Information Security Specialist
- Recruiter
- Confidential
- Location
- Crewe
- Salary
- Competitive
- Posted
- 13 Jul 2021
- Closes
- 10 Aug 2021
- Sectors
- Facilities Management
- Contract Type
- Permanent
- Hours
- Full Time
JOB TITLE: Information Security Specialist
LOCATION: Nr Crewe
SALARY: DOE
An exciting opportunity for a Information Security Specialist, you will be a resourceful, self-motivated individual who is comfortable getting things done in matrix structures. They will have the opportunity to both shape and deliver projects and solutions. You will be expected to apply information security and data protection best practices with pragmatism and common sense.
Key Responsibilities
Development and delivery of information security systems, driving continuous improvement and embedding security awareness to enable the business to achieve its strategic objectives, whilst protecting high-value information assets and systems.
Creation, maintenance and communication of information security and data protection policies, standards, procedures, and guidelines.
Development and maintenance of information security training and awareness material, both company-wide and for specialised, specific audiences (e.g. high privilege account holders).
Responsible for ensuring the IT risk register is regularly updated and communicated, working closely with teams within the organization and third parties to effectively mitigate and control information security and data protection risks.
Responsible for proactive information security and data protection risk management and reporting, including execution and management of information security controls self-assessments.
Perform security reviews of third parties who provide solutions and / or process data for the organisation.
Responsible for managing "first line of defence" security operation controls, including access control, security event monitoring, patch management, endpoint threat detection, data leakage prevention, firewalls and IPS.
Lead the information security incident management process, including training teams on the process, conducting incident scenario exercises, data breach reporting and post-incident reporting.
Work closely with all IT teams to ensure appropriate information security and data protection controls are embedded within both projects and everyday support activities.
Perform in-depth analysis and compliance reporting against appropriate control frameworks and international standards.
Providing internal information security, architectural and data protection consultancy as required.
Challenge the effectiveness of controls embedded in the business units to ensure compliance both with internal security policies, applicable legislation, regulations (e.g. GDPR) and industry standards (e.g. PCI DSS).
Lead the selection, design and implementation of innovative technology-based solutions to enhance the organisation's security posture against the rapidly evolving cyber threat landscape.
Lead coordinator of independent audit activities, including internal audits, external audits and penetration testing and facilitating responses to audit evidence requests and subsequent audit actions.
Skills and Experience Required
Essential
Experience working in an information security, technology architecture or infrastructure management role.
Excellent written and oral communication skills, with the ability to effectively converse in English at all levels of the organisation.
Build and maintain strong, collaborative relationships across the busines in all countries.
Proven track record of high-quality data analysis and formal report writing.
Practical knowledge of information security risks, controls and frameworks (e.g. COBIT or ISO27001).
Experience in designing and implementing written and technical information security policies.
Experience in facilitating and supporting internal and/or external audit activities.
Passion for information security, with a proactive attitude toward maintaining up-to-date knowledge.
Broad experience and knowledge of IT systems, networking principles and associated technology-based security controls.
Knowledge and experience of logical access control management and administration.
Broad knowledge of UK DPA, GDPR, PCI DSS or other global Data Protection legislation
High level of personal and professional integrity.
Advantageous
Professional qualification (degree or equivalent industry qualification).
Holds an industry certification such as (EISM, CISM, CISSP, CISA, CEH or CySA+).
Knowledge of data protection and information security standards and processes, and delivery of information security projects.
Experience in delivering projects relating to Microsoft technologies, including Office 365, cloud services, and datacentre technologies.
Experience of NIST-based security incident handing and response.
Experience of PCI DSS compliance control implementation and auditing.
Knowledge of enterprise architecture principles, frameworks, and best practices.
Knowledge of cloud computing and the associated security and control considerations.
Subject matter expertise across the following technologies:
TCP/IP, LAN and WAN networking.
Network Security (e.g. firewalling, IPS).
