*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for a Senior Associate, Internal Audit IT & Security. This internal auditor will need 2+ years of experience conducting risk-based information technology and security audits. This is a highly regulated financial environment, and these audits will follow AICPA, IIA, IPPF, COBIT, NIST, and CSF standards/frameworks. Responsibilities: Support the team on delivery of assigned audits within the annual audit plan. Support the team confirming a professional auditee experience. Owning the audit quality, accuracy of results, and delivery in a timely manner. Proactively identify regulatory, operational, and/or strategic risks to the organization and bring them to your engagement team. Evaluate exceptions or inefficient practices for root causes and propose advice and recommendations for achievable solutions. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, change management, security), engagement and alignment of change initiatives to business objectives. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Ability to understand professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and control. Keeping current on best practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Qualifications Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. 2+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent. Consulting and/or accounting firm experience. Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software
04/07/2025
Full time
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for a Senior Associate, Internal Audit IT & Security. This internal auditor will need 2+ years of experience conducting risk-based information technology and security audits. This is a highly regulated financial environment, and these audits will follow AICPA, IIA, IPPF, COBIT, NIST, and CSF standards/frameworks. Responsibilities: Support the team on delivery of assigned audits within the annual audit plan. Support the team confirming a professional auditee experience. Owning the audit quality, accuracy of results, and delivery in a timely manner. Proactively identify regulatory, operational, and/or strategic risks to the organization and bring them to your engagement team. Evaluate exceptions or inefficient practices for root causes and propose advice and recommendations for achievable solutions. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, change management, security), engagement and alignment of change initiatives to business objectives. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Ability to understand professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and control. Keeping current on best practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Qualifications Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. 2+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent. Consulting and/or accounting firm experience. Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software
Senior Cyber Security Engineer - Reading - Perm £55,000 - £65,000 Hybrid 2 days per week on site As our client's Cyber Security business continues to grow, they are now looking for an experienced and dynamic Senior Cyber Security Engineer to join our vibrant office with hybrid working. Senior Cyber Security Engineer - Responsibility: Carry out daily security engineering/operation tasks under an ITIL framework Develop an understanding of the threats, risks, vulnerabilities and evolving attack vectors facing the business. Using strong technical knowledge, continuously analyse and make recommendations to implement effective security controls, system hardening and security improvement projects with a particular focus in application/web hosting security. Assist in the management of patching, vulnerability analysis and penetration testing to ensure recommendations are risk assessed and implemented in a timely manner Senior Cyber Security Engineer - Skills: Experience in Security Engineering, Network Security, and/or working in a Security Operations Centre (SOC). Hands-on knowledge of security tools and technologies, including Web Application Firewalls, SASE, access control, SIEM, antivirus, email/web security gateways, Firewalls, load balancers, ACLs, and network protocols (TCP/IP, routing, switching). Strong grasp of security infrastructure design, IT security best practices, and system hardening. Solid understanding of IT systems and protocols such as networks, domain management, and virtualized environments. Holds or is working towards certifications like CISSP, SANS GCIA, CompTIA Security+, CCNA/CCNP, or similar. Knowledge of ISO27001, Cyber Essentials, and AAF frameworks is a plus. Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
04/07/2025
Full time
Senior Cyber Security Engineer - Reading - Perm £55,000 - £65,000 Hybrid 2 days per week on site As our client's Cyber Security business continues to grow, they are now looking for an experienced and dynamic Senior Cyber Security Engineer to join our vibrant office with hybrid working. Senior Cyber Security Engineer - Responsibility: Carry out daily security engineering/operation tasks under an ITIL framework Develop an understanding of the threats, risks, vulnerabilities and evolving attack vectors facing the business. Using strong technical knowledge, continuously analyse and make recommendations to implement effective security controls, system hardening and security improvement projects with a particular focus in application/web hosting security. Assist in the management of patching, vulnerability analysis and penetration testing to ensure recommendations are risk assessed and implemented in a timely manner Senior Cyber Security Engineer - Skills: Experience in Security Engineering, Network Security, and/or working in a Security Operations Centre (SOC). Hands-on knowledge of security tools and technologies, including Web Application Firewalls, SASE, access control, SIEM, antivirus, email/web security gateways, Firewalls, load balancers, ACLs, and network protocols (TCP/IP, routing, switching). Strong grasp of security infrastructure design, IT security best practices, and system hardening. Solid understanding of IT systems and protocols such as networks, domain management, and virtualized environments. Holds or is working towards certifications like CISSP, SANS GCIA, CompTIA Security+, CCNA/CCNP, or similar. Knowledge of ISO27001, Cyber Essentials, and AAF frameworks is a plus. Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
