Lead Cyber Security Engineer - Manchester City Centre - £80,000 + Bonus The Company: Lorien are working in partnership with a global sports entertainment business. As they progress and develop further in new international regions we need an experienced cyber security professional to enable comprehensive protection for the group of businesses. The Role: This role is for ideal for an established cyber security professional, the opportunity is to own the technical elements of the group wide cyber security, ensuring the integrity across all areas of the infrastructure and networks.You must also be capable to test the security changes and ensure vulnerabilities have been successfully patched, it's critical to get the most out of the plethora of tools available. As the Lead Engineer within the team you'll also need to ensure you can coach the other more junior team members. The Skill Requirements: Successful candidates will have a blend of the following: Proven experience managing the cyber security features such as SIEM Solutions, Endpoint Protection and DLP Strong underlying knowledge of Infrastructure Hardening and Network Security best practices (Firewalls/Servers/VPN/WAF/Email/Office 365/etc.) Good knowledge of audit compliance (ISO27001/PCI-DSS/GDPR) Familiarity with securing both public and private cloud environment (Azure/AWS/VMware/etc.) Excellent cross-team collaboration skills The Benefits: Salary available of £60,000-80,000 Company bonus scheme Hybrid working form Manchester Flexible working hours 25 days annual leave plus bank holidays Genuine opportunity to own the cyber security within a company who're actively investing in this area We'll be interviewing for this position ASAP, please submit your CV to be considered now.IND_PC1 Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
Sep 15, 2024
Full time
Lead Cyber Security Engineer - Manchester City Centre - £80,000 + Bonus The Company: Lorien are working in partnership with a global sports entertainment business. As they progress and develop further in new international regions we need an experienced cyber security professional to enable comprehensive protection for the group of businesses. The Role: This role is for ideal for an established cyber security professional, the opportunity is to own the technical elements of the group wide cyber security, ensuring the integrity across all areas of the infrastructure and networks.You must also be capable to test the security changes and ensure vulnerabilities have been successfully patched, it's critical to get the most out of the plethora of tools available. As the Lead Engineer within the team you'll also need to ensure you can coach the other more junior team members. The Skill Requirements: Successful candidates will have a blend of the following: Proven experience managing the cyber security features such as SIEM Solutions, Endpoint Protection and DLP Strong underlying knowledge of Infrastructure Hardening and Network Security best practices (Firewalls/Servers/VPN/WAF/Email/Office 365/etc.) Good knowledge of audit compliance (ISO27001/PCI-DSS/GDPR) Familiarity with securing both public and private cloud environment (Azure/AWS/VMware/etc.) Excellent cross-team collaboration skills The Benefits: Salary available of £60,000-80,000 Company bonus scheme Hybrid working form Manchester Flexible working hours 25 days annual leave plus bank holidays Genuine opportunity to own the cyber security within a company who're actively investing in this area We'll be interviewing for this position ASAP, please submit your CV to be considered now.IND_PC1 Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
Head of Platform, Azure, Remote, COR6969 Are you an experienced leader with a strong focus on Azure and cloud platform management? This remote role could be the perfect opportunity for you! The Role As the Head of Platform, you will play a key role in leading and overseeing the company's cloud platform operations, with a primary focus on Azure. You will ensure that all processes are efficient, scalable, secure, and compliant with industry standards. You will collaborate with senior leaders to drive platform innovation and growth, while ensuring security, performance, and regulatory compliance. In this role, you will develop and maintain an Azure-focused operational model that promotes autonomy, mastery, and purpose. You will be responsible for aligning the platform's operations with the company's strategic goals, ensuring all systems are robust, agile, and secure. The Company Our client is a cutting-edge startup, empowering businesses to harness the power of Azure cloud solutions to drive innovation and efficiency. They deliver high-performance software solutions, helping companies optimise their operations and stay competitive. As the Head of Platform, you will be part of a world-class team, steering the operational success of Azure environments while fostering a collaborative, agile work environment. This is a fully remote role, with occasional in-person meetings. What's Required? The ideal candidate for the role will have the following: Extensive experience managing Azure cloud environments, including security, scalability, and compliance Strong leadership in developing secure, scalable, and efficient cloud platform processes In-depth understanding of regulatory compliance such as GDPR, ISO27001, and PCI-DSS Experience with CI/CD pipelines and Infrastructure as Code (IaC) in Azure environments Proven track record in driving growth and platform innovation through operational excellence A collaborative, agile mindset with a focus on delivering high-quality customer experiences Ready to take the lead on platform excellence in a growing startup? Apply now and become part of this exciting journey as a Head of Platform! Head of Platform, Azure, Remote, COR6969 Corriculo acts as an employment agency and employment business.
