We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world. We work with the companies that are Britain's economic engine - ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy - and directly advise the owners and management teams that lead them. We'll broaden your horizons To ensure our services and applications are fit for the modern market, our team collaborates with every department. We develop, explore and implement the information Security practices helping us to protect the data of our clients in our services of accounting, tax and business consulting. But, just as importantly, we maintain the functionality of our Information Security Management System (ISMS) and ensure governance of the technology and security processes that keeps us advancing. And you could too. In an Information Security role at BDO, you'll become part of a team that act as the backbone for our business. No matter who you are or what your skillset is, we'll give you the training and support you need to achieve whatever you put your mind to. We'll help you succeed Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships. You'll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO's partners to help businesses effectively. You'll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with. Role Purpose The Assurance Manager's role is responsible for designing, managing and overseeing BDO's Assurance program and analytical work. This role will play a key part in ensuring the detection, prevention and response to risks, such as data theft, sabotage or espionage. The Assurance Manager will work closely with senior stakeholders, such as risk partners, risk owners, risk managers and other stream stakeholders to establish and maintain the Assurance strategy, vision and governance. The Assurance Manager will also lead a team of assurance analysts to deliver the Assurance program and analytical work. The Assurance Manager role is the focal point for effective engagement between the business streams and the Information Security team on Assurance related matters. This role will be a trusted adviser to senior stakeholders and provide broad knowledge of BDO's Assurance strategy, policies, standards, processes and roadmaps to enable streams to understand and meet Assurance requirements. Leading a team of Assurance Specialists and Analysts and working with nominated Assurance leads in the business, the Assurance Manager will take responsibility for assessing Assurance risk with the business and ensure that those risks are being managed by the risk owners. Where decisions are made to accept, reduce, share or avoid, the Assurance Manager will ensure appropriate visibility and governance committees are informed. The Assurance Manager will also oversee the prioritisation of activities to support business requests and the delivery of other resources supporting risk assessments always ensuring a consistent and high-quality service is being delivered to each business area. This role reports to the Head of Cyber Detect and Response. Principal Accountabilities Design, manage and oversee BDO's Assurance program and analytical work Utilise BDO's Assurance tools, procedures and control framework to collect, analyse and report on relevant data and indicators from various sources Establish and maintain 'Assurance awareness' in the business to drive risk awareness and effective risk management Identify and respond to Assurance incidents and escalations Develop collateral and appropriate materials to support engagement with senior stakeholders, to explain the Assurance program, key concepts and best practices Create and implement Assurance policies, standards, processes and procedures Knowledge and experience of Assurance principles, programs and analytical work Deep understanding of Microsoft Purview with experience of implementation Technical expertise and experience in Assurance tools and techniques to perform data collection, analysis and reporting Experience of designing, managing and overseeing projects of limited scale or complexity Experience of challenging current practice - driving improvements and championing change Experience of taking personal responsibility for own decisions and actions and those of others Experience of leading and directing teams setting clear and achievable objectives aligned to the expected outcomes for the role Experience of working in a team environment and collaborating with others Highly self-motivated with keen attention to detail The ability to build good relationships at all levels and influence stakeholders Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience A good understanding of security frameworks including ISO27001/2, Cyber Essentials Plus, CIS Top 20, Data Protection Act 2018, OWASP Top 10 Have a relevant industry certification such as CISSP, CISM, CRISC, BRMP or similar NB: The above list of job duties is not exclusive or exhaustive and the post holder will be required to undertake such tasks as may reasonably be expected within the scope and grading of the post. You'll be able to be yourself; we'll recognise and value you for who you are and celebrate and reward your contributions to our business. We're committed to agile working, and we offer everyone the opportunity to work in ways that suit them, their teams, and the task at hand. At BDO, we'll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development. We're in it together Mutual support and respect is one of BDO's core values and we're proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we'll support you at every stage in your career, whatever your personal and professional needs. Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you'll always have access to the people and resources you need to do your best work. We know that collaboration is the key to creating value and satisfying experiences at work, so we've invested in state-of-the-art collaboration spaces in our offices. BDO's people represent a wealth of knowledge and expertise, and we'll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you'll never stop learning at BDO. We're looking forward to the future At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we're always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions. We've got a clear purpose, and we're confident in our future, because we're adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better. About Us BDO UK provides tax, audit and assurance, advisory and business outsourcing service s. Our clients are Britain's economic engine - ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy - and the owners and management teams that lead them. Our partners and staff are specialists in their fields and have a proactive, flexible approach to helping clients overcoming the challenges they face. We aim to be as innovative and entrepreneurial as our clients. Our approach and expertise are what help us deliver exceptional client service. 95% of our clients would recommend us. We operate from 17 locations across the UK, covering all major business centres. We employ 7,500 people who are encouraged to bring their best selves to work; taking responsibility for their work and their relationships with clients. All our people share core values that underpin both our culture and the value that we bring to our clients. Our values are also reflected in continued focus on ESG. Our firm is distinctive and we want to preserve and build on the strengths of our culture and the characteristics that make us both successful and different. We look for people from all kinds of backgrounds who share these same qualities. BDO LLP is a key member of the BDO global network of public accounting, tax and advisory firms. The firms have representation in 16 4 countries, with 111,300 people working out of over 1,803 offices worldwide. That's BDO and we are proud to be part of it. Being part of an integrated network of firms across the world provides us with myriad opportunities for success.
May 05, 2024
Full time
We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world. We work with the companies that are Britain's economic engine - ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy - and directly advise the owners and management teams that lead them. We'll broaden your horizons To ensure our services and applications are fit for the modern market, our team collaborates with every department. We develop, explore and implement the information Security practices helping us to protect the data of our clients in our services of accounting, tax and business consulting. But, just as importantly, we maintain the functionality of our Information Security Management System (ISMS) and ensure governance of the technology and security processes that keeps us advancing. And you could too. In an Information Security role at BDO, you'll become part of a team that act as the backbone for our business. No matter who you are or what your skillset is, we'll give you the training and support you need to achieve whatever you put your mind to. We'll help you succeed Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships. You'll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO's partners to help businesses effectively. You'll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with. Role Purpose The Assurance Manager's role is responsible for designing, managing and overseeing BDO's Assurance program and analytical work. This role will play a key part in ensuring the detection, prevention and response to risks, such as data theft, sabotage or espionage. The Assurance Manager will work closely with senior stakeholders, such as risk partners, risk owners, risk managers and other stream stakeholders to establish and maintain the Assurance strategy, vision and governance. The Assurance Manager will also lead a team of assurance analysts to deliver the Assurance program and analytical work. The Assurance Manager role is the focal point for effective engagement between the business streams and the Information Security team on Assurance related matters. This role will be a trusted adviser to senior stakeholders and provide broad knowledge of BDO's Assurance strategy, policies, standards, processes and roadmaps to enable streams to understand and meet Assurance requirements. Leading a team of Assurance Specialists and Analysts and working with nominated Assurance leads in the business, the Assurance Manager will take responsibility for assessing Assurance risk with the business and ensure that those risks are being managed by the risk owners. Where decisions are made to accept, reduce, share or avoid, the Assurance Manager will ensure appropriate visibility and governance committees are informed. The Assurance Manager will also oversee the prioritisation of activities to support business requests and the delivery of other resources supporting risk assessments always ensuring a consistent and high-quality service is being delivered to each business area. This role reports to the Head of Cyber Detect and Response. Principal Accountabilities Design, manage and oversee BDO's Assurance program and analytical work Utilise BDO's Assurance tools, procedures and control framework to collect, analyse and report on relevant data and indicators from various sources Establish and maintain 'Assurance awareness' in the business to drive risk awareness and effective risk management Identify and respond to Assurance incidents and escalations Develop collateral and appropriate materials to support engagement with senior stakeholders, to explain the Assurance program, key concepts and best practices Create and implement Assurance policies, standards, processes and procedures Knowledge and experience of Assurance principles, programs and analytical work Deep understanding of Microsoft Purview with experience of implementation Technical expertise and experience in Assurance tools and techniques to perform data collection, analysis and reporting Experience of designing, managing and overseeing projects of limited scale or complexity Experience of challenging current practice - driving improvements and championing change Experience of taking personal responsibility for own decisions and actions and those of others Experience of leading and directing teams setting clear and achievable objectives aligned to the expected outcomes for the role Experience of working in a team environment and collaborating with others Highly self-motivated with keen attention to detail The ability to build good relationships at all levels and influence stakeholders Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience A good understanding of security frameworks including ISO27001/2, Cyber Essentials Plus, CIS Top 20, Data Protection Act 2018, OWASP Top 10 Have a relevant industry certification such as CISSP, CISM, CRISC, BRMP or similar NB: The above list of job duties is not exclusive or exhaustive and the post holder will be required to undertake such tasks as may reasonably be expected within the scope and grading of the post. You'll be able to be yourself; we'll recognise and value you for who you are and celebrate and reward your contributions to our business. We're committed to agile working, and we offer everyone the opportunity to work in ways that suit them, their teams, and the task at hand. At BDO, we'll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development. We're in it together Mutual support and respect is one of BDO's core values and we're proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we'll support you at every stage in your career, whatever your personal and professional needs. Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you'll always have access to the people and resources you need to do your best work. We know that collaboration is the key to creating value and satisfying experiences at work, so we've invested in state-of-the-art collaboration spaces in our offices. BDO's people represent a wealth of knowledge and expertise, and we'll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you'll never stop learning at BDO. We're looking forward to the future At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we're always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions. We've got a clear purpose, and we're confident in our future, because we're adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better. About Us BDO UK provides tax, audit and assurance, advisory and business outsourcing service s. Our clients are Britain's economic engine - ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy - and the owners and management teams that lead them. Our partners and staff are specialists in their fields and have a proactive, flexible approach to helping clients overcoming the challenges they face. We aim to be as innovative and entrepreneurial as our clients. Our approach and expertise are what help us deliver exceptional client service. 95% of our clients would recommend us. We operate from 17 locations across the UK, covering all major business centres. We employ 7,500 people who are encouraged to bring their best selves to work; taking responsibility for their work and their relationships with clients. All our people share core values that underpin both our culture and the value that we bring to our clients. Our values are also reflected in continued focus on ESG. Our firm is distinctive and we want to preserve and build on the strengths of our culture and the characteristics that make us both successful and different. We look for people from all kinds of backgrounds who share these same qualities. BDO LLP is a key member of the BDO global network of public accounting, tax and advisory firms. The firms have representation in 16 4 countries, with 111,300 people working out of over 1,803 offices worldwide. That's BDO and we are proud to be part of it. Being part of an integrated network of firms across the world provides us with myriad opportunities for success.
