a candidate with Disaster Recovery and business continuity crisis management. You will do risk analysis. IT enterprise risk DR planning ISO NIST Cloud Controls Matrix CCM PCI DSS DevOps Agile software development. Additional responsibilities include design, implementation, and facilitation of BCM metrics. Principal Duties & Responsibilities: Implements and maintains the Business Continuity Automated Notification system. Leads the Business Impact Analysis execution and maintenance. Provides coaching, training, and problem-solving assistance to other analysts. Leads testing and training exercises for all Grainger entities as defined by Executive Leadership. Maintain and improve BC/DR document repository. Identify changes required to improve BC/DR plans and validate those plan changes with live tests and tabletop exercises with various areas of the global business. Conducts BC/DR Plan reviews Conducts testing and validation of these plans and work with teams to ensure they are viable and meet Internal Audit and regulatory compliance obligations. Executes development, documentation, and training of team members on an Automated Notification System. Identifies maturity options for DR roadmap in coordination with other analysts and BCM Manager. Executes project management for DR exercises. Develop and maintain BC/DR training programs BC/DR support Conduct periodic call notification tests with all departments, including C-level executives. Work to maintain BC Intranet website and other communications channels and repositories. Provides inputs to global business continuity management processes in developing controls needed for the mitigation of risks for business processes which are not compliant with information security and risk frameworks Collaboratively works to influence and socialize strategies, standards, policies, procedures, communications, and governance. Coordinates deployment and measurement of security awareness efforts across Grainger global business units Aligns individual goals to team goals with OKRs Serves as subject matter expert in providing advice to global business units regarding compliance with applicable frameworks including ISO 22301, 27001, NIST Cybersecurity Framework (CSF), Cloud Controls Matrix (CCM) and standards including the Payment Card Industry Data Security Standard (PCI DSS) as well as other frameworks and standards as required. Preferred Education & Experience: 6 - 15 years industry experience College degree or equivalent with emphasis on Computer Science courses Candidate should have great inter-personal skills and be a self-starter Good verbal and written communication, facilitation, and interpersonal skills Proficient in Microsoft products (Word, Excel, PowerPoint, MS Project, etc.) Skilled in project management Certified Business Continuity Professional (CBCP) preferred Experience working with ISO 22301, 27001, ISO 27005 (or similar) security framework, NIST RMF standards in operational IT environment preferred Operational experience in applying risk frameworks to technologies (including cloud, containers) and continuous processes (including DevOps and Agile software deployment) helpful
31/03/2023
Full time
NO SPONSORSHIP Business Continuity & Disaster Recovery Analyst SALARY: $125k - $135K LOCATION: Lake Forest, IL/Chicago, IL Looking for a candidate with Disaster Recovery and business continuity crisis management. You will do risk analysis. IT enterprise risk DR planning ISO NIST Cloud Controls Matrix CCM PCI DSS DevOps Agile software development. Additional responsibilities include design, implementation, and facilitation of BCM metrics. Principal Duties & Responsibilities: Implements and maintains the Business Continuity Automated Notification system. Leads the Business Impact Analysis execution and maintenance. Provides coaching, training, and problem-solving assistance to other analysts. Leads testing and training exercises for all Grainger entities as defined by Executive Leadership. Maintain and improve BC/DR document repository. Identify changes required to improve BC/DR plans and validate those plan changes with live tests and tabletop exercises with various areas of the global business. Conducts BC/DR Plan reviews Conducts testing and validation of these plans and work with teams to ensure they are viable and meet Internal Audit and regulatory compliance obligations. Executes development, documentation, and training of team members on an Automated Notification System. Identifies maturity options for DR roadmap in coordination with other analysts and BCM Manager. Executes project management for DR exercises. Develop and maintain BC/DR training programs BC/DR support Conduct periodic call notification tests with all departments, including C-level executives. Work to maintain BC Intranet website and other communications channels and repositories. Provides inputs to global business continuity management processes in developing controls needed for the mitigation of risks for business processes which are not compliant with information security and risk frameworks Collaboratively works to influence and socialize strategies, standards, policies, procedures, communications, and governance. Coordinates deployment and measurement of security awareness efforts across Grainger global business units Aligns individual goals to team goals with OKRs Serves as subject matter expert in providing advice to global business units regarding compliance with applicable frameworks including ISO 22301, 27001, NIST Cybersecurity Framework (CSF), Cloud Controls Matrix (CCM) and standards including the Payment Card Industry Data Security Standard (PCI DSS) as well as other frameworks and standards as required. Preferred Education & Experience: 6 - 15 years industry experience College degree or equivalent with emphasis on Computer Science courses Candidate should have great inter-personal skills and be a self-starter Good verbal and written communication, facilitation, and interpersonal skills Proficient in Microsoft products (Word, Excel, PowerPoint, MS Project, etc.) Skilled in project management Certified Business Continuity Professional (CBCP) preferred Experience working with ISO 22301, 27001, ISO 27005 (or similar) security framework, NIST RMF standards in operational IT environment preferred Operational experience in applying risk frameworks to technologies (including cloud, containers) and continuous processes (including DevOps and Agile software deployment) helpful