Sep 15, 2024
Full time
Head of Platform, Azure, Remote, COR6969 Are you an experienced leader with a strong focus on Azure and cloud platform management? This remote role could be the perfect opportunity for you! The Role As the Head of Platform, you will play a key role in leading and overseeing the company's cloud platform operations, with a primary focus on Azure. You will ensure that all processes are efficient, scalable, secure, and compliant with industry standards. You will collaborate with senior leaders to drive platform innovation and growth, while ensuring security, performance, and regulatory compliance. In this role, you will develop and maintain an Azure-focused operational model that promotes autonomy, mastery, and purpose. You will be responsible for aligning the platform's operations with the company's strategic goals, ensuring all systems are robust, agile, and secure. The Company Our client is a cutting-edge startup, empowering businesses to harness the power of Azure cloud solutions to drive innovation and efficiency. They deliver high-performance software solutions, helping companies optimise their operations and stay competitive. As the Head of Platform, you will be part of a world-class team, steering the operational success of Azure environments while fostering a collaborative, agile work environment. This is a fully remote role, with occasional in-person meetings. What's Required? The ideal candidate for the role will have the following: Extensive experience managing Azure cloud environments, including security, scalability, and compliance Strong leadership in developing secure, scalable, and efficient cloud platform processes In-depth understanding of regulatory compliance such as GDPR, ISO27001, and PCI-DSS Experience with CI/CD pipelines and Infrastructure as Code (IaC) in Azure environments Proven track record in driving growth and platform innovation through operational excellence A collaborative, agile mindset with a focus on delivering high-quality customer experiences Ready to take the lead on platform excellence in a growing startup? Apply now and become part of this exciting journey as a Head of Platform! Head of Platform, Azure, Remote, COR6969 Corriculo acts as an employment agency and employment business.
It's finding innovative ways to make progress, and it's helping to create world-class experiences for all our audiences: this is what makes working for Royal Collection Trust exceptional. Royal Collection Trust is responsible for the care and presentation of one of the world's most important art collections and manages the public opening of The King's official residences and associated commercial activities We operate from venues across the UK, and our infrastructure underpins all of our commercial and charitable activities, including tickets sales, retail operations and collections management. Working at the heart of our commercial operations, you'll lead a team responsible for the management, development, delivery, support and compliance of a diverse set of applications, platforms, services and infrastructure. Key Responsibilities: You'll take charge of the operation and performance of our application and infrastructure portfolio, setting the direction and standards for its use. Leading the systems support team, you'll define processes, set and ensure service level agreements are met, and develop your team to ensure it is motivated to excel. With an in-depth understanding of the business processes you're supporting, and the application and infrastructure architecture and integrations with other systems, you'll work closely with stakeholders to identify technical continuous improvements and deliver feature requests. You'll be responsible for ensuring that our systems are secure and maintain industry and regulatory compliance, overseeing quality-assured upgrades and patching, and delivering them over dedicated and compliant IT network connectivity. Managing our commercial hardware inventory, you'll ensure that assets are controlled, maintained and optimised to the environments in which they operate. You'll collaborate with partners on the design, configuration and maintenance of Windows builds and deployments via Autopilot, and take responsibility for the management of users, devices and deployments through Microsoft Intune. Managing supplier relationships, you'll ensure that service contracts are delivered to the highest standards. You'll be responsible for incident management and disaster recovery plans Relating to the provision of commercial infrastructure. Essential Criteria With expert knowledge of enterprise-level commercial systems and infrastructure, systems implementations and integrations, and experience of endpoint and user management using Microsoft Intune, you'll be well-equipped to handle the technical demands of the role. You'll have experience of operating a compliance and control environment relevant to commercial operations (including security, data handling and PCI DSS) and an ITIL4 qualification or equivalent experience. Having managed a portfolio of external suppliers, you'll know how to oversee performance and get the best out of third-party relationships. With great people management skills, you can manage and develop a support team (1st and 2nd line) whilst providing expert 3rd line technical support. Familiar with AGILE working methods and with excellent stakeholder management and leadership skills, you can build effective working relationships and drive projects forward. With a methodical, logical and analytical approach to problem solving, you're adept at applying technological solutions to business processes. Self-motivated and proactive, you'll thrive in a role that offers both strategic and hands-on responsibilities.