Manager, Vulnerability Management Salary: Open + Bonus Location: Remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 8+ years of related experience At least 1 year of management experience Proven experience managing enterprise-scale vulnerability management programs and tools Deep understanding of risk-based vulnerability management. Knowledge of vulnerability scoring systems (CVSS), security benchmarks (CIS, NIST), and risk quantification techniques Proficiency in selecting, implementing, and managing vulnerability scanning tools (eg, SAST, SCA, IAST, DAST, Network/Infrastructure, Cloud, etc.) across the technology stack Experience designing and implementing automation for vulnerability management processes using generative AI, agent-based systems, large language models (LLMs), or machine learning to improve efficiency, effectiveness, and scalability Responsibilities Leads, coaches, and develops a team of engineers responsible for vulnerability discovery, assessment, risk-based prioritization, and remediation tracking across cloud, on-premises, and hybrid environments Envisions, defines, designs, builds, staffs, and delivers vulnerability management processes and capabilities Leads and supports the planning and execution of team goals and projects, including setting long-term strategy and making decisions about tools, technology, and staffing needs Partners closely with stakeholders across technology, including architecture, engineering, infrastructure, application development, and cyber risk management teams to facilitate vulnerability communications, support remediation activities, and provide continuous reporting. Collaborates with enterprise risk, compliance, and threat intelligence teams to ensure vulnerability management aligns with the organization's overall risk management strategy. Ensures all project deliverables meet high standards for accuracy, completeness, and impact, and are delivered on time to support team and organizational objectives Represents the vulnerability management program to senior leadership, delivering concise, risk-informed insights and recommendations
03/07/2025
Full time
Manager, Vulnerability Management Salary: Open + Bonus Location: Remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 8+ years of related experience At least 1 year of management experience Proven experience managing enterprise-scale vulnerability management programs and tools Deep understanding of risk-based vulnerability management. Knowledge of vulnerability scoring systems (CVSS), security benchmarks (CIS, NIST), and risk quantification techniques Proficiency in selecting, implementing, and managing vulnerability scanning tools (eg, SAST, SCA, IAST, DAST, Network/Infrastructure, Cloud, etc.) across the technology stack Experience designing and implementing automation for vulnerability management processes using generative AI, agent-based systems, large language models (LLMs), or machine learning to improve efficiency, effectiveness, and scalability Responsibilities Leads, coaches, and develops a team of engineers responsible for vulnerability discovery, assessment, risk-based prioritization, and remediation tracking across cloud, on-premises, and hybrid environments Envisions, defines, designs, builds, staffs, and delivers vulnerability management processes and capabilities Leads and supports the planning and execution of team goals and projects, including setting long-term strategy and making decisions about tools, technology, and staffing needs Partners closely with stakeholders across technology, including architecture, engineering, infrastructure, application development, and cyber risk management teams to facilitate vulnerability communications, support remediation activities, and provide continuous reporting. Collaborates with enterprise risk, compliance, and threat intelligence teams to ensure vulnerability management aligns with the organization's overall risk management strategy. Ensures all project deliverables meet high standards for accuracy, completeness, and impact, and are delivered on time to support team and organizational objectives Represents the vulnerability management program to senior leadership, delivering concise, risk-informed insights and recommendations
Request Technology - Craig Johnson
Oakland, California
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Enterprise Company is currently seeking a Manager of Cyber Security Risk and Vulnerabilities. Candidate will be responsible for developing and leading a high-performing team focused on vulnerability management, including vulnerability discovery, risk-based prioritization, and enterprise remediation coordination. This role oversees the design, delivery, and continuous improvement of services that reduce technology risk through scalable vulnerability identification and tracking processes, platform ownership, and stakeholder collaboration. The successful candidate will build strong relationships with key enterprise partners - including architecture, engineering, infrastructure, and application teams - to ensure vulnerabilities are understood, prioritized appropriately, and addressed in alignment with business risk tolerance. Through technical expertise and operational leadership, the manager will advance the maturity of the organization's vulnerability management program and its integration with broader cyber risk functions. The ideal candidate will balance strong technical fluency with people leadership, operational execution, and the ability to inspire a high-performing team in a dynamic cybersecurity landscape. Responsibilities: Leads, coaches, and develops a team of engineers responsible for vulnerability discovery, assessment, risk-based prioritization, and remediation tracking across cloud, on-premises, and hybrid environments Envisions, defines, designs, builds, staffs, and delivers vulnerability management processes and capabilities Leads and supports the planning and execution of team goals and projects, including setting long-term strategy and making decisions about tools, technology, and staffing needs Partners closely with stakeholders across technology, including architecture, engineering, infrastructure, application development, and cyber risk management teams to facilitate vulnerability communications, support remediation activities, and provide continuous reporting. Collaborates with enterprise risk, compliance, and threat intelligence teams to ensure vulnerability management aligns with the organization's overall risk management strategy. Ensures all project deliverables meet high standards for accuracy, completeness, and impact, and are delivered on time to support team and organizational objectives Represents the vulnerability management program to senior leadership, delivering concise, risk-informed insights and recommendations Manages program metrics, reporting, and performance indicators to demonstrate business value, operational maturity, and continuous improvement Supports the organization's processes/methodologies, structure, culture, skills/experience, process support tools, knowledge resources, and other components Contributes to team culture by modelling integrity, inclusivity, accountability, and collaboration This list is not all-inclusive and you are expected to perform other duties as requested or assigned Qualifications: 8+ experience years with a Bachelor's degree; strong hands-on Supervisory/Management experience Industry certifications such as CISSP, GSEC, OSCP, or comparable security-related credentials are strongly preferred Proven experience managing enterprise-scale vulnerability management programs and tools Proven expertise in developing, mentoring, and retaining high-performing teams while fostering a mindful, inclusive, and trust-based team culture Strong ability to build trust, partnerships, and mutual support across many diverse teams Excellent communication and presentation skills, with the ability to convey technical concepts to diverse audiences and a strong emphasis on listening and understanding stakeholder needs Proven record of complex and creative problem-solving, and the desire to build, influence, and improve systems, programs, and processes Demonstrated background in strategic planning, service/program development, capability assessment, and building strong narratives to drive decision-making and create change Ability to understand how individual and team efforts align with broader organizational objectives, and to make decisions with enterprise-wide impact in mind Strong commitment to craftsmanship, with a focus on quality, accuracy, and clarity of work Technical & Domain Expertise: Deep understanding of risk-based vulnerability management. Knowledge of vulnerability scoring systems (CVSS), security benchmarks (CIS, NIST), and risk quantification techniques Proficiency in selecting, implementing, and managing vulnerability scanning tools (eg, SAST, SCA, IAST, DAST, Network/Infrastructure, Cloud, etc.) across the technology stack Experience designing and implementing automation for vulnerability management processes using generative AI, agent-based systems, large language models (LLMs), or machine learning to improve efficiency, effectiveness, and scalability Skilled in analysing business and technical requirements and translating them into effective solutions, technical plans, roadmaps, budgets, and proposals that support cyber program growth and align with cyber and organizational goals Commitment to continuous learning with the ability to research and enhance technical and domain-specific knowledge to support rapidly changing environments Skilled in coordinating multiple concurrent projects with a clear understanding of the project life cycle, prioritization frameworks, and delivery expectations
02/07/2025
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Enterprise Company is currently seeking a Manager of Cyber Security Risk and Vulnerabilities. Candidate will be responsible for developing and leading a high-performing team focused on vulnerability management, including vulnerability discovery, risk-based prioritization, and enterprise remediation coordination. This role oversees the design, delivery, and continuous improvement of services that reduce technology risk through scalable vulnerability identification and tracking processes, platform ownership, and stakeholder collaboration. The successful candidate will build strong relationships with key enterprise partners - including architecture, engineering, infrastructure, and application teams - to ensure vulnerabilities are understood, prioritized appropriately, and addressed in alignment with business risk tolerance. Through technical expertise and operational leadership, the manager will advance the maturity of the organization's vulnerability management program and its integration with broader cyber risk functions. The ideal candidate will balance strong technical fluency with people leadership, operational execution, and the ability to inspire a high-performing team in a dynamic cybersecurity landscape. Responsibilities: Leads, coaches, and develops a team of engineers responsible for vulnerability discovery, assessment, risk-based prioritization, and remediation tracking across cloud, on-premises, and hybrid environments Envisions, defines, designs, builds, staffs, and delivers vulnerability management processes and capabilities Leads and supports the planning and execution of team goals and projects, including setting long-term strategy and making decisions about tools, technology, and staffing needs Partners closely with stakeholders across technology, including