We are investing heavily in our tech platform over 2018/19 and building out new components to help with our ambitious plans. To support this, we are expanding our Information Security programme in order to ensure compliance with GDPR, PCI-DSS as well as maturing our operational defense capabilities. This position has a lot of scope and potential to see you expand your skills and knowledge in a fast-paced, fun environment for an award-winning ecommerce company.
This position will see you working in a varied role, assisting with the implementation and maintenance of our security programme, and will require you to have a broad range of information security experience, including experience in risk and compliance management, vulnerability management and incident response.
Some of the things you’ll be doing:
- Conduct risk assessments to identify, assess, and measure information security risks for systems, facilities, networks, projects and third parties
- Document and implement risk assessment process to be deployed across the organisation
- Assists with the activities which ensure compliance to security policies, standards as well as legal and operational requirements such as GDPR, PCI-DSS. Collaborates with Legal team and Risk Management board in the management of operational risk register and recommends appropriate actions and assists with mitigation planning.
- Manages Vendor Security oversight, including initial security assessments, regular check ups throughout the relationship and management of any Information Security incidents should they occur.
- Assists in governing policies for security tools, responding to events and evaluating data to enable reporting and subsequent analysis.
- Supports the development and maintenance of NOTH’s information security policies, procedures and guidelines in accordance with industry best practises.
- Supports projects across the business to provide specialist information security advice and collaborates with development teams, architects and the Information Security Manager to embed a risk-based approach and ensure security requirements are captured and implemented appropriately.
- Contributes to design, development and delivery of staff security education and training programmes.
- Contributes to the identification, classification and mitigation of business and operational risks.
- Participates in incident response processes as well as incident response planning and management of security incidents and risk events to protect information and IT assets.
- Participates in the deployment and ongoing management of security technologies
Some key skills + experience you’ll need
- Good knowledge and experience in the areas of vulnerability management, risk assessments and vulnerability mitigation
- Extensive experience and understanding of Security Analysis toolkits, defensive technologies and other security systems e.g. SIEM, Vulnerability scanners, WAF, IDS/IPS, Firewalls, IAM, patch management, Antivirus
- Strong understanding of network security, preferably in a Cloud environment
- Exposure to agenda for Operational Risk Committee/Board
- Excellent communication, documentation, organisational and interpersonal skills.
- Threat Intelligence
- Performing and remediating vulnerability assessments
Sounds brilliant, how do I apply?
Think you’re the right person for the job and want to be part of the amazing Team NOTHS?
Please apply through the link and we’ll get back to you as soon as we can!