Sep 15, 2024
Full time
It's finding innovative ways to make progress, and it's helping to create world-class experiences for all our audiences: this is what makes working for Royal Collection Trust exceptional. Royal Collection Trust is responsible for the care and presentation of one of the world's most important art collections and manages the public opening of The King's official residences and associated commercial activities We operate from venues across the UK, and our infrastructure underpins all of our commercial and charitable activities, including tickets sales, retail operations and collections management. Working at the heart of our commercial operations, you'll lead a team responsible for the management, development, delivery, support and compliance of a diverse set of applications, platforms, services and infrastructure. Key Responsibilities: You'll take charge of the operation and performance of our application and infrastructure portfolio, setting the direction and standards for its use. Leading the systems support team, you'll define processes, set and ensure service level agreements are met, and develop your team to ensure it is motivated to excel. With an in-depth understanding of the business processes you're supporting, and the application and infrastructure architecture and integrations with other systems, you'll work closely with stakeholders to identify technical continuous improvements and deliver feature requests. You'll be responsible for ensuring that our systems are secure and maintain industry and regulatory compliance, overseeing quality-assured upgrades and patching, and delivering them over dedicated and compliant IT network connectivity. Managing our commercial hardware inventory, you'll ensure that assets are controlled, maintained and optimised to the environments in which they operate. You'll collaborate with partners on the design, configuration and maintenance of Windows builds and deployments via Autopilot, and take responsibility for the management of users, devices and deployments through Microsoft Intune. Managing supplier relationships, you'll ensure that service contracts are delivered to the highest standards. You'll be responsible for incident management and disaster recovery plans Relating to the provision of commercial infrastructure. Essential Criteria With expert knowledge of enterprise-level commercial systems and infrastructure, systems implementations and integrations, and experience of endpoint and user management using Microsoft Intune, you'll be well-equipped to handle the technical demands of the role. You'll have experience of operating a compliance and control environment relevant to commercial operations (including security, data handling and PCI DSS) and an ITIL4 qualification or equivalent experience. Having managed a portfolio of external suppliers, you'll know how to oversee performance and get the best out of third-party relationships. With great people management skills, you can manage and develop a support team (1st and 2nd line) whilst providing expert 3rd line technical support. Familiar with AGILE working methods and with excellent stakeholder management and leadership skills, you can build effective working relationships and drive projects forward. With a methodical, logical and analytical approach to problem solving, you're adept at applying technological solutions to business processes. Self-motivated and proactive, you'll thrive in a role that offers both strategic and hands-on responsibilities.
Home based role Help strengthen our Team as our Senior Information Security Manager. Home based role. Great opportunity to join our team as our Senior Information Security Manager to work with numerous clients across the public and private sectors, on different types of engagements offering a fantastic exposure to a wide variety of InfoSec projects. You will enjoy freedom and autonomy to make your own choices on the best way to successfully complete projects, in a role where you will be coming up with solutions to interesting problems, rather than simply maintaining existing systems & structures. Your responsibilities will be across technical and GRC areas of cyber security, providing assurance, management, and control of cyber security on behalf of our clients as well as identifying requirements and vulnerabilities, testing cyber security controls, and protecting other cyber systems. As a global IT and business service provider, across multiple sectors, Capita has a wide array of Information Security requirements, technologies and teams. Working within the Cyber Consulting division you will gain a fantastic exposure to various InfoSec topics, helping you to progress your career alongside a strong training & development programme. What You'll Be Doing: -Identifying and reporting systemic weaknesses in control effectiveness -Specifying requirements for cyber Health Checks to ensure identification of vulnerabilities and testing of cyber security controls, and to protect other cyber systems. Managing the resulting remediating controls for the business -Reporting and where applicable investigating security incidents or breaches of security policy in accordance with local procedures and guidance. -Chairing cyber security working groups, and representing cyber security on Change Advisory Board -Managing compliance in areas of responsibility with organisational commitments to Codes of Connection with partners -Contributing to development of cyber security policy -Maintaining the information security risk register ensuring that all known risks are appropriately assessed, and risk treatment plans are in place for all risks assessed to be above the organisations risk tolerance level. -Promoting a culture of information security awareness within the organisation. -Planning and conducting a programme of internal and second-party audits to measure compliance with security policy and associated standards. -At times, managing a team of Security Analysts on assigned client engagement. What we're looking for: -Proven experience as an Information Security Manager or similar role -Experience of Information security risk management and governance -Broad technical background in ICT -Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP). -Certified ISO/IEC 27001 Lead Implementer and/or Lead Auditor -Strong knowledge and experience with the ISO/IEC 27001:2022 and other Cyber Security standards -Good technical understanding and with the ability to explain technical problems to non-technical business stakeholders at all levels. -Aptitude to remain up to date with information security standards and Technology. -Good understanding of information/cyber security issues across various sectors -Assertive personality with strong organisational and interpersonal skills. -Good technical, analytical, and communication skills (both written and verbal). -Strong Stakeholder management -Eligibility for SC Clearance Desired Certifications but not essential: -ISO 22301 Lead Implementer and/or Lead Auditor certified -PCI-DSS Internal Security Assessor (PCI ISA) certified -CESG Certified Professional (CCP) ITSO certified -ISACA Certified Information Systems Auditor (CISA) certified -Pension background/industry experience About Capita Technology and Software Solutions (TSS) and CISO Capita Technology and Software Solutions (TSS) is a global shared service, responsible for delivering innovation and digital transformation for Capita's businesses and clients. We work collaboratively with Capita's divisions to shape the right digital technology solutions to help clients work differently, engage differently, sell differently and to be resilient to whatever next comes their way. Within Policy, Governance and CISO our key capabilities are to define, implement a
Sep 15, 2024
Full time
Home based role Help strengthen our Team as our Senior Information Security Manager. Home based role. Great opportunity to join our team as our Senior Information Security Manager to work with numerous clients across the public and private sectors, on different types of engagements offering a fantastic exposure to a wide variety of InfoSec projects. You will enjoy freedom and autonomy to make your own choices on the best way to successfully complete projects, in a role where you will be coming up with solutions to interesting problems, rather than simply maintaining existing systems & structures. Your responsibilities will be across technical and GRC areas of cyber security, providing assurance, management, and control of cyber security on behalf of our clients as well as identifying requirements and vulnerabilities, testing cyber security controls, and protecting other cyber systems. As a global IT and business service provider, across multiple sectors, Capita has a wide array of Information Security requirements, technologies and teams. Working within the Cyber Consulting division you will gain a fantastic exposure to various InfoSec topics, helping you to progress your career alongside a strong training & development programme. What You'll Be Doing: -Identifying and reporting systemic weaknesses in control effectiveness -Specifying requirements for cyber Health Checks to ensure identification of vulnerabilities and testing of cyber security controls, and to protect other cyber systems. Managing the resulting remediating controls for the business -Reporting and where applicable investigating security incidents or breaches of security policy in accordance with local procedures and guidance. -Chairing cyber security working groups, and representing cyber security on Change Advisory Board -Managing compliance in areas of responsibility with organisational commitments to Codes of Connection with partners -Contributing to development of cyber security policy -Maintaining the information security risk register ensuring that all known risks are appropriately assessed, and risk treatment plans are in place for all risks assessed to be above the organisations risk tolerance level. -Promoting a culture of information security awareness within the organisation. -Planning and conducting a programme of internal and second-party audits to measure compliance with security policy and associated standards. -At times, managing a team of Security Analysts on assigned client engagement. What we're looking for: -Proven experience as an Information Security Manager or similar role -Experience of Information security risk management and governance -Broad technical background in ICT -Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP). -Certified ISO/IEC 27001 Lead Implementer and/or Lead Auditor -Strong knowledge and experience with the ISO/IEC 27001:2022 and other Cyber Security standards -Good technical understanding and with the ability to explain technical problems to non-technical business stakeholders at all levels. -Aptitude to remain up to date with information security standards and Technology. -Good understanding of information/cyber security issues across various sectors -Assertive personality with strong organisational and interpersonal skills. -Good technical, analytical, and communication skills (both written and verbal). -Strong Stakeholder management -Eligibility for SC Clearance Desired Certifications but not essential: -ISO 22301 Lead Implementer and/or Lead Auditor certified -PCI-DSS Internal Security Assessor (PCI ISA) certified -CESG Certified Professional (CCP) ITSO certified -ISACA Certified Information Systems Auditor (CISA) certified -Pension background/industry experience About Capita Technology and Software Solutions (TSS) and CISO Capita Technology and Software Solutions (TSS) is a global shared service, responsible for delivering innovation and digital transformation for Capita's businesses and clients. We work collaboratively with Capita's divisions to shape the right digital technology solutions to help clients work differently, engage differently, sell differently and to be resilient to whatever next comes their way. Within Policy, Governance and CISO our key capabilities are to define, implement a
Salary - Up to £64,914 Location: Birmingham City Centre Work Pattern - Hybrid Our client are looking for an ambitious Deputy Head of Information Security to join their organisation near Birmingham City Centre. As a well-established, Birmingham-based company - they are looking to onboard an experienced Deputy Head of Information Security to help them to sure up their ISMS and help to effectively and efficiently manage a team. Key Responsibilities: - Support the Head of Information Security in directing and implementing the security strategy. - Identify and manage Information Security risks while ensuring adherence to industry standards and regulations. - Contribute to the design and implementation of secure systems, with emerging threats and technologies in mind. - Coordinate incident response efforts, ensuring minimal impact of security incidents on the organisation. - Development and delivery of information security training programs, ensuring a business-wide culture of security awareness. Required Knowledge & Skills: - Degree (or equivalent) in Information Security, Computer Science, or Business, with extensive technical and/or management experience in a relevant field. - Substantial experience in information security strategy, governance, policy creation, compliance, and incident handling. - CISSP or CISM certification with formal training in