architecture, engineering, infrastructure, application development, and cyber risk management teams to facilitate vulnerability communications, support remediation activities, and provide continuous reporting. Collaborates with enterprise risk, compliance, and threat intelligence teams to ensure vulnerability management aligns with the organization's overall risk management strategy. Ensures all project deliverables meet high standards for accuracy, completeness, and impact, and are delivered on time to support team and organizational objectives Represents the vulnerability management program to senior leadership, delivering concise, risk-informed insights and recommendations Manages program metrics, reporting, and performance indicators to demonstrate business value, operational maturity, and continuous improvement Supports the organization's processes/methodologies, structure, culture, skills/experience, process support tools, knowledge resources, and other components Contributes to team culture by modelling integrity, inclusivity, accountability, and collaboration This list is not all-inclusive and you are expected to perform other duties as requested or assigned Qualifications: 8+ experience years with a Bachelor's degree; strong hands-on Supervisory/Management experience Industry certifications such as CISSP, GSEC, OSCP, or comparable security-related credentials are strongly preferred Proven experience managing enterprise-scale vulnerability management programs and tools Proven expertise in developing, mentoring, and retaining high-performing teams while fostering a mindful, inclusive, and trust-based team culture Strong ability to build trust, partnerships, and mutual support across many diverse teams Excellent communication and presentation skills, with the ability to convey technical concepts to diverse audiences and a strong emphasis on listening and understanding stakeholder needs Proven record of complex and creative problem-solving, and the desire to build, influence, and improve systems, programs, and processes Demonstrated background in strategic planning, service/program development, capability assessment, and building strong narratives to drive decision-making and create change Ability to understand how individual and team efforts align with broader organizational objectives, and to make decisions with enterprise-wide impact in mind Strong commitment to craftsmanship, with a focus on quality, accuracy, and clarity of work Technical & Domain Expertise: Deep understanding of risk-based vulnerability management. Knowledge of vulnerability scoring systems (CVSS), security benchmarks (CIS, NIST), and risk quantification techniques Proficiency in selecting, implementing, and managing vulnerability scanning tools (eg, SAST, SCA, IAST, DAST, Network/Infrastructure, Cloud, etc.) across the technology stack Experience designing and implementing automation for vulnerability management processes using generative AI, agent-based systems, large language models (LLMs), or machine learning to improve efficiency, effectiveness, and scalability Skilled in analysing business and technical requirements and translating them into effective solutions, technical plans, roadmaps, budgets, and proposals that support cyber program growth and align with cyber and organizational goals Commitment to continuous learning with the ability to research and enhance technical and domain-specific knowledge to support rapidly changing environments Skilled in coordinating multiple concurrent projects with a clear understanding of the project life cycle, prioritization frameworks, and delivery expectations
*Remote But not allowed in the following States: Alaska, North Dakota, Nebraska, Hawaii, Oklahoma, Vermont, Maine, West Virginia, Wyoming, New Hampshire, Puerto Rico.* A prestigious company is looking for a Manager, Cyber Risk Vulnerability. This manager will lead a team with focus on vulnerability management and discovery, risk based prioritization, cloud/on-prem vulnerability, CVSS, Vulnerability scanning, Automation, etc. Responsibilities: Leads, coaches, and develops a team of engineers responsible for vulnerability discovery, assessment, risk-based prioritization, and remediation tracking across cloud, on-premises, and hybrid environments Envisions, defines, designs, builds, staffs, and delivers vulnerability management processes and capabilities Leads and supports the planning and execution of team goals and projects, including setting long-term strategy and making decisions about tools, technology, and staffing needs Partners closely with stakeholders across technology, including architecture, engineering, infrastructure, application development, and cyber risk management teams to facilitate vulnerability communications, support remediation activities, and provide continuous reporting. Collaborates with enterprise risk, compliance, and threat intelligence teams to ensure vulnerability management aligns with the organization's overall risk management strategy. Ensures all project deliverables meet high standards for accuracy, completeness, and impact, and are delivered on time to support team and organizational objectives Represents the vulnerability management program to senior leadership, delivering concise, risk-informed insights and recommendations Manages program metrics, reporting, and performance indicators to demonstrate business value, operational maturity, and continuous improvement Qualifications 8+ years w/Bachelor's degree; 1+ years supervisory/management Industry certifications such as CISSP, GSEC, OSCP, or comparable security-related credentials are strongly preferred Proven experience managing enterprise-scale vulnerability management programs and tools Proven expertise in developing, mentoring, and retaining high-performing teams while fostering a mindful, inclusive, and trust-based team culture Demonstrated background in strategic planning, service/program development, capability assessment, and building strong narratives to drive decision-making and create change Deep understanding of risk-based vulnerability management. Knowledge of vulnerability scoring systems (CVSS), security benchmarks (CIS, NIST), and risk quantification techniques Proficiency in selecting, implementing, and managing vulnerability scanning tools (eg, SAST, SCA, IAST, DAST, Network/Infrastructure, Cloud, etc.) across the technology stack Experience designing and implementing automation for vulnerability management processes using generative AI, agent-based systems, large language models (LLMs), or machine learning to improve efficiency, effectiveness, and scalability Skilled in analysing business and technical requirements and translating them into effective solutions, technical plans, roadmaps, budgets, and proposals that support cyber program growth and align with cyber and organizational goals