Ideas People Trust We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world. We work with the companies that are Britain's economic engine - ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy - and directly advise the owners and management teams that lead them. We'll broaden your horizons To ensure our services and applications are fit for the modern market, our team collaborates with every department. We develop, explore and implement the information Security practices helping us to protect the data of our clients in our services of accounting, tax and business consulting. But, just as importantly, we maintain the functionality of our Information Security Management System (ISMS) and ensure governance of the technology and security processes that keeps us advancing. And you could too. In an Information Security role at BDO, you'll become part of a team that act as the backbone for our business. No matter who you are or what your skillset is, we'll give you the training and support you need to achieve whatever you put your mind to. We'll help you succeed Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships. You'll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO's partners to help businesses effectively. You'll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with. Role Purpose The Assurance Manager's role is responsible for designing, managing and overseeing BDO's Assurance program and analytical work. This role will play a key part in ensuring the detection, prevention and response to risks, such as data theft, sabotage or espionage. The Assurance Manager will work closely with senior stakeholders, such as risk partners, risk owners, risk managers and other stream stakeholders to establish and maintain the Assurance strategy, vision and governance. The Assurance Manager will also lead a team of assurance analysts to deliver the Assurance program and analytical work. The Assurance Manager role is the focal point for effective engagement between the business streams and the Information Security team on Assurance related matters. This role will be a trusted adviser to senior stakeholders and provide broad knowledge of BDO's Assurance strategy, policies, standards, processes and roadmaps to enable streams to understand and meet Assurance requirements. Leading a team of Assurance Specialists and Analysts and working with nominated Assurance leads in the business, the Assurance Manager will take responsibility for assessing Assurance risk with the business and ensure that those risks are being managed by the risk owners. Where decisions are made to accept, reduce, share or avoid, the Assurance Manager will ensure appropriate visibility and governance committees are informed. The Assurance Manager will also oversee the prioritisation of activities to support business requests and the delivery of other resources supporting risk assessments always ensuring a consistent and high-quality service is being delivered to each business area. This role reports to the Head of Cyber Detect and Response. Principal Accountabilities Design, manage and oversee BDO's Assurance program and analytical work Utilise BDO's Assurance tools, procedures and control framework to collect, analyse and report on relevant data and indicators from various sources Establish and maintain 'Assurance awareness' in the business to drive risk awareness and effective risk management Identify and respond to Assurance incidents and escalations Develop collateral and appropriate materials to support engagement with senior stakeholders, to explain the Assurance program, key concepts and best practices Create and implement Assurance policies, standards, processes and procedures Technical Competencies Knowledge and experience of Assurance principles, programs and analytical work Deep understanding of Microsoft Purview with experience of implementation Technical expertise and experience in Assurance tools and techniques to perform data collection, analysis and reporting Experience of designing, managing and overseeing projects of limited scale or complexity Experience of challenging current practice - driving improvements and championing change Experience of taking personal responsibility for own decisions and actions and those of others Experience of leading and directing teams setting clear and achievable objectives aligned to the expected outcomes for the role Experience of working in a team environment and collaborating with others Highly self-motivated with keen attention to detail The ability to build good relationships at all levels and influence stakeholders Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience A good understanding of security frameworks including ISO27001/2, Cyber Essentials Plus, CIS Top 20, Data Protection Act 2018, OWASP Top 10 Have a relevant industry certification such as CISSP, CISM, CRISC, BRMP or similar NB: The above list of job duties is not exclusive or exhaustive and the post holder will be required to undertake such tasks as may reasonably be expected within the scope and grading of the post. You'll be able to be yourself; we'll recognise and value you for who you are and celebrate and reward your contributions to our business. We're committed to agile working, and we offer everyone the opportunity to work in ways that suit them, their teams, and the task at hand. At BDO, we'll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development. We're in it together Mutual support and respect is one of BDO's core values and we're proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we'll support you at every stage in your career, whatever your personal and professional needs. Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you'll always have access to the people and resources you need to do your best work. We know that collaboration is the key to creating value and satisfying experiences at work, so we've invested in state-of-the-art collaboration spaces in our offices. BDO's people represent a wealth of knowledge and expertise, and we'll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you'll never stop learning at BDO. We're looking forward to the future At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we're always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions. We've got a clear purpose, and we're confident in our future, because we're adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.
May 05, 2024
Full time
Ideas People Trust We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world. We work with the companies that are Britain's economic engine - ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy - and directly advise the owners and management teams that lead them. We'll broaden your horizons To ensure our services and applications are fit for the modern market, our team collaborates with every department. We develop, explore and implement the information Security practices helping us to protect the data of our clients in our services of accounting, tax and business consulting. But, just as importantly, we maintain the functionality of our Information Security Management System (ISMS) and ensure governance of the technology and security processes that keeps us advancing. And you could too. In an Information Security role at BDO, you'll become part of a team that act as the backbone for our business. No matter who you are or what your skillset is, we'll give you the training and support you need to achieve whatever you put your mind to. We'll help you succeed Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships. You'll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO's partners to help businesses effectively. You'll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with. Role Purpose The Assurance Manager's role is responsible for designing, managing and overseeing BDO's Assurance program and analytical work. This role will play a key part in ensuring the detection, prevention and response to risks, such as data theft, sabotage or espionage. The Assurance Manager will work closely with senior stakeholders, such as risk partners, risk owners, risk managers and other stream stakeholders to establish and maintain the Assurance strategy, vision and governance. The Assurance Manager will also lead a team of assurance analysts to deliver the Assurance program and analytical work. The Assurance Manager role is the focal point for effective engagement between the business streams and the Information Security team on Assurance related matters. This role will be a trusted adviser to senior stakeholders and provide broad knowledge of BDO's Assurance strategy, policies, standards, processes and roadmaps to enable streams to understand and meet Assurance requirements. Leading a team of Assurance Specialists and Analysts and working with nominated Assurance leads in the business, the Assurance Manager will take responsibility for assessing Assurance risk with the business and ensure that those risks are being managed by the risk owners. Where decisions are made to accept, reduce, share or avoid, the Assurance Manager will ensure appropriate visibility and governance committees are informed. The Assurance Manager will also oversee the prioritisation of activities to support business requests and the delivery of other resources supporting risk assessments always ensuring a consistent and high-quality service is being delivered to each business area. This role reports to the Head of Cyber Detect and Response. Principal Accountabilities Design, manage and oversee BDO's Assurance program and analytical work Utilise BDO's Assurance tools, procedures and control framework to collect, analyse and report on relevant data and indicators from various sources Establish and maintain 'Assurance awareness' in the business to drive risk awareness and effective risk management Identify and respond to Assurance incidents and escalations Develop collateral and appropriate materials to support engagement with senior stakeholders, to explain the Assurance program, key concepts and best practices Create and implement Assurance policies, standards, processes and procedures Technical Competencies Knowledge and experience of Assurance principles, programs and analytical work Deep understanding of Microsoft Purview with experience of implementation Technical expertise and experience in Assurance tools and techniques to perform data collection, analysis and reporting Experience of designing, managing and overseeing projects of limited scale or complexity Experience of challenging current practice - driving improvements and championing change Experience of taking personal responsibility for own decisions and actions and those of others Experience of leading and directing teams setting clear and achievable objectives aligned to the expected outcomes for the role Experience of working in a team environment and collaborating with others Highly self-motivated with keen attention to detail The ability to build good relationships at all levels and influence stakeholders Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience A good understanding of security frameworks including ISO27001/2, Cyber Essentials Plus, CIS Top 20, Data Protection Act 2018, OWASP Top 10 Have a relevant industry certification such as CISSP, CISM, CRISC, BRMP or similar NB: The above list of job duties is not exclusive or exhaustive and the post holder will be required to undertake such tasks as may reasonably be expected within the scope and grading of the post. You'll be able to be yourself; we'll recognise and value you for who you are and celebrate and reward your contributions to our business. We're committed to agile working, and we offer everyone the opportunity to work in ways that suit them, their teams, and the task at hand. At BDO, we'll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development. We're in it together Mutual support and respect is one of BDO's core values and we're proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we'll support you at every stage in your career, whatever your personal and professional needs. Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you'll always have access to the people and resources you need to do your best work. We know that collaboration is the key to creating value and satisfying experiences at work, so we've invested in state-of-the-art collaboration spaces in our offices. BDO's people represent a wealth of knowledge and expertise, and we'll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you'll never stop learning at BDO. We're looking forward to the future At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we're always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions. We've got a clear purpose, and we're confident in our future, because we're adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.
Senior Cyber Security Analyst Utilities Hybrid: 2-3 days per week in Taunton or Exeter 6 months+ £650 - £700 per day In short: Classic Cyber Security Analyst required to join a major utilities company in SOC-related activities. In full: Reporting to the Senior Cyber Solutions Architect, you will be responsible for the development, delivery and support of new cyber security systems and processes within the department specialising in OT and Telecoms cyber security. You will also be a subject matter expert and a point of escalation for the business and cyber security analysts. Main Responsibilities Responsible for the management and development of SIEM reports and dashboards. Conduct vulnerability assessments within IT & OT and resolve any identified vulnerabilities, in collaboration with system owners. Responsible for investigating and resolving security queries in relation to company systems. Evaluating security processes against benchmarks. Developing specific cyber security metrics / KPI's. Deliver service improvements, such as process automation, platform tuning and configuration management. Provide subject matter expertise in relation to cyber risks and threats. Respond to cyber security incidents. Identify cyber security training needs. Carry out forensics on systems and hardware as required. Monitoring and assessment of threat intelligence feeds. Analyse the output of various security reports and advise/escalate where required. Liaise with Business System owners on security matters. Participate in and manage penetration tests. You should have an appropriate level of experience within an IT Environment, working with OT and cyber security. It would be advantageous to have or be working towards a recognised Cyber Security qualification such as OSCP, CISSP, CCNA Security etc. Experience and/or knowledge of OT/SCADA, Telecoms and control systems would be beneficial. The successful candidate may initially be appointed on a designate basis and all candidates will be required to undertake and successfully complete a Security Check (SC). Candidates will ideally show evidence of the above in their CV in order to be considered.Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.
May 04, 2024
Full time
Senior Cyber Security Analyst Utilities Hybrid: 2-3 days per week in Taunton or Exeter 6 months+ £650 - £700 per day In short: Classic Cyber Security Analyst required to join a major utilities company in SOC-related activities. In full: Reporting to the Senior Cyber Solutions Architect, you will be responsible for the development, delivery and support of new cyber security systems and processes within the department specialising in OT and Telecoms cyber security. You will also be a subject matter expert and a point of escalation for the business and cyber security analysts. Main Responsibilities Responsible for the management and development of SIEM reports and dashboards. Conduct vulnerability assessments within IT & OT and resolve any identified vulnerabilities, in collaboration with system owners. Responsible for investigating and resolving security queries in relation to company systems. Evaluating security processes against benchmarks. Developing specific cyber security metrics / KPI's. Deliver service improvements, such as process automation, platform tuning and configuration management. Provide subject matter expertise in relation to cyber risks and threats. Respond to cyber security incidents. Identify cyber security training needs. Carry out forensics on systems and hardware as required. Monitoring and assessment of threat intelligence feeds. Analyse the output of various security reports and advise/escalate where required. Liaise with Business System owners on security matters. Participate in and manage penetration tests. You should have an appropriate level of experience within an IT Environment, working with OT and cyber security. It would be advantageous to have or be working towards a recognised Cyber Security qualification such as OSCP, CISSP, CCNA Security etc. Experience and/or knowledge of OT/SCADA, Telecoms and control systems would be beneficial. The successful candidate may initially be appointed on a designate basis and all candidates will be required to undertake and successfully complete a Security Check (SC). Candidates will ideally show evidence of the above in their CV in order to be considered.Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.