information security standards (e.g., ISO 27001/2, NIST CSF, PCI DSS). - Skilled in evaluating, managing, and delivering information security training. - Expertise in secure environments, handling sensitive data, and enforcing strict security policies. - In-depth knowledge of security technologies, including encryption, penetration testing, and firewalls. - Strong ability to assess and manage information security risks. - Excellent at building relationships across organizational levels, including senior stakeholders. - Experience building and managing teams. - Skilled in working with security suppliers for procurement and service delivery. - Experience in NHS information security policies and governance, including NHS IG toolkit. - Leadership in governance committees or boards, with high-level strategic planning skills. - Experience promoting and monitoring Equality, Diversity, and Inclusion in the workplace. If this sounds like you, or somebody you know, please reach out and we can talk! please note, there is no sponsorship on offer for this one
Sep 13, 2024
Full time
Salary - Up to £64,914 Location: Birmingham City Centre Work Pattern - Hybrid Our client are looking for an ambitious Deputy Head of Information Security to join their organisation near Birmingham City Centre. As a well-established, Birmingham-based company - they are looking to onboard an experienced Deputy Head of Information Security to help them to sure up their ISMS and help to effectively and efficiently manage a team. Key Responsibilities: - Support the Head of Information Security in directing and implementing the security strategy. - Identify and manage Information Security risks while ensuring adherence to industry standards and regulations. - Contribute to the design and implementation of secure systems, with emerging threats and technologies in mind. - Coordinate incident response efforts, ensuring minimal impact of security incidents on the organisation. - Development and delivery of information security training programs, ensuring a business-wide culture of security awareness. Required Knowledge & Skills: - Degree (or equivalent) in Information Security, Computer Science, or Business, with extensive technical and/or management experience in a relevant field. - Substantial experience in information security strategy, governance, policy creation, compliance, and incident handling. - CISSP or CISM certification with formal training in information security standards (e.g., ISO 27001/2, NIST CSF, PCI DSS). - Skilled in evaluating, managing, and delivering information security training. - Expertise in secure environments, handling sensitive data, and enforcing strict security policies. - In-depth knowledge of security technologies, including encryption, penetration testing, and firewalls. - Strong ability to assess and manage information security risks. - Excellent at building relationships across organizational levels, including senior stakeholders. - Experience building and managing teams. - Skilled in working with security suppliers for procurement and service delivery. - Experience in NHS information security policies and governance, including NHS IG toolkit. - Leadership in governance committees or boards, with high-level strategic planning skills. - Experience promoting and monitoring Equality, Diversity, and Inclusion in the workplace. If this sounds like you, or somebody you know, please reach out and we can talk! please note, there is no sponsorship on offer for this one
Salary - Up to £64,914 Location: Birmingham City Centre Work Pattern - Hybrid Our client are looking for an ambitious Deputy Head of Information Security to join their organisation near Birmingham City Centre. As a well-established, Birmingham-based company - they are looking to onboard an experienced Deputy Head of Information Security to help them to sure up their ISMS and help to effectively and efficiently manage a team. Key Responsibilities: - Support the Head of Information Security in directing and implementing the security strategy. - Identify and manage Information Security risks while ensuring adherence to industry standards and regulations. - Contribute to the design and implementation of secure systems, with emerging threats and technologies in mind. - Coordinate incident response efforts, ensuring minimal impact of security incidents on the organisation. - Development and delivery of information security training programs, ensuring a business-wide culture of security awareness. Required Knowledge & Skills: - Degree (or equivalent) in Information Security, Computer Science, or Business, with extensive technical and/or management experience in a relevant field. - Substantial experience in information security strategy, governance, policy creation, compliance, and incident handling. - CISSP or CISM certification with formal training in information security standards (e.g., ISO 27001/2, NIST CSF, PCI DSS). - Skilled in evaluating, managing, and delivering information security training. - Expertise in secure environments, handling sensitive data, and enforcing strict security policies. - In-depth knowledge of security technologies, including encryption, penetration testing, and firewalls. - Strong ability to assess and manage information security risks. - Excellent at building relationships across organizational levels, including senior stakeholders. - Experience building and managing teams. - Skilled in working with security suppliers for procurement and service delivery. - Experience in NHS information security policies and governance, including NHS IG toolkit. - Leadership in governance committees or boards, with high-level strategic planning skills. - Experience promoting and monitoring Equality, Diversity, and Inclusion in the workplace. If this sounds like you, or somebody you know, please reach out and we can talk! please note, there is no sponsorship on offer for this one
Sep 13, 2024
Full time
