This is a hands-on role that requires flexibility, excellent communication skills and a collaborative approach to the delivery of IT solutions across the business. The role holder will be responsible for the day to day tasks and projects that provide great information and cyber security.
The right candidate will be excited about the opportunity to be part of a new and ambitious team. They will have a minimum of 3 years hands on cyber security experience and whilst qualifications like CISSP would be nice, they are not as important as demonstrable experience and the right mindset.
The Working Environment
Given the nature of this role, the incumbent will work with all areas of the business including key stakeholders and departments including, but not limited to, Risk, Audit, Legal and Business Change
The incumbent will build key relationships with all teams / colleagues within the IT department and will have the communicate complex technical issues in a manner that will be acceptable to non-technical colleagues.
The incumbent will be a strong owner of requirements and issues and will have contact with external managed Security Operations Centre (SOC) and other third-party Information Security vendors / suppliers
- In conjunction with the Information Security Manager, own actions to maintain and deliver the Information Security Strategy ensuring that it meets current and future business requirements
- To carry out technical vulnerability assessments of IT systems and processes, identifying potential vulnerabilities, to make recommendations to IT Management to control any risks identified and to ensure they are implemented
- To respond rapidly and effective to Information Security incidents, managing the incident in a professional manor including computer forensics for evidence gathering and preservation. Appropriate and sensitive handling of effected staff and efficient liaison with both internal and external entities and law enforcement agencies when required
- To input to the development and implementation of a robust set of Information Security standards based upon best practices and lead by example to provide excellent security guidance
- To input to the Information Security aspects of the IT Risks and Controls register and carry out actions to mitigate the risks identified
- Assist in the development and maintenance of a Cyber Incident Security plan including the planning and conducting regular Cyber Incident scenario testing exercises
- To keep up to date with security trends, threats and control measures and recommend new solutions and initiatives that will enhance the protection of the Societies assets and data
- To contribute to Information Security reports, dashboards and audits so that they are completed on schedule including alignment to the Cyber awareness assessment report
- To assist with various tasks / solutions, including but not limited to, SIEM / EDR / UBA solutions, SOC relationship, vulnerability scanning, patch management, penetration testing, phishing testing, intrusion prevention, e-mail monitoring, data loss prevention, user access, user awareness, disaster recovery and business continuity
- Support Security partners delivering our Managed Security Operations Centre Services.
- Assist in Security Incident investigation with forensic and response activities
- Maintain awareness of emerging security threats, trends and issues, understanding how they impact our Information/Cyber risk profile, preventing data loss and service interruptions by researching technologies that will effectively protect the network and Infrastructure.
- Ensuring that threats and vulnerabilities are managed appropriately, and remediation is carried out according to agreed timescales.
- Provide subject matter expertise as required for key projects, functions and services
- Perform technical risk assessments of new and existing systems, identifying potential weaknesses and recommending suitable protection measures.
- Support configuration and operation of firewalls, encryption, and other security measures
- Support the delivery of an effective Security Testing Schedule
- Assist with the creation, maintenance, and delivery of information/cyber security awareness training for colleagues
Skills / Experience Required
- A degree in an Information Technology or Computer Science discipline or significant hands-on experience
- 5 years of related work experience, with 3 or more years in an Information Security position, ideally but not essentially within a Financial Services led environment or equivalent highly regulated industry
- Certification in Information Security (CISSP, CISM etc.) or comparable work experience
- A strong technical understanding and background
- Must be capable of researching/evaluating emerging cyber security threats and understand the methods needed to manage them.
- Must have extensive cyber-security knowledge across multiple practices, including Threat Management, Security Operations, and Testing
- Must have an excellent understanding of current and emerging technology practices
- Full UK driving license
- Excellent interpersonal, written and verbal communication skills and the ability to work well with people at every level
- Ability to work with autonomy, be organised and able to work under pressure
- Strong relationship management and influencing skills
- Attention to detail to ensure accurate assessment and management of risk
- Strong analytical skillset
- Ability to effectively prioritise situations requiring urgent attention
- The ability to inspire the team to think ‘outside of the box’ and go the extra mile
- Pro-activity and self-motivated with the proven ability to drive results and provide excellent customer services to all levels of the organisation
- High level of motivation to see success delivered through own personal efforts and those around them
- Ability to demonstrate and enhance the core values of the Company
- Willingness to work outside of normal working hours when required and provide out of hours support in line with the on-call rota
- Competitive salary and benefits
- 24 days annual leave plus 8 bank holidays
- Company pension scheme (after 3 month qualifying period, 7% employer, 5% employee)
- A paid community day each year
- Collaborative, supportive organisation committed to developing full potential
- Excellent opportunity for career progression based on delivery, output and alignment to our values
- Free on-site car parking
This role will be fully remote for the foreseeable future, however the successful candidate must be willing to attend site up to 2-3 days per week if required, hence living within a commuting distance will be essential upon return to normal working…..whenever that is!