Job title: Lead Cyber Risk Analyst Location: Various - We offer a range of flexible working arrangements - please speak to your recruiter about the options for this role. Salary: 60,000+ Depending on experience What you'll be doing: Lead on developing the risk management data strategy; identifying potential data sources and approaches to connecting and exploiting the data to support risk analysis Conduct impact modelling to assess potential financial, operational, and reputational impacts to the company in the event of a major cyber incident Develop and present strategic risk reports to senior management, providing clear insights and recommendations Collaborate across the Group to lead risk analysis efforts and provide subject matter expertise (SME) guidance to different sectors Work closely with other cybersecurity teams to understand threat landscapes, vulnerabilities, and impact assessments Stay abreast of the latest cybersecurity trends, threats, and risk quantification techniques Contribute to the continuous improvement of the cybersecurity risk management framework Act as a delegate for the Head of Cyber Security Risk in various capacities as needed Your skills and experiences: Essential: Robust understanding of risk analysis methodologies, frameworks and theories (FAIR, NIST) Previous experience working in large and complex organisations Ability to effectively write high quality reports and presentations Advanced user with Microsoft Excel Bachelor's degree level qualification or above in risk management, mathematics, cyber security or another STEM subject Desirable: Previous experience working in corporate risk management or security consultancy roles Experience working with defence or national security organisations CISSP, CRISC, CISM or other advanced cyber security certification Benefits: You'll receive benefits including a competitive pension scheme, enhanced annual leave allowance and a Company contributed Share Incentive Plan. You'll also have access to additional benefits such as flexible working, an employee assistance programme, Cycle2work and employee discounts - you may also be eligible for an annual incentive. The CISO Team: Working for one of the largest defence companies in the world, this exciting company within the CISO's team, reporting to the Head of Cyber Security Risk within the risk Cyber function is now available. The Lead Cyber Risk Analyst will be pivotal in enhancing our cybersecurity posture through both quantitative and qualitative risk analysis. The position will allow you to build on your technical career working alongside various stakeholders and partners across BAE Systems and the wider Defence industry. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals. We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments." Please be aware that many roles working for BAE Systems will be subject to both security and export control restrictions. These restrictions mean that factors including your nationality, any previous nationalities you have held, and your place of birth may limit those roles you can perform for the organisation. We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible. Closing Date: 16th May 2024
May 03, 2024
Full time
Job title: Lead Cyber Risk Analyst Location: Various - We offer a range of flexible working arrangements - please speak to your recruiter about the options for this role. Salary: 60,000+ Depending on experience What you'll be doing: Lead on developing the risk management data strategy; identifying potential data sources and approaches to connecting and exploiting the data to support risk analysis Conduct impact modelling to assess potential financial, operational, and reputational impacts to the company in the event of a major cyber incident Develop and present strategic risk reports to senior management, providing clear insights and recommendations Collaborate across the Group to lead risk analysis efforts and provide subject matter expertise (SME) guidance to different sectors Work closely with other cybersecurity teams to understand threat landscapes, vulnerabilities, and impact assessments Stay abreast of the latest cybersecurity trends, threats, and risk quantification techniques Contribute to the continuous improvement of the cybersecurity risk management framework Act as a delegate for the Head of Cyber Security Risk in various capacities as needed Your skills and experiences: Essential: Robust understanding of risk analysis methodologies, frameworks and theories (FAIR, NIST) Previous experience working in large and complex organisations Ability to effectively write high quality reports and presentations Advanced user with Microsoft Excel Bachelor's degree level qualification or above in risk management, mathematics, cyber security or another STEM subject Desirable: Previous experience working in corporate risk management or security consultancy roles Experience working with defence or national security organisations CISSP, CRISC, CISM or other advanced cyber security certification Benefits: You'll receive benefits including a competitive pension scheme, enhanced annual leave allowance and a Company contributed Share Incentive Plan. You'll also have access to additional benefits such as flexible working, an employee assistance programme, Cycle2work and employee discounts - you may also be eligible for an annual incentive. The CISO Team: Working for one of the largest defence companies in the world, this exciting company within the CISO's team, reporting to the Head of Cyber Security Risk within the risk Cyber function is now available. The Lead Cyber Risk Analyst will be pivotal in enhancing our cybersecurity posture through both quantitative and qualitative risk analysis. The position will allow you to build on your technical career working alongside various stakeholders and partners across BAE Systems and the wider Defence industry. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals. We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments." Please be aware that many roles working for BAE Systems will be subject to both security and export control restrictions. These restrictions mean that factors including your nationality, any previous nationalities you have held, and your place of birth may limit those roles you can perform for the organisation. We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible. Closing Date: 16th May 2024
IT Cyber Security Analyst & Team Leader - CISSP or CySA+ or MSc Information Security Weymouth, Dorset, or London, South East UK or Stoke on Trent, Staffordshire 50,000pa + Hybrid & Flexi-Working & Training & Certifications Available Weymouth, Dorset, or London, South East UK, or Staffordshire + Hybrid and Flexible Working as Standard The Client: Are a well-known High St and Online retailer who are seeking a Senior IT Cyber Security Analyst who specialises in Microsoft / Wintel Servers and Virtualisation supporting a UK wide infrastructure. Objective: You will Lead 2 x Cyber Security Analysts, giving support to the Head of Cyber Security in delivering the Information Security service to the global business. You will lead all Cyber Security Operations function and be the first point of contact for technical information security related matters. Role Responsibilities: You will Lead 2 x Cyber Security Analysts, giving support to the Head of Cyber Security Act as the first point of action or escalation for the identification of security incidents and their investigation. Be responsible for the managed Security Operations Centre (SOC), Network Monitoring and Managed Detection and Response services and associated vendor relationships. Offer mentoring, advice and guidance to those in your Team Be the subject matter expert for technical security related queries, providing the Security Architect, IT Service and Delivery teams and business stakeholders with authoritative advice and defined security requirements. Be responsible for the Security Education and Awareness scheme. Ensure Cyber Security campaigns are conducted, and improvements implemented and ensure colleague queries around policies and requirements are appropriately answered in a timely manner. Be responsible for the Vulnerability Management process. Act on vulnerability information and conduct Cyber Security risk assessments and work with suppliers, partners, and internal teams to ensure security vulnerabilities are identified, assessed, and remediated in good time. Key Requirements you will need: In depth knowledge of Information Security concepts and principles, including cloud security capabilities. Experience with configuring and utilising security tooling, including SIEM, EDR, vulnerability scanners, CASB, network scanning, DLP. Hands-on IT experience with proven expertise in a previous Information Security role. Vendor management experience. A relevant intermediate or advanced Information Security based qualification (e.g. CISSP, CySA+, MSc Information Security) Ability to critically analyse information and make decisions based on judgement, knowledge, and experience. Business Knowledge: Knowledge of Retail and eCommerce is of great advantage but is not essential. Working knowledge of the Information Security elements of Data Protection regulations (e.g. GDPR, The Data Protection Act 2018) is essential. Knowledge of the NIST Cyber Security Framework is of advantage. Awareness of regulations that affect Retail, such as PCI DSS, is of great advantage but experience of maintaining compliance is not essential. CISSP or CySA+ or MSc Information Security Certifications will be advantageous. Call (phone number removed) today!
May 03, 2024
Full time
IT Cyber Security Analyst & Team Leader - CISSP or CySA+ or MSc Information Security Weymouth, Dorset, or London, South East UK or Stoke on Trent, Staffordshire 50,000pa + Hybrid & Flexi-Working & Training & Certifications Available Weymouth, Dorset, or London, South East UK, or Staffordshire + Hybrid and Flexible Working as Standard The Client: Are a well-known High St and Online retailer who are seeking a Senior IT Cyber Security Analyst who specialises in Microsoft / Wintel Servers and Virtualisation supporting a UK wide infrastructure. Objective: You will Lead 2 x Cyber Security Analysts, giving support to the Head of Cyber Security in delivering the Information Security service to the global business. You will lead all Cyber Security Operations function and be the first point of contact for technical information security related matters. Role Responsibilities: You will Lead 2 x Cyber Security Analysts, giving support to the Head of Cyber Security Act as the first point of action or escalation for the identification of security incidents and their investigation. Be responsible for the managed Security Operations Centre (SOC), Network Monitoring and Managed Detection and Response services and associated vendor relationships. Offer mentoring, advice and guidance to those in your Team Be the subject matter expert for technical security related queries, providing the Security Architect, IT Service and Delivery teams and business stakeholders with authoritative advice and defined security requirements. Be responsible for the Security Education and Awareness scheme. Ensure Cyber Security campaigns are conducted, and improvements implemented and ensure colleague queries around policies and requirements are appropriately answered in a timely manner. Be responsible for the Vulnerability Management process. Act on vulnerability information and conduct Cyber Security risk assessments and work with suppliers, partners, and internal teams to ensure security vulnerabilities are identified, assessed, and remediated in good time. Key Requirements you will need: In depth knowledge of Information Security concepts and principles, including cloud security capabilities. Experience with configuring and utilising security tooling, including SIEM, EDR, vulnerability scanners, CASB, network scanning, DLP. Hands-on IT experience with proven expertise in a previous Information Security role. Vendor management experience. A relevant intermediate or advanced Information Security based qualification (e.g. CISSP, CySA+, MSc Information Security) Ability to critically analyse information and make decisions based on judgement, knowledge, and experience. Business Knowledge: Knowledge of Retail and eCommerce is of great advantage but is not essential. Working knowledge of the Information Security elements of Data Protection regulations (e.g. GDPR, The Data Protection Act 2018) is essential. Knowledge of the NIST Cyber Security Framework is of advantage. Awareness of regulations that affect Retail, such as PCI DSS, is of great advantage but experience of maintaining compliance is not essential. CISSP or CySA+ or MSc Information Security Certifications will be advantageous. Call (phone number removed) today!
Senior IT Security Analyst Up to 55,000 Hybrid - 2 days per week at either the London, Weymouth, or Newcastle offices We are representing a leading B2C retailer who are in the process of modernising their technology estate, with significant investment in IT. As the Senior IT Security Analyst, you will report to the Head of Information Security, whilst leading a team of two IT Security Analysts. You will be the SME for technical security, have the responsibility for the managed SOC and associated vendor relationships, as well as the vulnerability, penetration, and application security testing. We are looking for: An individual with the relevant Information Security based qualification (e.g. CISSP) Proven experience with incident management and the ability to lead on this Technical understanding on a Microsoft stack - especially Darktrace Prior experience managing a 3rd party It would be a bonus if you had: Previous experience/knowledge of the Retail or eCommerce space Experience leading and managing a team If this sounds of interest, please apply today!
May 03, 2024
Full time
Senior IT Security Analyst Up to 55,000 Hybrid - 2 days per week at either the London, Weymouth, or Newcastle offices We are representing a leading B2C retailer who are in the process of modernising their technology estate, with significant investment in IT. As the Senior IT Security Analyst, you will report to the Head of Information Security, whilst leading a team of two IT Security Analysts. You will be the SME for technical security, have the responsibility for the managed SOC and associated vendor relationships, as well as the vulnerability, penetration, and application security testing. We are looking for: An individual with the relevant Information Security based qualification (e.g. CISSP) Proven experience with incident management and the ability to lead on this Technical understanding on a Microsoft stack - especially Darktrace Prior experience managing a 3rd party It would be a bonus if you had: Previous experience/knowledge of the Retail or eCommerce space Experience leading and managing a team If this sounds of interest, please apply today!
Job title: Lead Cyber Risk Analyst Location: Various - We offer a range of flexible working arrangements - please speak to your recruiter about the options for this role. Salary: £60,000+ Depending on experience What you'll be doing: Lead on developing the risk management data strategy; identifying potential data sources and approaches to connecting and exploiting the data to support risk analysis Conduct impact modelling to assess potential financial, operational, and reputational impacts to the company in the event of a major cyber incident Develop and present strategic risk reports to senior management, providing clear insights and recommendations Collaborate across the Group to lead risk analysis efforts and provide subject matter expertise (SME) guidance to different sectors Work closely with other cybersecurity teams to understand threat landscapes, vulnerabilities, and impact assessments Stay abreast of the latest cybersecurity trends, threats, and risk quantification techniques Contribute to the continuous improvement of the cybersecurity risk management framework Act as a delegate for the Head of Cyber Security Risk in various capacities as needed Your skills and experiences: Essential: Robust understanding of risk analysis methodologies, frameworks and theories (FAIR, NIST) Previous experience working in large and complex organisations Ability to effectively write high quality reports and presentations Advanced user with Microsoft Excel Bachelor's degree level qualification or above in risk management, mathematics, cyber security or another STEM subject Desirable: Previous experience working in corporate risk management or security consultancy roles Experience working with defence or national security organisations CISSP, CRISC, CISM or other advanced cyber security certification Benefits: You'll receive benefits including a competitive pension scheme, enhanced annual leave allowance and a Company contributed Share Incentive Plan. You'll also have access to additional benefits such as flexible working, an employee assistance programme, Cycle2work and employee discounts - you may also be eligible for an annual incentive. The CISO Team: Working for one of the largest defence companies in the world, this exciting company within the CISO's team, reporting to the Head of Cyber Security Risk within the risk Cyber function is now available. The Lead Cyber Risk Analyst will be pivotal in enhancing our cybersecurity posture through both quantitative and qualitative risk analysis. The position will allow you to build on your technical career working alongside various stakeholders and partners across BAE Systems and the wider Defence industry. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals. We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments." Please be aware that many roles working for BAE Systems will be subject to both security and export control restrictions. These restrictions mean that factors including your nationality, any previous nationalities you have held, and your place of birth may limit those roles you can perform for the organisation. We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible. Closing Date: 16th May 2024
May 03, 2024
Full time
Job title: Lead Cyber Risk Analyst Location: Various - We offer a range of flexible working arrangements - please speak to your recruiter about the options for this role. Salary: £60,000+ Depending on experience What you'll be doing: Lead on developing the risk management data strategy; identifying potential data sources and approaches to connecting and exploiting the data to support risk analysis Conduct impact modelling to assess potential financial, operational, and reputational impacts to the company in the event of a major cyber incident Develop and present strategic risk reports to senior management, providing clear insights and recommendations Collaborate across the Group to lead risk analysis efforts and provide subject matter expertise (SME) guidance to different sectors Work closely with other cybersecurity teams to understand threat landscapes, vulnerabilities, and impact assessments Stay abreast of the latest cybersecurity trends, threats, and risk quantification techniques Contribute to the continuous improvement of the cybersecurity risk management framework Act as a delegate for the Head of Cyber Security Risk in various capacities as needed Your skills and experiences: Essential: Robust understanding of risk analysis methodologies, frameworks and theories (FAIR, NIST) Previous experience working in large and complex organisations Ability to effectively write high quality reports and presentations Advanced user with Microsoft Excel Bachelor's degree level qualification or above in risk management, mathematics, cyber security or another STEM subject Desirable: Previous experience working in corporate risk management or security consultancy roles Experience working with defence or national security organisations CISSP, CRISC, CISM or other advanced cyber security certification Benefits: You'll receive benefits including a competitive pension scheme, enhanced annual leave allowance and a Company contributed Share Incentive Plan. You'll also have access to additional benefits such as flexible working, an employee assistance programme, Cycle2work and employee discounts - you may also be eligible for an annual incentive. The CISO Team: Working for one of the largest defence companies in the world, this exciting company within the CISO's team, reporting to the Head of Cyber Security Risk within the risk Cyber function is now available. The Lead Cyber Risk Analyst will be pivotal in enhancing our cybersecurity posture through both quantitative and qualitative risk analysis. The position will allow you to build on your technical career working alongside various stakeholders and partners across BAE Systems and the wider Defence industry. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals. We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments." Please be aware that many roles working for BAE Systems will be subject to both security and export control restrictions. These restrictions mean that factors including your nationality, any previous nationalities you have held, and your place of birth may limit those roles you can perform for the organisation. We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible. Closing Date: 16th May 2024
Our client are a global giant in the retail world in home furnishings. The group is made up of a number of companies with a top UK brand at the heart of it based in Nottingham. Due to continued growth and an ever changing world they are looking to boost their Cyber Security Team Fully Remote - UK Remote Only - Candidates must have Full Unrestricted Right To Work in the UK without future Visa End Date Role Purpose: We are seeking a Senior Identity and Access Management Analyst (IAM) who will be responsible for administration, monitoring, and operational activities related to Identity and Access Management (IAM). This is joining the Global Cyber Security team of a large Retailer and can be fully remote anywhere in the UK What you will be doing: As the Senior Identity and Access Management Analyst (IAM) you will be responsible for administration, monitoring, and operational activities related to Identity and Access Management (IAM) under the purview of the Identity and Access Management Director. What experience you'll have: • Accredited CISSP is a Must Have • Strong Identity and Access Management Analyst (IAM) • Hands-on experience with Okta for SSO (Single Sign-On) and MFA (Multi Factor Authentication) • Experience of IGA (Identity Governance Administration) would be a benefit • Previous knowledge of design, implementation, and support of IAM technologies including IGA, PAM and MFA • Troubleshooting security and workflow issues independently or in collaboration with other Information Systems teams and/or stakeholders, while adhering to internal service standards You'll have an understanding of: • Proactively leading ongoing auditing and risk assessments, and implementation of audit recommendations • Developing and maintain detailed documentation on standard operating procedures, system configurations, and technical settings for internal team use, end user support, and other teams as needed • Generating reports to perform in-depth analysis and data collection to assist in continuous improvement of IAM processes and standards • Monitor IAM tools for anomalies or unauthorized access, responding to alerts and coordinating with the Security Operations Team as appropriate Fully Remote - UK Remote Only - Candidates must have Full Unrestricted Right To Work in the UK without future Visa End Date Note: This job description is not intended to be all-inclusive. The employee may perform other related duties as required to meet the ongoing needs of the organisation. Concerned that you might not perfectly meet all the criteria for this role? At Recruitment Collective, we hold a strong commitment to fostering inclusivity for all and establishing opportunities where individuals from diverse personal and professional backgrounds can excel. Therefore, if you're enthusiastic about this position but find that your previous experiences don't align precisely with every aspect of the job description, we strongly encourage you to register with us. You may well be the ideal candidate for another role or opportunity, and our recruitment team is here to assist in evaluating how your skills can be a valuable fit for our clients.