Salary - Up to £64,914 Location: Birmingham City Centre Work Pattern - Hybrid Our client are looking for an ambitious Deputy Head of Information Security to join their organisation near Birmingham City Centre. As a well-established, Birmingham-based company - they are looking to onboard an experienced Deputy Head of Information Security to help them to sure up their ISMS and help to effectively and efficiently manage a team. Key Responsibilities: - Support the Head of Information Security in directing and implementing the security strategy. - Identify and manage Information Security risks while ensuring adherence to industry standards and regulations. - Contribute to the design and implementation of secure systems, with emerging threats and technologies in mind. - Coordinate incident response efforts, ensuring minimal impact of security incidents on the organisation. - Development and delivery of information security training programs, ensuring a business-wide culture of security awareness. Required Knowledge & Skills: - Degree (or equivalent) in Information Security, Computer Science, or Business, with extensive technical and/or management experience in a relevant field. - Substantial experience in information security strategy, governance, policy creation, compliance, and incident handling. - CISSP or CISM certification with formal training in information security standards (e.g., ISO 27001/2, NIST CSF, PCI DSS). - Skilled in evaluating, managing, and delivering information security training. - Expertise in secure environments, handling sensitive data, and enforcing strict security policies. - In-depth knowledge of security technologies, including encryption, penetration testing, and firewalls. - Strong ability to assess and manage information security risks. - Excellent at building relationships across organizational levels, including senior stakeholders. - Experience building and managing teams. - Skilled in working with security suppliers for procurement and service delivery. - Experience in NHS information security policies and governance, including NHS IG toolkit. - Leadership in governance committees or boards, with high-level strategic planning skills. - Experience promoting and monitoring Equality, Diversity, and Inclusion in the workplace. If this sounds like you, or somebody you know, please reach out and we can talk! please note, there is no sponsorship on offer for this one
Brio Digital are proud to be supporting a financial services company who are looking for a Cyber Security Architect with expertise in DevSecOps and cloud security. Cyber Security Architect Key Responsibilities: Architect and implement secure AWS environments, with a focus on scalability and resilience Integrate security practices into CI/CD pipelines , ensuring security is embedded from development through to production Conduct detailed threat modeling , security risk assessments , and vulnerability management to identify and mitigate risks Ensure compliance with relevant regulations and industry standards (e.g., ISO 27001, NIST, GDPR ) Lead incident response planning and forensic investigations for security incidents Collaborate with DevOps, engineering, and security teams to design and implement security controls Mentor and guide teams on best practices for cloud security , DevSecOps , and emerging threats Cyber Security Architect Experience: Extensive experience in designing and securing AWS cloud architectures , including IAM, VPC, EC2, Lambda, and container security Deep knowledge of DevSecOps tools and processes , such as Jenkins, GitLab CI, Docker, Kubernetes, and automated security testing Proven experience leading complex security projects and ensuring compliance with security frameworks (e.g., SOC 2, PCI DSS ) Excellent communication skills with the ability to influence cross-functional teams and drive security initiatives Apply now or email for more information.
Sep 12, 2024
Full time
Brio Digital are proud to be supporting a financial services company who are looking for a Cyber Security Architect with expertise in DevSecOps and cloud security. Cyber Security Architect Key Responsibilities: Architect and implement secure AWS environments, with a focus on scalability and resilience Integrate security practices into CI/CD pipelines , ensuring security is embedded from development through to production Conduct detailed threat modeling , security risk assessments , and vulnerability management to identify and mitigate risks Ensure compliance with relevant regulations and industry standards (e.g., ISO 27001, NIST, GDPR ) Lead incident response planning and forensic investigations for security incidents Collaborate with DevOps, engineering, and security teams to design and implement security controls Mentor and guide teams on best practices for cloud security , DevSecOps , and emerging threats Cyber Security Architect Experience: Extensive experience in designing and securing AWS cloud architectures , including IAM, VPC, EC2, Lambda, and container security Deep knowledge of DevSecOps tools and processes , such as Jenkins, GitLab CI, Docker, Kubernetes, and automated security testing Proven experience leading complex security projects and ensuring compliance with security frameworks (e.g., SOC 2, PCI DSS ) Excellent communication skills with the ability to influence cross-functional teams and drive security initiatives Apply now or email for more information.
Associate Director, Cyber Security - Global Management Consultancy - Hybrid/ Remote Working Robert Half are delighted to be partnering with a global Business Consulting firm who are seeking an Associate Director to join their flagship Cyber Security division. As a business they employ over 9000 people across 80 worldwide offices. Part of their overall Technology Consulting Division. The Cyber Security practice includes coverage of focused domains such as Technical Security Assessments, Assessment against cyber security frameworks, PCI DSS assessments, Cloud Security Reviews, Cyber Security Audits, Cyber Security Strategy and Advisory work. Cyber Security is a high-growth area for their business globally. The Role "The Associate Director role plays a key role in the continual development of our existing relationships with clients and in developing new accounts to expand the cyber security practice". Some of the Responsibilities Responsible for identifying growth opportunities and driving business growth for engagements across the focus areas in cyber security. Leading business development activities such as identifying, building and actively managing business relationships. Working closely with our business development team in a technical capacity to develop proposals and respond to client requirements. Assume the lead role in the execution of cyber security engagements. Managing individuals within the delivery team Working closely with the client teams to ensure that their needs are understood, and their stated requirements are met through the delivery of the engagement. Skills & Experience Required: In-depth knowledge and understanding of industry cyber security frameworks such as ISO 27001, NIST CSF, NIS 2 and/or PCI DSS. Hands-on experience in implementing or assessing against these frameworks is a must-have requirement. Demonstrated ability to lead and manage teams and deliver cybersecurity engagements to a range of clients across various sectors. Demonstrated ability of business development and managing a portfolio of clients. Ability to play a lead role in developing content to support the business development efforts across the focus areas in cyber security. Experience in delivering talks, presentations and industry briefings Excellent persuasion, presentation and report-writing skills They have 3 offices across the UK with their core hub in Central London, they offer very flexible working arrangements. £105-125k Base Salary + 15-20% Bonus & Benefits Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to equal opportunity and diversity. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data: gb/en/privacy-notice Security alert: scammers are currently targeting jobseekers. Robert Half do not ask candidates for a fee or request candidates to send applications through instant messaging services such as WhatsApp or Telegram. Learn how to protect yourself by visiting our website: gb/en/how-spot-recruitment-scams-and-protect-yourself
