Working for an expanding financial services company you will be responsible for reviewing, developing and enforcing security policies to protect our client's IT infrastructure, networks and data.
- Understanding the threats and risks facing the business and communicating these effectively across the business.
- Raising aware of information security risk across the business and promoting the concept of the human firewall.
- Understanding vulnerabilities and evolving attack vectors
- Managing and reviewing internal policies and procedures and updating them to reflect business change, emerging threats, and updated best practice.
- Representing IT at business risk meetings
- Collaboration with group Risk and Compliance teams to develop and manage incident response frameworks
- Managing Software patching processes
- Monitoring and tuning security appliances such as Cisco ASA firewalls, SonicWall IDS/IPS and Darktrace Enterprise Immune.
- Monitoring and deployment of security software including Webroot Secure Anywhere, Mimecast Advanced Threat Protection and zScaler Internet Security
- Reviewing the market for effective information security solutions
- Providing security input as part of the IT Change Advisory Board
- Managing vulnerability and perimeter penetration tests and ensuring recommendations are implemented
- Management of ISO27001 and AAF audits
- Ensuring business awareness of and adherence to IT Security policies and procedures
- Managing annual review of suppliers' information security processes
- Responding to client information security questionnaires
- In similar post for at least 3 years
- Excellent written and spoken communication skills
- Knowledge of ISO27001 frameworks and controls
- Has, or is working towards Certified Information Systems Security Professional, (ISC)2 or other accepted industry qualification.
- Detailed understanding of Security Infrastructure design
- Detailed understanding of IT Security best practice
- Detailed understanding of ITIL v3 processes
- Knowledge of WSUS and MS SCCM for Windows update deployment
- Working Knowledge of the Darktrace Enterprise Immune System
- Experience of SIEM systems and their management
- Experience of working in a regulated environment is also desirable