02/07/2025
Full time
*Remote But not allowed in the following States: Alaska, North Dakota, Nebraska, Hawaii, Oklahoma, Vermont, Maine, West Virginia, Wyoming, New Hampshire, Puerto Rico.* A prestigious company is looking for a Manager, Cyber Risk Vulnerability. This manager will lead a team with focus on vulnerability management and discovery, risk based prioritization, cloud/on-prem vulnerability, CVSS, Vulnerability scanning, Automation, etc. Responsibilities: Leads, coaches, and develops a team of engineers responsible for vulnerability discovery, assessment, risk-based prioritization, and remediation tracking across cloud, on-premises, and hybrid environments Envisions, defines, designs, builds, staffs, and delivers vulnerability management processes and capabilities Leads and supports the planning and execution of team goals and projects, including setting long-term strategy and making decisions about tools, technology, and staffing needs Partners closely with stakeholders across technology, including architecture, engineering, infrastructure, application development, and cyber risk management teams to facilitate vulnerability communications, support remediation activities, and provide continuous reporting. Collaborates with enterprise risk, compliance, and threat intelligence teams to ensure vulnerability management aligns with the organization's overall risk management strategy. Ensures all project deliverables meet high standards for accuracy, completeness, and impact, and are delivered on time to support team and organizational objectives Represents the vulnerability management program to senior leadership, delivering concise, risk-informed insights and recommendations Manages program metrics, reporting, and performance indicators to demonstrate business value, operational maturity, and continuous improvement Qualifications 8+ years w/Bachelor's degree; 1+ years supervisory/management Industry certifications such as CISSP, GSEC, OSCP, or comparable security-related credentials are strongly preferred Proven experience managing enterprise-scale vulnerability management programs and tools Proven expertise in developing, mentoring, and retaining high-performing teams while fostering a mindful, inclusive, and trust-based team culture Demonstrated background in strategic planning, service/program development, capability assessment, and building strong narratives to drive decision-making and create change Deep understanding of risk-based vulnerability management. Knowledge of vulnerability scoring systems (CVSS), security benchmarks (CIS, NIST), and risk quantification techniques Proficiency in selecting, implementing, and managing vulnerability scanning tools (eg, SAST, SCA, IAST, DAST, Network/Infrastructure, Cloud, etc.) across the technology stack Experience designing and implementing automation for vulnerability management processes using generative AI, agent-based systems, large language models (LLMs), or machine learning to improve efficiency, effectiveness, and scalability Skilled in analysing business and technical requirements and translating them into effective solutions, technical plans, roadmaps, budgets, and proposals that support cyber program growth and align with cyber and organizational goals
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for a Senior Associate, Internal Audit IT & Security. This internal auditor will need 2+ years of experience conducting risk-based information technology and security audits. This is a highly regulated financial environment, and these audits will follow AICPA, IIA, IPPF, COBIT, NIST, and CSF standards/frameworks. Responsibilities: Support the team on delivery of assigned audits within the annual audit plan. Support the team confirming a professional auditee experience. Owning the audit quality, accuracy of results, and delivery in a timely manner. Proactively identify regulatory, operational, and/or strategic risks to the organization and bring them to your engagement team. Evaluate exceptions or inefficient practices for root causes and propose advice and recommendations for achievable solutions. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, change management, security), engagement and alignment of change initiatives to business objectives. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Ability to understand professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and control. Keeping current on best practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Qualifications Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. 2+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent. Consulting and/or accounting firm experience. Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software
02/07/2025
Full time