May 01, 2024
Full time
Our client are a global giant in the retail world in home furnishings. The group is made up of a number of companies with a top UK brand at the heart of it based in Nottingham. Due to continued growth and an ever changing world they are looking to boost their Cyber Security Team Fully Remote - UK Remote Only - Candidates must have Full Unrestricted Right To Work in the UK without future Visa End Date Role Purpose: We are seeking a Senior Identity and Access Management Analyst (IAM) who will be responsible for administration, monitoring, and operational activities related to Identity and Access Management (IAM). This is joining the Global Cyber Security team of a large Retailer and can be fully remote anywhere in the UK What you will be doing: As the Senior Identity and Access Management Analyst (IAM) you will be responsible for administration, monitoring, and operational activities related to Identity and Access Management (IAM) under the purview of the Identity and Access Management Director. What experience you'll have: • Accredited CISSP is a Must Have • Strong Identity and Access Management Analyst (IAM) • Hands-on experience with Okta for SSO (Single Sign-On) and MFA (Multi Factor Authentication) • Experience of IGA (Identity Governance Administration) would be a benefit • Previous knowledge of design, implementation, and support of IAM technologies including IGA, PAM and MFA • Troubleshooting security and workflow issues independently or in collaboration with other Information Systems teams and/or stakeholders, while adhering to internal service standards You'll have an understanding of: • Proactively leading ongoing auditing and risk assessments, and implementation of audit recommendations • Developing and maintain detailed documentation on standard operating procedures, system configurations, and technical settings for internal team use, end user support, and other teams as needed • Generating reports to perform in-depth analysis and data collection to assist in continuous improvement of IAM processes and standards • Monitor IAM tools for anomalies or unauthorized access, responding to alerts and coordinating with the Security Operations Team as appropriate Fully Remote - UK Remote Only - Candidates must have Full Unrestricted Right To Work in the UK without future Visa End Date Note: This job description is not intended to be all-inclusive. The employee may perform other related duties as required to meet the ongoing needs of the organisation. Concerned that you might not perfectly meet all the criteria for this role? At Recruitment Collective, we hold a strong commitment to fostering inclusivity for all and establishing opportunities where individuals from diverse personal and professional backgrounds can excel. Therefore, if you're enthusiastic about this position but find that your previous experiences don't align precisely with every aspect of the job description, we strongly encourage you to register with us. You may well be the ideal candidate for another role or opportunity, and our recruitment team is here to assist in evaluating how your skills can be a valuable fit for our clients.
SailPoint Specialist: Remote (UK) Would shaping the security frameworks and practices of a company with a presence in over 100 counties appeal to you? If so please read on! I have partnered with one of the worlds leading manufacturing organisations who are looking to grow out their Cyber and IAM function rapidly. They have a number of high profile projects and implementations that are key to the company this year and need the best Analysts to come on board for the journey. Such is the importance of the role you will report to the Global CISO. What will you be responsible for? You will manage the product life cycle (provision/ securing and prevention of access) using recognised IAM tools and practices - SailPoint or BeyondTrust or Okta SSO ideally Accurately detail and document all life-cycle changes Identity issues and liaise with development and management teams to collaboratively overcome both workflow and security issues Continuing the collaboration theme IAM design/ implementation and support (IGA/ PAM etc) will be a key aspect of the role Provide in-depth analysis to improve IAM processes and standards Keep a key eye out for anomalies/ unauthorised access/ alert notifications and other SecOps red flags Preparation of detailed and analytical reports and observations Be the champion for company wide access compliance and cybersecurity standards What you will need for this position: CISSP certification is a must have for this role Demonstrable hands on experience using SailPoint is essential If you have used other security related tech such as BeyondTrust/ Okta SSO that would be another great addition A minimum of 4 years working within IAM and related projects Advanced knowledge of security best practices Knowledge of compliance mechanisms IAM technologies Being highly organised and with the ability to communicate (both written and verbally) clearly and efficiently If this role sounds like your next opportunity then please do apply right away!
May 01, 2024
Full time
SailPoint Specialist: Remote (UK) Would shaping the security frameworks and practices of a company with a presence in over 100 counties appeal to you? If so please read on! I have partnered with one of the worlds leading manufacturing organisations who are looking to grow out their Cyber and IAM function rapidly. They have a number of high profile projects and implementations that are key to the company this year and need the best Analysts to come on board for the journey. Such is the importance of the role you will report to the Global CISO. What will you be responsible for? You will manage the product life cycle (provision/ securing and prevention of access) using recognised IAM tools and practices - SailPoint or BeyondTrust or Okta SSO ideally Accurately detail and document all life-cycle changes Identity issues and liaise with development and management teams to collaboratively overcome both workflow and security issues Continuing the collaboration theme IAM design/ implementation and support (IGA/ PAM etc) will be a key aspect of the role Provide in-depth analysis to improve IAM processes and standards Keep a key eye out for anomalies/ unauthorised access/ alert notifications and other SecOps red flags Preparation of detailed and analytical reports and observations Be the champion for company wide access compliance and cybersecurity standards What you will need for this position: CISSP certification is a must have for this role Demonstrable hands on experience using SailPoint is essential If you have used other security related tech such as BeyondTrust/ Okta SSO that would be another great addition A minimum of 4 years working within IAM and related projects Advanced knowledge of security best practices Knowledge of compliance mechanisms IAM technologies Being highly organised and with the ability to communicate (both written and verbally) clearly and efficiently If this role sounds like your next opportunity then please do apply right away!
Ideas People Trust We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world. We work with the companies that are Britain's economic engine - ambitious, entrepreneurially-spirited and high-growth businesses that fuel the economy - and directly advise the owners and management teams that lead them. We'll broaden your horizons To ensure our services and applications are fit for the modern market, our IT team collaborates with every department. They develop, they explore and they implement the new ideas helping us to change the future of accounting, tax and business consulting. But, just as importantly, they maintain the tech that keeps us advancing. By testing and adopting the future of financial technical solutions, they find new and exciting ways to drive us forward. And you could too. In an IT role at BDO, you'll become part of a team that act as the backbone for our business. No matter who you are or what your skillset is, we'll give you the training and support you need to achieve whatever you put your mind to. We'll help you succeed Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships. You'll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO's partners to help businesses effectively. You'll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with. The Security Operations Manager role is integral to BDO, ensuring that we protect our colleagues, clients and partners information as we rapidly expand our digital footprint. Reporting into the Head of IT Security, you'll ensure the delivery of cybersecurity improvement initiatives, operational excellence, technical security assurance and develop a talent pipeline. You'll work closely alongside the Head of IT Security to instill the right structure and processes to support the delivery of continual Cybersecurity improvements across BDO and will have direct line management responsibilities of 3x Cybersecurity Analysts where you will conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members. You'll also: Deliver security operations technology roadmaps in conjunction with the wider Cybersecurity strategy. Propose changes to existing policies, procedures and configurations to ensure operating efficiency and regulatory compliance. Contribute to the security strategy, ensuring that technical and structural considerations regarding design, build and run components are considered. Aid the Head of IT Security in chairing various defined security management working groups, ensuring that reporting against progress vs plan is developed. Manage security operational production incidents and participate in problem and change management forums. Serve as an active participant in the information security governance process, working with Business Analysts, Governance and PMO functions in order to ensure that cyber risks are accurately reported, assessed and mitigated. Consult with IT and support staff to ensure that security is factored into the evaluation, selection, installation and configuration of new products and services. Report on the implementation of technical controls to support and enforce defined security policies. Report on the technical aspects of security management against pre-defined Cybersecurity operational metrics. Engage with the MSSP re Service Level Agreements (SLA's), monitoring metrics, including contract and performance metrics Own day-to-day management IT Security Service Requests and tickets, including: Reporting, Knowledge Management, Root Cause Analysis and Proactive Problem Repetition Avoidance. Contribute to a Cybersecurity knowledgebase comprising technical reference libraries, security advisories and alerts, information on security trends and practices, and laws and regulations. Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements. Contribute to the development of a Cybersecurity Operations Resource and Capacity planner managed through BDO's Azure DevOps environment. Oversee incident response, threat detection, and mitigation efforts You'll be someone with: A good understanding of monitoring frameworks eg MITRE ATT&CK and SIEM technologies eg Microsoft Sentinel An interest in automation of Security operation function including artificial intelligence An understanding of Microsoft security product portfolio CISSP/CISM (Desired) CCSP/SSCP (Desired) Proven experience in Cybersecurity and IT Operations (Required) DLP, EDR/XDR, CASB, E-mail Security, SWG and ZTNA/SASE You'll be able to be yourself; we'll recognise and value you for who you are and celebrate and reward your contributions to the business. We're committed to agile working, and we offer every colleague the opportunity to work in ways that suit you, your teams, and the task at hand. At BDO, we'll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development. We're in it together Mutual support and respect is one of BDO's core values and we're proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we'll support you at every stage in your career, whatever your personal and professional needs. Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you'll always have access to the people and resources you need to do your best work. We know that collaboration is the key to creating value for the companies we work with and satisfying experiences for our colleagues, so we've invested in state-of-the-art collaboration spaces in our offices. BDO's people represent a wealth of knowledge and expertise, and we'll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you'll never stop learning at BDO. We're looking forward to the future At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we're always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions We've got a clear purpose, and we're confident in our future, because we're adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.