Sep 12, 2024
Full time
Associate Director, Cyber Security - Global Management Consultancy - Hybrid/ Remote Working Robert Half are delighted to be partnering with a global Business Consulting firm who are seeking an Associate Director to join their flagship Cyber Security division. As a business they employ over 9000 people across 80 worldwide offices. Part of their overall Technology Consulting Division. The Cyber Security practice includes coverage of focused domains such as Technical Security Assessments, Assessment against cyber security frameworks, PCI DSS assessments, Cloud Security Reviews, Cyber Security Audits, Cyber Security Strategy and Advisory work. Cyber Security is a high-growth area for their business globally. The Role "The Associate Director role plays a key role in the continual development of our existing relationships with clients and in developing new accounts to expand the cyber security practice". Some of the Responsibilities Responsible for identifying growth opportunities and driving business growth for engagements across the focus areas in cyber security. Leading business development activities such as identifying, building and actively managing business relationships. Working closely with our business development team in a technical capacity to develop proposals and respond to client requirements. Assume the lead role in the execution of cyber security engagements. Managing individuals within the delivery team Working closely with the client teams to ensure that their needs are understood, and their stated requirements are met through the delivery of the engagement. Skills & Experience Required: In-depth knowledge and understanding of industry cyber security frameworks such as ISO 27001, NIST CSF, NIS 2 and/or PCI DSS. Hands-on experience in implementing or assessing against these frameworks is a must-have requirement. Demonstrated ability to lead and manage teams and deliver cybersecurity engagements to a range of clients across various sectors. Demonstrated ability of business development and managing a portfolio of clients. Ability to play a lead role in developing content to support the business development efforts across the focus areas in cyber security. Experience in delivering talks, presentations and industry briefings Excellent persuasion, presentation and report-writing skills They have 3 offices across the UK with their core hub in Central London, they offer very flexible working arrangements. £105-125k Base Salary + 15-20% Bonus & Benefits Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to equal opportunity and diversity. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data: gb/en/privacy-notice Security alert: scammers are currently targeting jobseekers. Robert Half do not ask candidates for a fee or request candidates to send applications through instant messaging services such as WhatsApp or Telegram. Learn how to protect yourself by visiting our website: gb/en/how-spot-recruitment-scams-and-protect-yourself
Senior Network Engineer Hybrid with On-Call Network Design I have a client based in Yorkshire who is looking for a Senior Network Engineer with experience in architecture design to join their growing team on a hybrid basis. Would you or anyone you know be interested? The ideal candidate should have a solid background in supporting or working with public sector clients, including local authorities, healthcare, and educational institutions. A passion for network technology, along with strong problem-solving skills and excellent communication abilities, is essential for this role. Key Responsibilities: Network Design & Deployment : Lead the design, deployment, and management of LAN and WAN infrastructure at various locations, including customer sites. Technical Leadership & Escalation : Act as a senior technical resource, overseeing projects from initial planning and design to full implementation and providing technical guidance to resolve complex issues. Infrastructure Expertise : Manage edge and core switching, telecommunications Routers, wireless solutions, and fixed/wireless point-to-point connections. Network Security : Implement robust security measures, including Firewalls, VPNs, email security, web filtering, and two-factor authentication. Mentoring & Training : Provide mentorship to technical staff and assist in developing and delivering internal and external technical training programs. Compliance Support : Help clients achieve and maintain compliance with security standards such as ISO27001, Cyber Essentials, PSN Code of Connection, and PCI-DSS. Client Solutions : Take ownership of customer solutions, offering ongoing technical management and presenting designs and solutions as needed. Documentation & Reporting : Produce thorough design documentation and technical reports to ensure clear communication and effective project execution. Required Skills & Experience: Expertise in Networking : Strong understanding of TCP/IP, advanced network protocols, Unified Communications/telephony, wireless networking, and network security technologies. Certifications : Relevant certifications such as Cisco CCNP, Juniper JNCIP, or equivalent qualifications. Security Knowledge : Familiarity with enterprise Firewalls and at least three areas like VPNs, Unified Threat Management, email security, and web filtering. Project Leadership : Proven experience in designing, implementing, and troubleshooting network infrastructure projects. Technical Reporting : Skilled in producing detailed technical reports and documentation. Public Sector Experience : Prior experience working with or consulting for public sector organisations is highly desirable. Special Requirements: Participation in an on-call rotation for 24/7 support services. Ability to obtain a DBS clearance A full, valid UK driving license is mandatory.