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for a Senior Associate, Internal Audit IT & Security. This internal auditor will need 2+ years of experience conducting risk-based information technology and security audits. This is a highly regulated financial environment, and these audits will follow AICPA, IIA, IPPF, COBIT, NIST, and CSF standards/frameworks. Responsibilities: Support the team on delivery of assigned audits within the annual audit plan. Support the team confirming a professional auditee experience. Owning the audit quality, accuracy of results, and delivery in a timely manner. Proactively identify regulatory, operational, and/or strategic risks to the organization and bring them to your engagement team. Evaluate exceptions or inefficient practices for root causes and propose advice and recommendations for achievable solutions. Leading audits related to organization changes including business requirements definitions, technology implementations (eg, change management, security), engagement and alignment of change initiatives to business objectives. Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices. Ability to understand professional principles and standards (eg, AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and control. Keeping current on best practices and emerging risks within the financial services industry and making recommendations for improvements as necessary. Qualifications Bachelor's degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field. 2+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent. Consulting and/or accounting firm experience. Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI). Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA). Microsoft Office applications Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software
Job Title: Senior Developer Job Description The Senior Developer is accountable for providing Level 3 engineering and troubleshooting assistance to application developers using major software development language platforms. The role requires a comprehensive understanding of how applications and systems leverage the Microsoft Identity Platform, Entra ID, and the Microsoft Graph API. Candidates must be well-versed in Identity and Cybersecurity best practices, particularly in authentication, authorization, and identity management. The ideal candidate will enhance partnerships with vendors and internal business customers to recommend secure configurations of custom and commercial-off-the-shelf (COTS) software applications with Microsoft Entra ID (Azure AD). Responsibilities Design application authentication using centralized federated authentication with Entra ID. Serve as a cross-platform technical subject matter expert for SSO technologies and provide operational consulting support to design engineers in BTS IT, Division IT, and end-user organizations. Educate and mentor colleagues on authentication and authorization design best practices and design principles for OpenID Connect (OIDC) and OAuth. Create documentation for specific application configurations based on testing in test environments and work with the identity operations team to implement in Entra ID production according to security practices. Participate in multi-discipline design or problem resolution sessions with vendors and internal business customers to set up and troubleshoot SSO connections as a Level 3 technical expert. Essential Skills 3+ years of experience with application authentication with external identity providers (Azure, AWS, C#/.NET/Python/Java/Mobile). Certifications or equivalent experience in technology disciplines. Expertise in code signing and CI/CD pipelines for code deployment, with significant experience in DevOps practices. Experience with code repositories like Azure DevOps. Proficiency in Powershell Scripting and CI/CD pipeline implementations. Additional Skills & Qualifications Knowledge of Python, .NET, AWS, Azure, Java, Mobile development, C#, and DevOps methodologies. Experience with OIDC and OAuth protocols. Why Work Here? Engage in purposeful work by contributing to life-changing healthcare innovations. Be part of an innovation culture that encourages creativity and diverse thinking. Benefit from career growth opportunities through training, global prospects, and tuition support. Enjoy a focus on well-being with competitive pay, benefits, and flexible work options. Join an inclusive environment with a strong commitment to diversity. Work Environment The role involves working with advanced technologies, including Microsoft Entra ID, Azure AD, and various programming languages and platforms. The work environment supports flexibility and offers opportunities for engaging in innovative projects. Dress code is business casual, and the organisation promotes a collaborative and inclusive atmosphere. Job Type & Location This is a Contract position based and onsite 4 days per week in Cherrywood, Dublin, Ireland Location Dublin, Ireland Trading as TEKsystems. Allegis Group Limited. Level 1, The Chase, Carmanhall Road, Sandyford, Dublin 18, Ireland. No. 909257. TEKsystems is a company within the Allegis Group network of companies (collectively referred to as "Allegis Group"). Aerotek, Aston Carter, EASi, Talentis Solutions, TEKsystems, Stamford Consultants and The Stamford Group are Allegis Group brands. If you apply, your personal data will be processed as described in the Allegis Group Online Privacy Notice available at our website. To access our Online Privacy Notice, which explains what information we may collect, use, share, and store about you, and describes your rights and choices about this, please go our website. We are part of a global network of companies and as a result, the personal data you provide will be shared within Allegis Group and transferred and processed outside the UK, Switzerland and European Economic Area subject to the protections described in the Allegis Group Online Privacy Notice. We store personal data in the UK, EEA, Switzerland and the USA. If you would like to exercise your privacy rights, please visit the "Contacting Us" section of our Online Privacy Notice on our website for details on how to contact us. To protect your privacy and security, we may take steps to verify your identity, such as a password and user ID if there is an account associated with your request, or identifying information such as your address or date of birth, before proceeding with your request. commitments under the UK Data Protection Act, EU-U.S. Privacy Shield or the Swiss-U.S. Privacy Shield.