May 01, 2024
Full time
Ideas People Trust We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world. We work with the companies that are Britain's economic engine - ambitious, entrepreneurially-spirited and high-growth businesses that fuel the economy - and directly advise the owners and management teams that lead them. We'll broaden your horizons To ensure our services and applications are fit for the modern market, our IT team collaborates with every department. They develop, they explore and they implement the new ideas helping us to change the future of accounting, tax and business consulting. But, just as importantly, they maintain the tech that keeps us advancing. By testing and adopting the future of financial technical solutions, they find new and exciting ways to drive us forward. And you could too. In an IT role at BDO, you'll become part of a team that act as the backbone for our business. No matter who you are or what your skillset is, we'll give you the training and support you need to achieve whatever you put your mind to. We'll help you succeed Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships. You'll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO's partners to help businesses effectively. You'll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with. The Security Operations Manager role is integral to BDO, ensuring that we protect our colleagues, clients and partners information as we rapidly expand our digital footprint. Reporting into the Head of IT Security, you'll ensure the delivery of cybersecurity improvement initiatives, operational excellence, technical security assurance and develop a talent pipeline. You'll work closely alongside the Head of IT Security to instill the right structure and processes to support the delivery of continual Cybersecurity improvements across BDO and will have direct line management responsibilities of 3x Cybersecurity Analysts where you will conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members. You'll also: Deliver security operations technology roadmaps in conjunction with the wider Cybersecurity strategy. Propose changes to existing policies, procedures and configurations to ensure operating efficiency and regulatory compliance. Contribute to the security strategy, ensuring that technical and structural considerations regarding design, build and run components are considered. Aid the Head of IT Security in chairing various defined security management working groups, ensuring that reporting against progress vs plan is developed. Manage security operational production incidents and participate in problem and change management forums. Serve as an active participant in the information security governance process, working with Business Analysts, Governance and PMO functions in order to ensure that cyber risks are accurately reported, assessed and mitigated. Consult with IT and support staff to ensure that security is factored into the evaluation, selection, installation and configuration of new products and services. Report on the implementation of technical controls to support and enforce defined security policies. Report on the technical aspects of security management against pre-defined Cybersecurity operational metrics. Engage with the MSSP re Service Level Agreements (SLA's), monitoring metrics, including contract and performance metrics Own day-to-day management IT Security Service Requests and tickets, including: Reporting, Knowledge Management, Root Cause Analysis and Proactive Problem Repetition Avoidance. Contribute to a Cybersecurity knowledgebase comprising technical reference libraries, security advisories and alerts, information on security trends and practices, and laws and regulations. Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements. Contribute to the development of a Cybersecurity Operations Resource and Capacity planner managed through BDO's Azure DevOps environment. Oversee incident response, threat detection, and mitigation efforts You'll be someone with: A good understanding of monitoring frameworks eg MITRE ATT&CK and SIEM technologies eg Microsoft Sentinel An interest in automation of Security operation function including artificial intelligence An understanding of Microsoft security product portfolio CISSP/CISM (Desired) CCSP/SSCP (Desired) Proven experience in Cybersecurity and IT Operations (Required) DLP, EDR/XDR, CASB, E-mail Security, SWG and ZTNA/SASE You'll be able to be yourself; we'll recognise and value you for who you are and celebrate and reward your contributions to the business. We're committed to agile working, and we offer every colleague the opportunity to work in ways that suit you, your teams, and the task at hand. At BDO, we'll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development. We're in it together Mutual support and respect is one of BDO's core values and we're proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we'll support you at every stage in your career, whatever your personal and professional needs. Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you'll always have access to the people and resources you need to do your best work. We know that collaboration is the key to creating value for the companies we work with and satisfying experiences for our colleagues, so we've invested in state-of-the-art collaboration spaces in our offices. BDO's people represent a wealth of knowledge and expertise, and we'll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you'll never stop learning at BDO. We're looking forward to the future At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we're always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions We've got a clear purpose, and we're confident in our future, because we're adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.
Excited to grow your career? Our purpose is to empower people to save and invest with confidence. We are looking for great people to join us, so please come and invest in YOUR future at HL. We know that sometimes people can be put off applying for a job if they don't tick every box. If you're excited about working for us and have most of the skills or experience we're looking for, please go ahead and apply. We'd love to hear from you! About the role Hargreaves Lansdown (HL) are now recruiting for a Senior Cloud Security Analyst to join the team. The Senior Cloud Security Analyst is a specialist role with the primary focus on Cloud Security Governance, Risk & Compliance. You will be supporting the Information Security function to ensure HL remains effective in protecting critical information assets within risk appetite. What you'll be doing Leading the technical aspects of cloud security risk and controls by overseeing and conducting, as necessary, Cloud Compliance assessments for AWS and Azure risk assessments. Assisting the Senior Information Security Team in ensuring HL's Information Security Management System remains effective in protecting HL critical information assets within risk appetite. Conducting analysis of cloud-based assets pertaining to information security incidents, audits, and testing while adhering to best practices. Leading in the identification and reporting of remediation and mitigation activities related to cloud security findings across multiple cloud platforms (AWS and Azure). Identifying gaps in cloud security posture and prioritise remediation efforts. Approve within delegated limits risk assessments and 3rd party due diligence assessments that have been carried out by analysts and apprentices and provide guidance where needed. Building relationships across multiple business functions, locations, and technical stakeholders to accomplish goals. You will help deliver the strategy by emphasising the importance of AWS Well Architected Framework, Shared responsibility model and good cloud governance. About you Previous experience in Information Security, with demonstrable experience of cloud security risks and controls in a DevSecOps cloud context. Strong knowledge of common web technologies, cloud technologies, enterprise, and network architecture. Experience in a regulated environment. Certified to advanced security standards, for example CISSP, CCSP, CCSK, CRISC. Practical work-based experience across the areas of security policy, culture, audit, and risk management. Good exposure to and experience of carrying out security reviews against recognised security control frameworks such as ISO27017/27001, NIST CSF, or PCI-DSS. Ability to evaluate the adequacy of cloud security controls, and how they are applied in a business context. Familiarity and use of some of the following tools is a must: AWS Audit Manager, AWS Security Hub, Macie, Wiz, Microsoft Compliance Portal/Purview, Azure Information Protection (AIP), Azure Security Centre. Experience of carrying out security reviews against recognised security control frameworks such as NIST CSF. Effective interpersonal skills to engage and collaborate with multiple internal and external stakeholders. Interview process The interview process for this role will be a 2 stage interview including a task. Working Schedule This role is based in Bristol head office, BS1 5HL. This role is permanent, full time, 37.5 hours per week, Monday to Friday. We have returned to the office, however for this role we offer a hybrid flexible working pattern to enable you the option of working from home and coming into the office. Why us? Here at HL, we're the UK's number 1 investment platform for private investors, based in Bristol. For more than 40 years we've helped investors save time, tax and money on their investments. To achieve our mission, we believe we have a workplace like no other, with constant learning, dynamic teams, and a great ethos. We're steered by core values that promote service, quality, innovation, and opportunity in everything we do. What's on offer? Discretionary annual bonus & annual pay review 25 days holiday plus bank holidays and 1-day additional Christmas closure time Option to purchase an additional 5 days holiday per year at annual enrolment Flexible working options available, including hybrid working Enhanced parental leave Pension scheme up to 11% employer contribution Sharesave scheme - have a real stake in HL's future Income Protection & Life insurance (4 x salary core level of cover) Private medical insurance Health care cash plans - including optical, dental, and out patientcare and an Employee Assistance Programme Gympass - gym memberships and wellbeing apps available Variety of travel to work schemes with free bike storage and shower facilities An inhouse barista serving subsidised coffee and snacks Join HL's sports, I&D networks and volunteering groups (two paid volunteering days per year) LifeWorks Discounts on services, restaurants and retailers dependant on role level Hargreaves Lansdown is an inclusive employer that values diversity in its workforce. We encourage applications from all individuals without regard to race, religion, gender, sexual orientation, national origin, disability or age. This role may also be available on a flexible working or part time basis - please ask the Recruitment & Onboarding team for more information. Please note, we are unable to provide employment sponsorship to candidates.
May 01, 2024
Full time
Excited to grow your career? Our purpose is to empower people to save and invest with confidence. We are looking for great people to join us, so please come and invest in YOUR future at HL. We know that sometimes people can be put off applying for a job if they don't tick every box. If you're excited about working for us and have most of the skills or experience we're looking for, please go ahead and apply. We'd love to hear from you! About the role Hargreaves Lansdown (HL) are now recruiting for a Senior Cloud Security Analyst to join the team. The Senior Cloud Security Analyst is a specialist role with the primary focus on Cloud Security Governance, Risk & Compliance. You will be supporting the Information Security function to ensure HL remains effective in protecting critical information assets within risk appetite. What you'll be doing Leading the technical aspects of cloud security risk and controls by overseeing and conducting, as necessary, Cloud Compliance assessments for AWS and Azure risk assessments. Assisting the Senior Information Security Team in ensuring HL's Information Security Management System remains effective in protecting HL critical information assets within risk appetite. Conducting analysis of cloud-based assets pertaining to information security incidents, audits, and testing while adhering to best practices. Leading in the identification and reporting of remediation and mitigation activities related to cloud security findings across multiple cloud platforms (AWS and Azure). Identifying gaps in cloud security posture and prioritise remediation efforts. Approve within delegated limits risk assessments and 3rd party due diligence assessments that have been carried out by analysts and apprentices and provide guidance where needed. Building relationships across multiple business functions, locations, and technical stakeholders to accomplish goals. You will help deliver the strategy by emphasising the importance of AWS Well Architected Framework, Shared responsibility model and good cloud governance. About you Previous experience in Information Security, with demonstrable experience of cloud security risks and controls in a DevSecOps cloud context. Strong knowledge of common web technologies, cloud technologies, enterprise, and network architecture. Experience in a regulated environment. Certified to advanced security standards, for example CISSP, CCSP, CCSK, CRISC. Practical work-based experience across the areas of security policy, culture, audit, and risk management. Good exposure to and experience of carrying out security reviews against recognised security control frameworks such as ISO27017/27001, NIST CSF, or PCI-DSS. Ability to evaluate the adequacy of cloud security controls, and how they are applied in a business context. Familiarity and use of some of the following tools is a must: AWS Audit Manager, AWS Security Hub, Macie, Wiz, Microsoft Compliance Portal/Purview, Azure Information Protection (AIP), Azure Security Centre. Experience of carrying out security reviews against recognised security control frameworks such as NIST CSF. Effective interpersonal skills to engage and collaborate with multiple internal and external stakeholders. Interview process The interview process for this role will be a 2 stage interview including a task. Working Schedule This role is based in Bristol head office, BS1 5HL. This role is permanent, full time, 37.5 hours per week, Monday to Friday. We have returned to the office, however for this role we offer a hybrid flexible working pattern to enable you the option of working from home and coming into the office. Why us? Here at HL, we're the UK's number 1 investment platform for private investors, based in Bristol. For more than 40 years we've helped investors save time, tax and money on their investments. To achieve our mission, we believe we have a workplace like no other, with constant learning, dynamic teams, and a great ethos. We're steered by core values that promote service, quality, innovation, and opportunity in everything we do. What's on offer? Discretionary annual bonus & annual pay review 25 days holiday plus bank holidays and 1-day additional Christmas closure time Option to purchase an additional 5 days holiday per year at annual enrolment Flexible working options available, including hybrid working Enhanced parental leave Pension scheme up to 11% employer contribution Sharesave scheme - have a real stake in HL's future Income Protection & Life insurance (4 x salary core level of cover) Private medical insurance Health care cash plans - including optical, dental, and out patientcare and an Employee Assistance Programme Gympass - gym memberships and wellbeing apps available Variety of travel to work schemes with free bike storage and shower facilities An inhouse barista serving subsidised coffee and snacks Join HL's sports, I&D networks and volunteering groups (two paid volunteering days per year) LifeWorks Discounts on services, restaurants and retailers dependant on role level Hargreaves Lansdown is an inclusive employer that values diversity in its workforce. We encourage applications from all individuals without regard to race, religion, gender, sexual orientation, national origin, disability or age. This role may also be available on a flexible working or part time basis - please ask the Recruitment & Onboarding team for more information. Please note, we are unable to provide employment sponsorship to candidates.