Server operating systems and hardening techniques.
Endpoint security and encryption.
Virtualisation and thin-client products.
SIEM and vulnerability management tools.
URL filtering and DLP
LOCATION: Nr Crewe
SALARY: DOE
An exciting opportunity for a Information Security Specialist, you will be a resourceful, self-motivated individual who is comfortable getting things done in matrix structures. They will have the opportunity to both shape and deliver projects and solutions. You will be expected to apply information security and data protection best practices with pragmatism and common sense.
Key Responsibilities
Development and delivery of information security systems, driving continuous improvement and embedding security awareness to enable the business to achieve its strategic objectives, whilst protecting high-value information assets and systems.
Creation, maintenance and communication of information security and data protection policies, standards, procedures, and guidelines.
Development and maintenance of information security training and awareness material, both company-wide and for specialised, specific audiences (e.g. high privilege account holders).
Responsible for ensuring the IT risk register is regularly updated and communicated, working closely with teams within the organization and third parties to effectively mitigate and control information security and data protection risks.
Responsible for proactive information security and data protection risk management and reporting, including execution and management of information security controls self-assessments.
Perform security reviews of third parties who provide solutions and / or process data for the organisation.
Responsible for managing "first line of defence" security operation controls, including access control, security event monitoring, patch management, endpoint threat detection, data leakage prevention, firewalls and IPS.
Lead the information security incident management process, including training teams on the process, conducting incident scenario exercises, data breach reporting and post-incident reporting.
Work closely with all IT teams to ensure appropriate information security and data protection controls are embedded within both projects and everyday support activities.
Perform in-depth analysis and compliance reporting against appropriate control frameworks and international standards.
Providing internal information security, architectural and data protection consultancy as required.
Challenge the effectiveness of controls embedded in the business units to ensure compliance both with internal security policies, applicable legislation, regulations (e.g. GDPR) and industry standards (e.g. PCI DSS).
Lead the selection, design and implementation of innovative technology-based solutions to enhance the organisation's security posture against the rapidly evolving cyber threat landscape.
Lead coordinator of independent audit activities, including internal audits, external audits and penetration testing and facilitating responses to audit evidence requests and subsequent audit actions.
Skills and Experience Required
Essential
Experience working in an information security, technology architecture or infrastructure management role.
Excellent written and oral communication skills, with the ability to effectively converse in English at all levels of the organisation.
Build and maintain strong, collaborative relationships across the busines in all countries.
Proven track record of high-quality data analysis and formal report writing.
Practical knowledge of information security risks, controls and frameworks (e.g. COBIT or ISO27001).
Experience in designing and implementing written and technical information security policies.
Experience in facilitating and supporting internal and/or external audit activities.
Passion for information security, with a proactive attitude toward maintaining up-to-date knowledge.
Broad experience and knowledge of IT systems, networking principles and associated technology-based security controls.
Knowledge and experience of logical access control management and administration.
Broad knowledge of UK DPA, GDPR, PCI DSS or other global Data Protection legislation
High level of personal and professional integrity.
Advantageous
Professional qualification (degree or equivalent industry qualification).
Holds an industry certification such as (EISM, CISM, CISSP, CISA, CEH or CySA+).
Knowledge of data protection and information security standards and processes, and delivery of information security projects.
Experience in delivering projects relating to Microsoft technologies, including Office 365, cloud services, and datacentre technologies.
Experience of NIST-based security incident handing and response.
Experience of PCI DSS compliance control implementation and auditing.
Knowledge of enterprise architecture principles, frameworks, and best practices.
Knowledge of cloud computing and the associated security and control considerations.
Subject matter expertise across the following technologies:
TCP/IP, LAN and WAN networking.
Network Security (e.g. firewalling, IPS).
Server operating systems and hardening techniques.
Endpoint security and encryption.
Virtualisation and thin-client products.
SIEM and vulnerability management tools.
URL filtering and DLP