02/07/2025
Project-based
Job Title: Senior Developer Job Description The Senior Developer is accountable for providing Level 3 engineering and troubleshooting assistance to application developers using major software development language platforms. The role requires a comprehensive understanding of how applications and systems leverage the Microsoft Identity Platform, Entra ID, and the Microsoft Graph API. Candidates must be well-versed in Identity and Cybersecurity best practices, particularly in authentication, authorization, and identity management. The ideal candidate will enhance partnerships with vendors and internal business customers to recommend secure configurations of custom and commercial-off-the-shelf (COTS) software applications with Microsoft Entra ID (Azure AD). Responsibilities Design application authentication using centralized federated authentication with Entra ID. Serve as a cross-platform technical subject matter expert for SSO technologies and provide operational consulting support to design engineers in BTS IT, Division IT, and end-user organizations. Educate and mentor colleagues on authentication and authorization design best practices and design principles for OpenID Connect (OIDC) and OAuth. Create documentation for specific application configurations based on testing in test environments and work with the identity operations team to implement in Entra ID production according to security practices. Participate in multi-discipline design or problem resolution sessions with vendors and internal business customers to set up and troubleshoot SSO connections as a Level 3 technical expert. Essential Skills 3+ years of experience with application authentication with external identity providers (Azure, AWS, C#/.NET/Python/Java/Mobile). Certifications or equivalent experience in technology disciplines. Expertise in code signing and CI/CD pipelines for code deployment, with significant experience in DevOps practices. Experience with code repositories like Azure DevOps. Proficiency in Powershell Scripting and CI/CD pipeline implementations. Additional Skills & Qualifications Knowledge of Python, .NET, AWS, Azure, Java, Mobile development, C#, and DevOps methodologies. Experience with OIDC and OAuth protocols. Why Work Here? Engage in purposeful work by contributing to life-changing healthcare innovations. Be part of an innovation culture that encourages creativity and diverse thinking. Benefit from career growth opportunities through training, global prospects, and tuition support. Enjoy a focus on well-being with competitive pay, benefits, and flexible work options. Join an inclusive environment with a strong commitment to diversity. Work Environment The role involves working with advanced technologies, including Microsoft Entra ID, Azure AD, and various programming languages and platforms. The work environment supports flexibility and offers opportunities for engaging in innovative projects. Dress code is business casual, and the organisation promotes a collaborative and inclusive atmosphere. Job Type & Location This is a Contract position based and onsite 4 days per week in Cherrywood, Dublin, Ireland Location Dublin, Ireland Trading as TEKsystems. Allegis Group Limited. Level 1, The Chase, Carmanhall Road, Sandyford, Dublin 18, Ireland. No. 909257. TEKsystems is a company within the Allegis Group network of companies (collectively referred to as "Allegis Group"). Aerotek, Aston Carter, EASi, Talentis Solutions, TEKsystems, Stamford Consultants and The Stamford Group are Allegis Group brands. If you apply, your personal data will be processed as described in the Allegis Group Online Privacy Notice available at our website. To access our Online Privacy Notice, which explains what information we may collect, use, share, and store about you, and describes your rights and choices about this, please go our website. We are part of a global network of companies and as a result, the personal data you provide will be shared within Allegis Group and transferred and processed outside the UK, Switzerland and European Economic Area subject to the protections described in the Allegis Group Online Privacy Notice. We store personal data in the UK, EEA, Switzerland and the USA. If you would like to exercise your privacy rights, please visit the "Contacting Us" section of our Online Privacy Notice on our website for details on how to contact us. To protect your privacy and security, we may take steps to verify your identity, such as a password and user ID if there is an account associated with your request, or identifying information such as your address or date of birth, before proceeding with your request. commitments under the UK Data Protection Act, EU-U.S. Privacy Shield or the Swiss-U.S. Privacy Shield.