Senior SOC Analyst - Network Security - DDoS - 70-95k Responsibilities: The duties and responsibilities of this Security Services role include, but are not limited to, the following: In-depth response to security incidents generated via analysis and automated tools. Be able to make high quality decisions, often with incomplete information, and actively and reactively engage with customers to mitigate DDoS attacks in their environment, providing high levels of support and interaction. Troubleshoot problems and issues with customer policies and controls. Research and analyze data sources to provide insight into new threats to customer environment. collaborating with other members of the SOC to identify emerging trends and threats. Work with the customer to resolve issues on their networking edge. Determine root cause and engage with customers to resolve issues in their network security environment. Research and analyze sources of network security issues and provide insight into new methods to detect and resolve them including contributing to a knowledge-based 'library.' Troubleshoot problems and issues with customer networks and virtual environment. Align with the CTO, VP of Product Mgmt, Engineering, Professional Services, Sales and Marketing to understand the market trends and implement programs to help drive initiatives and opportunities for Sales. Requirements Bachelor's degree in Computer Science or equivalent. 2+ years' experience working with systems and networks. Customer-facing skills required. Network Troubleshooting skills required. Experience using Linux and other related tools. Solid knowledge and understanding of network protocols (TCP/IP) required. Experience using Splunk or other SIEMs preferred. Experience of infrastructure design and management in mission critical environments preferred. Understanding of Virtual Infrastructure preferred Juniper experience would be additionally desirable. JNCIA, CISSP, CISA, GIAC or network specific certifications preferred. Effective communication, organizational, problem-solving and presentation skills Self-motivated and, in time while supported, able to work with minimal supervision. Ability to build trusting, collaborative relationships with peers yet with a strong sense of accountability and ownership. Senior SOC Analyst - Network Security - DDoS - 70-95k
May 01, 2024
Full time
Senior SOC Analyst - Network Security - DDoS - 70-95k Responsibilities: The duties and responsibilities of this Security Services role include, but are not limited to, the following: In-depth response to security incidents generated via analysis and automated tools. Be able to make high quality decisions, often with incomplete information, and actively and reactively engage with customers to mitigate DDoS attacks in their environment, providing high levels of support and interaction. Troubleshoot problems and issues with customer policies and controls. Research and analyze data sources to provide insight into new threats to customer environment. collaborating with other members of the SOC to identify emerging trends and threats. Work with the customer to resolve issues on their networking edge. Determine root cause and engage with customers to resolve issues in their network security environment. Research and analyze sources of network security issues and provide insight into new methods to detect and resolve them including contributing to a knowledge-based 'library.' Troubleshoot problems and issues with customer networks and virtual environment. Align with the CTO, VP of Product Mgmt, Engineering, Professional Services, Sales and Marketing to understand the market trends and implement programs to help drive initiatives and opportunities for Sales. Requirements Bachelor's degree in Computer Science or equivalent. 2+ years' experience working with systems and networks. Customer-facing skills required. Network Troubleshooting skills required. Experience using Linux and other related tools. Solid knowledge and understanding of network protocols (TCP/IP) required. Experience using Splunk or other SIEMs preferred. Experience of infrastructure design and management in mission critical environments preferred. Understanding of Virtual Infrastructure preferred Juniper experience would be additionally desirable. JNCIA, CISSP, CISA, GIAC or network specific certifications preferred. Effective communication, organizational, problem-solving and presentation skills Self-motivated and, in time while supported, able to work with minimal supervision. Ability to build trusting, collaborative relationships with peers yet with a strong sense of accountability and ownership. Senior SOC Analyst - Network Security - DDoS - 70-95k
At Direct Line Group, insurance is just the start. Combining decades of industry experience with talented people in every field from data, technology, customer care and auto repair, to HR, finance and procurement , we're a customer-obsessed market powerhouse. And we all work together to be brilliant for customers, every single day. We're evolving, to be a more digitally-focused data-driven insurance company of the future - and your unique talent, skills and ideas can drive our success. Like us, you thrive on collaboration, exploration and innovation. And like you, we take tech seriously. That's why we're embracing the move to a more digital, flexible world. With constant investment in the newest tools, programmes and equipment for our teams, it all adds up to creating the best possible user experience for customers. And a great career for you. Join us. Own the evolution. We have an exciting opportunity for a Senior Security Operations Analyst to join our re-energised Cyber Defence team! Reporting into the Cyber Defence Security Operations Lead, you will act as the as a secondary contact and escalation point for the team. You'll manage a team of Security Analysts to oversee the day-to-day operational delivery of services provided by our third party 24x7 Security Operations Centre, and will take ownership of our security presence and identify any gaps by working with various stakeholders across the business. What else you'll be doing: Maintaining security oversight of the technical infrastructure delivered by third party suppliers and raising concerns/issues that pose a security risk to the organisation accordingly. You will also manage any operational risk remediation to conclusion and take ownership within the team. Managing development and improvements required for detection engineering and associated technologies. Responsible for the operational and threat malware analysis for the group. Providing security input and for maintaining relationships with the Service Management function in relation to change management, problem management and incident management. Responsible for the level 2 / 3 operational Cyber incident response. Escalating in a timely manner any incidents and anomalies that are detected within DLG and providing subject matter expertise and guidance for operational challenges. Monitoring and responding to emerging threat patterns, vulnerabilities and anomalies and providing escalations of any unknown threats to relevant areas within the company. Collating metrics on the status of technical information security controls across the DLG estate, highlighting risk areas and working to develop and manage remediation plans as required. Collaborating with all CISO teams to report appropriate operational issues that may be resolved at an architecture level Operational On-Call Requirement This role has a shared, rotational 24/7 on-call requirement and forms part of information security incident response capability. You will act as the single point of contact for all security related response actions and decisions, including management of each incident from a security perspective, interaction with IM/MIM teams (where required) and recording of all key security decisions. What you'll need: Knowledge and operational experience in firewalls, intrusion detection and prevention systems, anti-virus and content filtering, URL filtering, authentication solutions, switches, routers, Voice over IP (VoIP), firewall zoning. Ability to read and understand system data including security event logs, system logs, application logs, and device logs, etc. Knowledge and experience of enterprise grade technologies including operating systems, databases, and web applications. Knowledge and experience of performing network traffic analysis for identifying any developing patterns. Ability to assist with knowledge transfer and mentoring/up skilling of junior team members Security Analysis for CompTIA CySA+ or similar level of certification It would be beneficial if you have: Experience with any of the following technologies: Data Loss Prevention, Intrusion Prevention/Detection Systems, Firewalls, SIEM. Knowledge of reporting suites such as Power BI Good understanding of Microsoft security suites and associated qualifications Threat identification. Security certifications such as CISM, CISSP, M.Inst.ISP, CISA by a recognised professional body Technical certifications by a recognised professional body in network or systems engineering Fundamental Cloud Concepts for AWS. OWASP Top 10: API Security Playbook. Ways of Working This role is based out of our London Bridge office. Our hybrid model way of working offers a 'best of both worlds' approach combining the best parts of home and office-working, offering flexibility for everyone. When you'll be in the office depends on your role, but most colleagues are in 2 days a week, and we'll consider the flexible working options that work best for you. Read our flexible working approach here Benefits We wouldn't be where we are today without our people and the wide variety of perspectives and life experiences they bring. That's why we offer excellent benefits to suit your lifestyle and a flexible working model combining the best parts of home and office-working, varying with the nature of your role. Our core benefits include: 9% employer contributed pension Up to 10% bonus 50% off home, motor and pet insurance plus free travel insurance and Green Flag breakdown cover Additional optional Health and Dental insurance EV car scheme which allows all colleagues to lease a brand new electric or plug-in hybrid car in a tax efficient way. 25 days annual leave Buy as you earn share scheme Employee discounts and cashback Plus many more!
Apr 30, 2024
Full time
At Direct Line Group, insurance is just the start. Combining decades of industry experience with talented people in every field from data, technology, customer care and auto repair, to HR, finance and procurement , we're a customer-obsessed market powerhouse. And we all work together to be brilliant for customers, every single day. We're evolving, to be a more digitally-focused data-driven insurance company of the future - and your unique talent, skills and ideas can drive our success. Like us, you thrive on collaboration, exploration and innovation. And like you, we take tech seriously. That's why we're embracing the move to a more digital, flexible world. With constant investment in the newest tools, programmes and equipment for our teams, it all adds up to creating the best possible user experience for customers. And a great career for you. Join us. Own the evolution. We have an exciting opportunity for a Senior Security Operations Analyst to join our re-energised Cyber Defence team! Reporting into the Cyber Defence Security Operations Lead, you will act as the as a secondary contact and escalation point for the team. You'll manage a team of Security Analysts to oversee the day-to-day operational delivery of services provided by our third party 24x7 Security Operations Centre, and will take ownership of our security presence and identify any gaps by working with various stakeholders across the business. What else you'll be doing: Maintaining security oversight of the technical infrastructure delivered by third party suppliers and raising concerns/issues that pose a security risk to the organisation accordingly. You will also manage any operational risk remediation to conclusion and take ownership within the team. Managing development and improvements required for detection engineering and associated technologies. Responsible for the operational and threat malware analysis for the group. Providing security input and for maintaining relationships with the Service Management function in relation to change management, problem management and incident management. Responsible for the level 2 / 3 operational Cyber incident response. Escalating in a timely manner any incidents and anomalies that are detected within DLG and providing subject matter expertise and guidance for operational challenges. Monitoring and responding to emerging threat patterns, vulnerabilities and anomalies and providing escalations of any unknown threats to relevant areas within the company. Collating metrics on the status of technical information security controls across the DLG estate, highlighting risk areas and working to develop and manage remediation plans as required. Collaborating with all CISO teams to report appropriate operational issues that may be resolved at an architecture level Operational On-Call Requirement This role has a shared, rotational 24/7 on-call requirement and forms part of information security incident response capability. You will act as the single point of contact for all security related response actions and decisions, including management of each incident from a security perspective, interaction with IM/MIM teams (where required) and recording of all key security decisions. What you'll need: Knowledge and operational experience in firewalls, intrusion detection and prevention systems, anti-virus and content filtering, URL filtering, authentication solutions, switches, routers, Voice over IP (VoIP), firewall zoning. Ability to read and understand system data including security event logs, system logs, application logs, and device logs, etc. Knowledge and experience of enterprise grade technologies including operating systems, databases, and web applications. Knowledge and experience of performing network traffic analysis for identifying any developing patterns. Ability to assist with knowledge transfer and mentoring/up skilling of junior team members Security Analysis for CompTIA CySA+ or similar level of certification It would be beneficial if you have: Experience with any of the following technologies: Data Loss Prevention, Intrusion Prevention/Detection Systems, Firewalls, SIEM. Knowledge of reporting suites such as Power BI Good understanding of Microsoft security suites and associated qualifications Threat identification. Security certifications such as CISM, CISSP, M.Inst.ISP, CISA by a recognised professional body Technical certifications by a recognised professional body in network or systems engineering Fundamental Cloud Concepts for AWS. OWASP Top 10: API Security Playbook. Ways of Working This role is based out of our London Bridge office. Our hybrid model way of working offers a 'best of both worlds' approach combining the best parts of home and office-working, offering flexibility for everyone. When you'll be in the office depends on your role, but most colleagues are in 2 days a week, and we'll consider the flexible working options that work best for you. Read our flexible working approach here Benefits We wouldn't be where we are today without our people and the wide variety of perspectives and life experiences they bring. That's why we offer excellent benefits to suit your lifestyle and a flexible working model combining the best parts of home and office-working, varying with the nature of your role. Our core benefits include: 9% employer contributed pension Up to 10% bonus 50% off home, motor and pet insurance plus free travel insurance and Green Flag breakdown cover Additional optional Health and Dental insurance EV car scheme which allows all colleagues to lease a brand new electric or plug-in hybrid car in a tax efficient way. 25 days annual leave Buy as you earn share scheme Employee discounts and cashback Plus many more!
Senior Cyber Security Analyst Salary: £50,000 - £55,000Glasgow Hybrid: 2 Days a Week in the Office In this role will be responsible for implementing, developing, and executing security operations to protect users, infrastructure, and data from various threats. This role involves monitoring networks and systems, detecting security threats, analysing and assessing alarms, and reporting on threats and intrusion attempts. Key Responsibilities: Stay updated with the latest security and technology developments. Research and evaluate emerging cyber security threats. Plan and create contingency plans for disaster recovery. Monitor for attacks, intrusions, and unusual activities. Test and evaluate security products. Design and upgrade security systems. Use advanced analytics to determine threat patterns and vulnerabilities. Liaise with stakeholders on cyber security issues. Manage 3rd party relationships. Skills/Experience: Essential: CompTIA Security+ Sentinel Experience Knowledge of cyber security essentials and ISO 27001/22301. Experience with network and application firewalls, intrusion prevention, anti-virus, and security tooling. Familiarity with Microsoft 365/Azure. Desirable: SSCP or CISSP CISM Ethical Hacking/Purple Teaming
Apr 30, 2024
Full time
Senior Cyber Security Analyst Salary: £50,000 - £55,000Glasgow Hybrid: 2 Days a Week in the Office In this role will be responsible for implementing, developing, and executing security operations to protect users, infrastructure, and data from various threats. This role involves monitoring networks and systems, detecting security threats, analysing and assessing alarms, and reporting on threats and intrusion attempts. Key Responsibilities: Stay updated with the latest security and technology developments. Research and evaluate emerging cyber security threats. Plan and create contingency plans for disaster recovery. Monitor for attacks, intrusions, and unusual activities. Test and evaluate security products. Design and upgrade security systems. Use advanced analytics to determine threat patterns and vulnerabilities. Liaise with stakeholders on cyber security issues. Manage 3rd party relationships. Skills/Experience: Essential: CompTIA Security+ Sentinel Experience Knowledge of cyber security essentials and ISO 27001/22301. Experience with network and application firewalls, intrusion prevention, anti-virus, and security tooling. Familiarity with Microsoft 365/Azure. Desirable: SSCP or CISSP CISM Ethical Hacking/Purple Teaming
Senior Cyber Security Analyst Salary: Up to £55,000 Glasgow Hybrid: 2 Days a Week in the Office In this role will be responsible for implementing, developing, and executing security operations to protect users, infrastructure, and data from various threats. This role involves monitoring networks and systems, detecting security threats, analysing and assessing alarms, and reporting on threats and intrusion attempts. Looking ideally for people available within a month. Key Responsibilities: Stay updated with the latest security and technology developments. Research and evaluate emerging cyber security threats. Plan and create contingency plans for disaster recovery. Monitor for attacks, intrusions, and unusual activities. Test and evaluate security products. Design and upgrade security systems. Use advanced analytics to determine threat patterns and vulnerabilities. Liaise with stakeholders on cyber security issues. Skills/Experience: Essential: CompTIA Security+ Sentinel Experience Knowledge of cyber security essentials and ISO 27001/22301. Experience with network and application Firewalls, intrusion prevention, anti-virus, and security tooling. Familiarity with Microsoft 365/Azure. Desirable: SSCP or CISSP CISM Ethical Hacking/Purple Teaming
Apr 30, 2024
Full time
Senior Cyber Security Analyst Salary: Up to £55,000 Glasgow Hybrid: 2 Days a Week in the Office In this role will be responsible for implementing, developing, and executing security operations to protect users, infrastructure, and data from various threats. This role involves monitoring networks and systems, detecting security threats, analysing and assessing alarms, and reporting on threats and intrusion attempts. Looking ideally for people available within a month. Key Responsibilities: Stay updated with the latest security and technology developments. Research and evaluate emerging cyber security threats. Plan and create contingency plans for disaster recovery. Monitor for attacks, intrusions, and unusual activities. Test and evaluate security products. Design and upgrade security systems. Use advanced analytics to determine threat patterns and vulnerabilities. Liaise with stakeholders on cyber security issues. Skills/Experience: Essential: CompTIA Security+ Sentinel Experience Knowledge of cyber security essentials and ISO 27001/22301. Experience with network and application Firewalls, intrusion prevention, anti-virus, and security tooling. Familiarity with Microsoft 365/Azure. Desirable: SSCP or CISSP CISM Ethical Hacking/Purple Teaming
Global Information Security Operations Manager This is a senior technical lead position that will focus on MLP's security incident response and manage global security operations staff. The role will also include maintenance, monitoring and administration of key information security technologies. The Information Security Team fosters a collaborative environment and is building a best of breed practice to partner with the business to protect the Firm's information and computer systems. The successful candidate must have hands-on technical experience in supporting infrastructure platforms and providing leadership to junior members of the team. The role is suited to individuals with prior experience developing and implementing security procedures and controls as well as management experience in a Security Operations Center (SOC) environment. Millennium is a complex and robust technical environment and securing the Firm from external and internal threats is a top priority which makes this role very challenging. Principal Responsibilities Responsible for the daily operation of enterprise security systems including SIEM, SOAR, Elastic, ticketing, alerting, and messaging systems. Manage junior level analysts in the daily operation of enterprise security systems including shift rotations and hand-offs. Work closely with Managed Security Providers (MSP) to maintain runbooks, escalation procedures, and consume available threat intelligence. Utilize detective controls to develop rules and alerts to drive security monitoring. Perform hunt activities across our log aggregation and SIEM platforms. Recommend, test, tune and implement SIEM and other tooling correlation rules. Identify false-positives from alerting, and perform incident response, triage, incident analysis and remediation tasks. Recommend and develop new SIEM use cases/rules with engineering teams. Maintain documentation for the SOC function, including training program for new Security Operations personnel. Participate in Information Security Incident Response activities for the Firm's environment. Enforce security policies and procedures by administering and monitoring appropriate systems, events and answering client queries. Perform threat and vulnerability management functions including vulnerability scans and/or analyze results of scans and assist with remediation as required. Collaborate with the Information Security Team to consume feeds from a suite of security tools including AV, Advanced Malware Detection, SIEM, IDS, Vulnerability scanners, etc. Ensure MLP enterprise security products are functioning and protecting the environment as expected while providing stability and maintaining policies and procedures. Actively monitor new and emerging security and privacy related technologies, trends, issues, and solutions and assess their applicability to Millennium key business initiatives and business strategies. Provide technical support to IT staff in the detection and resolution of security problems. Develop and maintain documentation of all Security products including specific tools, technologies and processes. Qualifications/Skills Required Experience performing security monitoring and incident response and triage work in a 24/7 environment. Experience with people management in a technical role, preferably in a SOC setting. Experience with ticketing systems and API integration work. Hands-on experience with one of the major SIEM platforms in use i.e Splunk, Q1Radar, etc Excellent understanding of common exploit scenarios and indicators of compromise (IOCs) Log analysis and experience reviewing security events. Ability to manipulate data and produce relevant metrics and reporting around security incidents. Excellent understanding and experience across broad spectrum of technologies - including operating system, cloud, Active Directory, Group Policy, DNS, Messaging. High level understanding of internetworking, data transmission and encryption protocols. Experience with vulnerability management scanning platforms. Ability to handle sensitive and/or confidential materials with appropriate discretion. Scripting and development skills (Python, Powershell, VBscript, Rest a plus). Possess a passion for Information Security and Technology. Able to prioritize in a fast moving, high pressure, constantly changing environment; High sense of urgency Ability to communicate and collaborate across technology teams. Bachelor's degree (Computer Science or Engineering preferred) with strong IT background. Have substantial experience working in a technical role and extensive experience concentrating on information security, financial industry At least one security certification (CISSP, CEH, GCIA, CISM, etc.).
Apr 30, 2024
Full time
Global Information Security Operations Manager This is a senior technical lead position that will focus on MLP's security incident response and manage global security operations staff. The role will also include maintenance, monitoring and administration of key information security technologies. The Information Security Team fosters a collaborative environment and is building a best of breed practice to partner with the business to protect the Firm's information and computer systems. The successful candidate must have hands-on technical experience in supporting infrastructure platforms and providing leadership to junior members of the team. The role is suited to individuals with prior experience developing and implementing security procedures and controls as well as management experience in a Security Operations Center (SOC) environment. Millennium is a complex and robust technical environment and securing the Firm from external and internal threats is a top priority which makes this role very challenging. Principal Responsibilities Responsible for the daily operation of enterprise security systems including SIEM, SOAR, Elastic, ticketing, alerting, and messaging systems. Manage junior level analysts in the daily operation of enterprise security systems including shift rotations and hand-offs. Work closely with Managed Security Providers (MSP) to maintain runbooks, escalation procedures, and consume available threat intelligence. Utilize detective controls to develop rules and alerts to drive security monitoring. Perform hunt activities across our log aggregation and SIEM platforms. Recommend, test, tune and implement SIEM and other tooling correlation rules. Identify false-positives from alerting, and perform incident response, triage, incident analysis and remediation tasks. Recommend and develop new SIEM use cases/rules with engineering teams. Maintain documentation for the SOC function, including training program for new Security Operations personnel. Participate in Information Security Incident Response activities for the Firm's environment. Enforce security policies and procedures by administering and monitoring appropriate systems, events and answering client queries. Perform threat and vulnerability management functions including vulnerability scans and/or analyze results of scans and assist with remediation as required. Collaborate with the Information Security Team to consume feeds from a suite of security tools including AV, Advanced Malware Detection, SIEM, IDS, Vulnerability scanners, etc. Ensure MLP enterprise security products are functioning and protecting the environment as expected while providing stability and maintaining policies and procedures. Actively monitor new and emerging security and privacy related technologies, trends, issues, and solutions and assess their applicability to Millennium key business initiatives and business strategies. Provide technical support to IT staff in the detection and resolution of security problems. Develop and maintain documentation of all Security products including specific tools, technologies and processes. Qualifications/Skills Required Experience performing security monitoring and incident response and triage work in a 24/7 environment. Experience with people management in a technical role, preferably in a SOC setting. Experience with ticketing systems and API integration work. Hands-on experience with one of the major SIEM platforms in use i.e Splunk, Q1Radar, etc Excellent understanding of common exploit scenarios and indicators of compromise (IOCs) Log analysis and experience reviewing security events. Ability to manipulate data and produce relevant metrics and reporting around security incidents. Excellent understanding and experience across broad spectrum of technologies - including operating system, cloud, Active Directory, Group Policy, DNS, Messaging. High level understanding of internetworking, data transmission and encryption protocols. Experience with vulnerability management scanning platforms. Ability to handle sensitive and/or confidential materials with appropriate discretion. Scripting and development skills (Python, Powershell, VBscript, Rest a plus). Possess a passion for Information Security and Technology. Able to prioritize in a fast moving, high pressure, constantly changing environment; High sense of urgency Ability to communicate and collaborate across technology teams. Bachelor's degree (Computer Science or Engineering preferred) with strong IT background. Have substantial experience working in a technical role and extensive experience concentrating on information security, financial industry At least one security certification (CISSP, CEH, GCIA, CISM, etc.).
You'll do more than the expected. You'll do the unexpected. American Express is looking for a Senior Information Security Analyst to be a technical lead in our Cyber Fusion Center. The team provides rapid investigation and response to cyber security incidents which impact American Express globally. The Senior Information Security Analyst will serve as a leader and will be responsible for handling escalated security incidents, performing investigations, and driving operational maturity. If you want to be part of a diverse and inclusive world-class team, this could be the role for you. How will you make an impact in this role?: Provide advanced technical oversight and support to Information Security Analysts conducting cyber incident investigations Maintain awareness of real-world infosec threats and engage in the innovation of new analytic methods for detecting threats Support senior leadership in continuous development of incident response capabilities Coach and mentor Information Security Analysts Participate in rotational weekend coverage Required Skills/Qualifications: Substantial Information Security experience and technical understanding, including: Network, endpoint and OSINT security tools A range of cloud, Mac, Linux and Windows platforms Excellent business and technical risk analysis and prioritisation skills Excellent written and oral communication skills including in high pressure situations Committed to continuous learning and professional development, and passionate about developing others Preferred Additional Experience & Skills: Experience in a Security Operations Center (SOC), Computer Incident Response Team (CSIRT), Computer Security Incident Response Center (CSIRC), or Cyber Fusion Center Security industry certification (CISSP, CEH, OSCP, CCNP Security, GCFE, GCFA, GNFA, GREM) Specialism in one or more security domains (e.g platform hardening, vulnerability management, penetration testing, applied cryptography, network/application traffic control, forensics, or exploits and malware.) Experience in programming and/or scripting languages (python, javascript, php, sql, C/C++, Go) Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations. Why American Express? There's a difference between having a job and making a difference. Amex have been making a difference in people's lives for over 160 years, backing them in moments big and small, granting access, tools, and resources to take on their biggest challenges and reap the greatest rewards. We've also made a difference in the lives of our people, providing a culture of learning and collaboration, and helping them with what they need to succeed and thrive. We have their backs as they grow their skills, conquer new challenges, or even take time to spend with their family or community. And when they're ready to take on a new career path, we're right there with them, giving them the guidance and momentum into the best future they envision. When you join , you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day. We back our colleagues with the support they need to thrive, professionally and personally. That's why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually. Because we believe that the best way to back our customers is to back our people. The powerful backing of American Express. Don't make a difference without it. Don't live life without it. To complete your application please click on the links below. However, if you require any assistance with the completion of this process - or need any reasonable adjustments to be made - then please contact the Recruitment Team on
Sep 23, 2022
Full time
You'll do more than the expected. You'll do the unexpected. American Express is looking for a Senior Information Security Analyst to be a technical lead in our Cyber Fusion Center. The team provides rapid investigation and response to cyber security incidents which impact American Express globally. The Senior Information Security Analyst will serve as a leader and will be responsible for handling escalated security incidents, performing investigations, and driving operational maturity. If you want to be part of a diverse and inclusive world-class team, this could be the role for you. How will you make an impact in this role?: Provide advanced technical oversight and support to Information Security Analysts conducting cyber incident investigations Maintain awareness of real-world infosec threats and engage in the innovation of new analytic methods for detecting threats Support senior leadership in continuous development of incident response capabilities Coach and mentor Information Security Analysts Participate in rotational weekend coverage Required Skills/Qualifications: Substantial Information Security experience and technical understanding, including: Network, endpoint and OSINT security tools A range of cloud, Mac, Linux and Windows platforms Excellent business and technical risk analysis and prioritisation skills Excellent written and oral communication skills including in high pressure situations Committed to continuous learning and professional development, and passionate about developing others Preferred Additional Experience & Skills: Experience in a Security Operations Center (SOC), Computer Incident Response Team (CSIRT), Computer Security Incident Response Center (CSIRC), or Cyber Fusion Center Security industry certification (CISSP, CEH, OSCP, CCNP Security, GCFE, GCFA, GNFA, GREM) Specialism in one or more security domains (e.g platform hardening, vulnerability management, penetration testing, applied cryptography, network/application traffic control, forensics, or exploits and malware.) Experience in programming and/or scripting languages (python, javascript, php, sql, C/C++, Go) Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations. Why American Express? There's a difference between having a job and making a difference. Amex have been making a difference in people's lives for over 160 years, backing them in moments big and small, granting access, tools, and resources to take on their biggest challenges and reap the greatest rewards. We've also made a difference in the lives of our people, providing a culture of learning and collaboration, and helping them with what they need to succeed and thrive. We have their backs as they grow their skills, conquer new challenges, or even take time to spend with their family or community. And when they're ready to take on a new career path, we're right there with them, giving them the guidance and momentum into the best future they envision. When you join , you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day. We back our colleagues with the support they need to thrive, professionally and personally. That's why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually. Because we believe that the best way to back our customers is to back our people. The powerful backing of American Express. Don't make a difference without it. Don't live life without it. To complete your application please click on the links below. However, if you require any assistance with the completion of this process - or need any reasonable adjustments to be made - then please contact the Recruitment Team on
Cyber Security Team Lead - Permanent - Edinburgh/Remote - Package Circa £95k Change Digital are partnering with a global organisation who have been reviewed as one of Edinburgh's best employers who are experiencing growth within their technology teams and are recruiting for an information/cyber security team lead to join the company and help shape a brand new team of security analysts. This position will involve applying security knowledge and expertise and making sure that the IT estate is secure. The successful candidate will be at senior level with some team lead experience, or already in a similar position. Skills required should include but not be limited to: - Azure Cloud - Experience of the security threat landscape - Information security and Cyber security - Windows/Linux - Team lead/mentoring experience - Any of the following qualifications, desirable (CISSP, CISM, GSEC, MCSA, RHCSA, Azure) This is a fantastic opportunity to join a company who offer a flexible, supportive, collaborative environment where the employee's come first, who also offer unlimited training and the opportunity to work with the latest technology. This position would require part week onsite post COVID, however a flexible approach depending on individual circumstances. If you are looking to progress your career and have the required skills, please forward your latest CV for immediate consideration.