We're working with a large scale organisation in Glasgow currently going through an ambitious digital transformation, modernising their infrastructure estate and moving from a heavily onprem setup to a more scalable, cloud first model. As part of this evolution, they're hiring a 3rd Line Infrastructure Engineer with strong Microsoft experience to support and lead key projects across Azure, Intune, and endpoint security. This role is ideal for someone who thrives in a hands on technical environment and enjoys balancing BAU escalations with impactful project delivery. You'll play a key role as part of a small internal IT team, working closely with first line support, key stakeholders across the business, and external vendors to help deliver a wide range of infrastructure improvements. From migrating to Azure AD and Intune, to rolling out Defender across the business and helping push toward Cyber Essentials Plus and ISO 27001 compliance; there's a lot going on, and you'll be in the thick of it. Alongside cloud migration work, you'll also be involved in troubleshooting Server Side issues, maintaining core infrastructure services, and making sure everything runs smoothly behind the scenes. Responsibilities: You'll support and lead 3rd line infrastructure activities across onprem and cloud services, resolving escalated issues while contributing to a variety of internal projects. You'll work within an ITIL aligned environment, helping improve system performance, network reliability, and cyber security posture. Collaborating across support functions and with senior leadership, you'll take ownership of your technical space, from endpoint security to server virtualisation and cloud platform improvements. It'd be great if you have Strong Microsoft knowledge; Azure AD, Intune, Entra, O365, Endpoint Manager Experience supporting server platforms (Windows Server, Exchange, SharePoint) Virtualisation (VMware, Hyper V, or Proxmox) and Scripting (PowerShell) Solid networking knowledge - DNS, DHCP, routing, Firewalls, web filtering Experience supporting telephony platforms in a business environment Exposure to cloud migrations, ideally Azure (some AWS experience also fine) Experience supporting enterprise platforms like IIS & SQL Familiarity with compliance standards (ISO 27001, Cyber Essentials, NIST) There's no on call requirement, though some flexibility around out of hours work may occasionally be needed. This is a genuinely varied and collaborative environment, one where you can roll up your sleeves and get involved in modernising systems that underpin the wider business. In return, they're able to offer a salary of around £40,000 depending on experience, with a bonus, pension, 28 days' holiday plus public, and hybrid working. The business has offices across the globe, but this role is based in Glasgow (typically three days in the office each week, a little more at the beginning during onboarding). If you're a technically capable infrastructure engineer ready to take on cloud first transformation projects, we'd love to hear from you. Apply now or get in touch with Lewis at Cathcart Technology for more information.
30/06/2025
Full time
We're working with a large scale organisation in Glasgow currently going through an ambitious digital transformation, modernising their infrastructure estate and moving from a heavily onprem setup to a more scalable, cloud first model. As part of this evolution, they're hiring a 3rd Line Infrastructure Engineer with strong Microsoft experience to support and lead key projects across Azure, Intune, and endpoint security. This role is ideal for someone who thrives in a hands on technical environment and enjoys balancing BAU escalations with impactful project delivery. You'll play a key role as part of a small internal IT team, working closely with first line support, key stakeholders across the business, and external vendors to help deliver a wide range of infrastructure improvements. From migrating to Azure AD and Intune, to rolling out Defender across the business and helping push toward Cyber Essentials Plus and ISO 27001 compliance; there's a lot going on, and you'll be in the thick of it. Alongside cloud migration work, you'll also be involved in troubleshooting Server Side issues, maintaining core infrastructure services, and making sure everything runs smoothly behind the scenes. Responsibilities: You'll support and lead 3rd line infrastructure activities across onprem and cloud services, resolving escalated issues while contributing to a variety of internal projects. You'll work within an ITIL aligned environment, helping improve system performance, network reliability, and cyber security posture. Collaborating across support functions and with senior leadership, you'll take ownership of your technical space, from endpoint security to server virtualisation and cloud platform improvements. It'd be great if you have Strong Microsoft knowledge; Azure AD, Intune, Entra, O365, Endpoint Manager Experience supporting server platforms (Windows Server, Exchange, SharePoint) Virtualisation (VMware, Hyper V, or Proxmox) and Scripting (PowerShell) Solid networking knowledge - DNS, DHCP, routing, Firewalls, web filtering Experience supporting telephony platforms in a business environment Exposure to cloud migrations, ideally Azure (some AWS experience also fine) Experience supporting enterprise platforms like IIS & SQL Familiarity with compliance standards (ISO 27001, Cyber Essentials, NIST) There's no on call requirement, though some flexibility around out of hours work may occasionally be needed. This is a genuinely varied and collaborative environment, one where you can roll up your sleeves and get involved in modernising systems that underpin the wider business. In return, they're able to offer a salary of around £40,000 depending on experience, with a bonus, pension, 28 days' holiday plus public, and hybrid working. The business has offices across the globe, but this role is based in Glasgow (typically three days in the office each week, a little more at the beginning during onboarding). If you're a technically capable infrastructure engineer ready to take on cloud first transformation projects, we'd love to hear from you. Apply now or get in touch with Lewis at Cathcart Technology for more information.