Oct 07, 2021
Full time
Cyber Security Team Lead - Permanent - Edinburgh/Remote - Package Circa £95k Change Digital are partnering with a global organisation who have been reviewed as one of Edinburgh's best employers who are experiencing growth within their technology teams and are recruiting for an information/cyber security team lead to join the company and help shape a brand new team of security analysts. This position will involve applying security knowledge and expertise and making sure that the IT estate is secure. The successful candidate will be at senior level with some team lead experience, or already in a similar position. Skills required should include but not be limited to: - Azure Cloud - Experience of the security threat landscape - Information security and Cyber security - Windows/Linux - Team lead/mentoring experience - Any of the following qualifications, desirable (CISSP, CISM, GSEC, MCSA, RHCSA, Azure) This is a fantastic opportunity to join a company who offer a flexible, supportive, collaborative environment where the employee's come first, who also offer unlimited training and the opportunity to work with the latest technology. This position would require part week onsite post COVID, however a flexible approach depending on individual circumstances. If you are looking to progress your career and have the required skills, please forward your latest CV for immediate consideration.
IT Security Officer / IT Security Analyst / IT Risk Analyst - Security Audits, Risk Assessments, CISM, CISSP, CySA+, CASP+ etc; Security Standards. Guildford (2 days per week); Fully remote during pandemic, 2 days per week onsite post-return-to-office. Permanent. c.£55k- £65k + Benefits Global Insurance Company seeks an IT Security Officer / IT Security Analyst / IT Risk Analyst to assist in the development and dissemination of information security policies, procedures, and guidelines across the organisation. This is a Security Analysis role which will require the management of audits, risk assessments and the subsequent management and oversight of remedial actions taken by various software development and DevOps/SysAdmin teams and perimeter defence Network Engineering teams. The IT Security Officer / IT Security Analyst / IT Risk Analyst will monitor existing IT security controls to ensure compliance with security policies and procedures, identify vulnerabilities, take ownership of core security areas in active processes and projects on the security roadmap and create security policies which meet modern security compliance standards. This will involve managing the development of security procedures within the specific areas (software, network, production server, devops etc) and report to the Global Security team on the state of these areas. Day-to-day activities will require you to liaise with various business and technical departmental stakeholders to actively identify and resolve vulnerabilities in the technical environment. You will also need to identify areas for improvement in security policies and procedures relating to multiple enterprise systems and infrastructure environments operated by the corporate entity. You will employ a variety of standards covering aspects such as COBIT, IASME Cyber Security, GDPR and work to bring systems up to standards required by the German Federal Financial Supervisory Authority: BaFin (due to the company's presence and profile in Germany). We are searching for an IT Security Officer / IT Security Analyst / IT Risk Analyst who can bring procedural security knowledge, experience along with technical understanding of software, server and network environments and the application of security procedures within best practice. You will be an information security professional who holds certifications ranging from CySA+, CASP+, CISSP, Security+, CISA, CISM, and may have some exposure to frameworks such as COBIT, ISO27001 or have worked to FCA standards or indeed to BaFin standards within financial services. You will be familiar with undertaking risk assessments and reporting results and guidance to technical teams and business stakeholders alike and working closely with senior level business stakeholders to disseminate a security focussed approach. Excellent organisation and communication skills are pre-requisite. Excellent opportunity to work with one of the world's largest Insurance companies employing cutting edge technologies dispersed across a global enterprise. Excellent opportunity for career growth and personal development.
Oct 07, 2021
Full time
IT Security Officer / IT Security Analyst / IT Risk Analyst - Security Audits, Risk Assessments, CISM, CISSP, CySA+, CASP+ etc; Security Standards. Guildford (2 days per week); Fully remote during pandemic, 2 days per week onsite post-return-to-office. Permanent. c.£55k- £65k + Benefits Global Insurance Company seeks an IT Security Officer / IT Security Analyst / IT Risk Analyst to assist in the development and dissemination of information security policies, procedures, and guidelines across the organisation. This is a Security Analysis role which will require the management of audits, risk assessments and the subsequent management and oversight of remedial actions taken by various software development and DevOps/SysAdmin teams and perimeter defence Network Engineering teams. The IT Security Officer / IT Security Analyst / IT Risk Analyst will monitor existing IT security controls to ensure compliance with security policies and procedures, identify vulnerabilities, take ownership of core security areas in active processes and projects on the security roadmap and create security policies which meet modern security compliance standards. This will involve managing the development of security procedures within the specific areas (software, network, production server, devops etc) and report to the Global Security team on the state of these areas. Day-to-day activities will require you to liaise with various business and technical departmental stakeholders to actively identify and resolve vulnerabilities in the technical environment. You will also need to identify areas for improvement in security policies and procedures relating to multiple enterprise systems and infrastructure environments operated by the corporate entity. You will employ a variety of standards covering aspects such as COBIT, IASME Cyber Security, GDPR and work to bring systems up to standards required by the German Federal Financial Supervisory Authority: BaFin (due to the company's presence and profile in Germany). We are searching for an IT Security Officer / IT Security Analyst / IT Risk Analyst who can bring procedural security knowledge, experience along with technical understanding of software, server and network environments and the application of security procedures within best practice. You will be an information security professional who holds certifications ranging from CySA+, CASP+, CISSP, Security+, CISA, CISM, and may have some exposure to frameworks such as COBIT, ISO27001 or have worked to FCA standards or indeed to BaFin standards within financial services. You will be familiar with undertaking risk assessments and reporting results and guidance to technical teams and business stakeholders alike and working closely with senior level business stakeholders to disseminate a security focussed approach. Excellent organisation and communication skills are pre-requisite. Excellent opportunity to work with one of the world's largest Insurance companies employing cutting edge technologies dispersed across a global enterprise. Excellent opportunity for career growth and personal development.
Project Description Development of the reporting and analytics function for IT Risk and Security. Task Description Reporting to the head of Strategy and Planning, serving as the reporting and analytics lead for the ITRS group; accountable for all ITRS-related metrics data across IT and to the executive level. Develops a reporting schedule to provide an overview of ITRS value and performance. Manages the development and presentation of security related reporting, to identify and collect metric data for regularly published KPI reports and IT scorecards. Analyses data to identify trends and provide internal stakeholders with valuable insights they can use to improve operational and businesses practices. Facilitates performance reviews for service areas to benchmark against defined Cyber metrics. Drafts board-level management analytic and trending reports. Collaborates with 2nd LoD on security reporting activities and schedules. Assists in the definition of IT scorecard metrics (KPIs, KCIs, KRIs) for the ITRS tower. Evaluates existing reports and implements continuous feedback and assurance processes to improve data integrity and quality. Gathers key reporting requirements from Business Information Security Officers and produces metrics relevant to specific MR entities. Performs statistical analysis to predict trend in cyber security data. Configures and uses platforms such as PowerBI to showcase cyber analytics. Required working experience 7-10 years Required skills and qualifications Over 7 years' experience in Security Reporting and Analytics working with the Business and IT. A proactive self-starter who is able to develop and maintain effective working relationships with multiple stakeholders, the wider team from across the organisation and varying levels of seniority. Extensive experience of being accountable for Reporting and Analytics preferably in an Cyber Security context. Very good knowledge of complex IT organisations and experience with security-relevant topics, security metrics and a related knowledge of the market. Excellent writing and presentation skills. Experience with data visualisation platforms such as PoweBI/Tableau. Active and effective communicator with peers and senior management at board level. Developing data reporting and insights to enable management decisions. Customer orientation, strong negotiating and problem solving skills. Technical and functional aptitude to shape and lead initiatives. Strong stakeholder management skills and able to establish and manage expectations. Initiative, creativity and an open mind for innovation. Good knowledge of security standards (e.g. ISO 2700x, ISF's SoGP, NIST) and other frameworks. Attention to detail. Qualifications - · Batchelors degree ( in IT Preferably) · CISSP (preferred) Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Oct 07, 2021
Contractor
Project Description Development of the reporting and analytics function for IT Risk and Security. Task Description Reporting to the head of Strategy and Planning, serving as the reporting and analytics lead for the ITRS group; accountable for all ITRS-related metrics data across IT and to the executive level. Develops a reporting schedule to provide an overview of ITRS value and performance. Manages the development and presentation of security related reporting, to identify and collect metric data for regularly published KPI reports and IT scorecards. Analyses data to identify trends and provide internal stakeholders with valuable insights they can use to improve operational and businesses practices. Facilitates performance reviews for service areas to benchmark against defined Cyber metrics. Drafts board-level management analytic and trending reports. Collaborates with 2nd LoD on security reporting activities and schedules. Assists in the definition of IT scorecard metrics (KPIs, KCIs, KRIs) for the ITRS tower. Evaluates existing reports and implements continuous feedback and assurance processes to improve data integrity and quality. Gathers key reporting requirements from Business Information Security Officers and produces metrics relevant to specific MR entities. Performs statistical analysis to predict trend in cyber security data. Configures and uses platforms such as PowerBI to showcase cyber analytics. Required working experience 7-10 years Required skills and qualifications Over 7 years' experience in Security Reporting and Analytics working with the Business and IT. A proactive self-starter who is able to develop and maintain effective working relationships with multiple stakeholders, the wider team from across the organisation and varying levels of seniority. Extensive experience of being accountable for Reporting and Analytics preferably in an Cyber Security context. Very good knowledge of complex IT organisations and experience with security-relevant topics, security metrics and a related knowledge of the market. Excellent writing and presentation skills. Experience with data visualisation platforms such as PoweBI/Tableau. Active and effective communicator with peers and senior management at board level. Developing data reporting and insights to enable management decisions. Customer orientation, strong negotiating and problem solving skills. Technical and functional aptitude to shape and lead initiatives. Strong stakeholder management skills and able to establish and manage expectations. Initiative, creativity and an open mind for innovation. Good knowledge of security standards (e.g. ISO 2700x, ISF's SoGP, NIST) and other frameworks. Attention to detail. Qualifications - · Batchelors degree ( in IT Preferably) · CISSP (preferred) Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.