Sep 12, 2024
Full time
Senior Network Engineer Hybrid with On-Call Network Design I have a client based in Yorkshire who is looking for a Senior Network Engineer with experience in architecture design to join their growing team on a hybrid basis. Would you or anyone you know be interested? The ideal candidate should have a solid background in supporting or working with public sector clients, including local authorities, healthcare, and educational institutions. A passion for network technology, along with strong problem-solving skills and excellent communication abilities, is essential for this role. Key Responsibilities: Network Design & Deployment : Lead the design, deployment, and management of LAN and WAN infrastructure at various locations, including customer sites. Technical Leadership & Escalation : Act as a senior technical resource, overseeing projects from initial planning and design to full implementation and providing technical guidance to resolve complex issues. Infrastructure Expertise : Manage edge and core switching, telecommunications Routers, wireless solutions, and fixed/wireless point-to-point connections. Network Security : Implement robust security measures, including Firewalls, VPNs, email security, web filtering, and two-factor authentication. Mentoring & Training : Provide mentorship to technical staff and assist in developing and delivering internal and external technical training programs. Compliance Support : Help clients achieve and maintain compliance with security standards such as ISO27001, Cyber Essentials, PSN Code of Connection, and PCI-DSS. Client Solutions : Take ownership of customer solutions, offering ongoing technical management and presenting designs and solutions as needed. Documentation & Reporting : Produce thorough design documentation and technical reports to ensure clear communication and effective project execution. Required Skills & Experience: Expertise in Networking : Strong understanding of TCP/IP, advanced network protocols, Unified Communications/telephony, wireless networking, and network security technologies. Certifications : Relevant certifications such as Cisco CCNP, Juniper JNCIP, or equivalent qualifications. Security Knowledge : Familiarity with enterprise Firewalls and at least three areas like VPNs, Unified Threat Management, email security, and web filtering. Project Leadership : Proven experience in designing, implementing, and troubleshooting network infrastructure projects. Technical Reporting : Skilled in producing detailed technical reports and documentation. Public Sector Experience : Prior experience working with or consulting for public sector organisations is highly desirable. Special Requirements: Participation in an on-call rotation for 24/7 support services. Ability to obtain a DBS clearance A full, valid UK driving license is mandatory.
Purpose of the Technical Security Analyst Role: The role of the Technical Security Analyst is to assist the Information Security Manager to ensure the confidentiality, integrity and availability of Stonegate Group information assets and systems. They will be a technical resource that will assess security policies and controls for effectiveness and suitability against the security risk profile. They will have experience in Cyber Security and information security and either hold a professional qualification or willing to do whatever is required to become trained and qualified. They will work as a part of the IT Operations team to ensure business is protected from Cyber threats , is able to respond to and recovers from incidents , and operates within an appropriate cyber security management framework. Protection of digital assets from unauthorised access will be paramount, documenting risk mitigation before a data breach occurs. As a security professional, they will research and organise ethical hacking to expose weaknesses in the on-site infrastructure. Technical Security Analyst Key Responsibilities Duties and Responsibilities: Using the information security risk assessment methodology to provide expert advice and guidance. Conduct threat assessments for infrastructure and applications to ensure adequate technical and non-technical effective controls are in place. Documentation of information security risk assessments to identify any issues or risks that need to be articulated to senior management for remediation and/or to follow formal risk acceptance governance processes. Supporting delivery of projects with security risk assessment/mitigation and ensuring that they align to the appropriate technology change framework and that solutions meet relevant security principles. Responsible for the identification of security gaps and advising on design of new controls and processes to be implemented by IT, Business and third parties. Support the Information Security Manager in developing any penetration testing requirements, engaging with third parties, managing security engineering and the business to remediate any risk/issues identified before go-live. Interpreting and developing the Stonegate Group security policies, standards and baselines and liaising with the project teams to ensure solutions are delivered securely. Perform periodic internal reviews of systems and identifying compliance gaps that should be escalated. Contribute to the creation of detailed metrics and reports based on information security risk analysis to reduce and mitigate risk. Engaging with the business to highlight information security risks to ensure they are making informed decisions around technology and implementation choices. Technical Security Analyst Skills, Experience & Qualifications: Essential: Deep technical knowledge of cloud platform security technologies, including but not limited to Microsoft Defender, Azure Sentinel and Endpoint. Knowledge of email and Web gateway's Understanding of wider general infrastructure with Windows and Microsoft. Delivery of security-based projects to set deadlines. Knowledge and use of vulnerability scanning tools, for example, Qualys, Tenable, Nessus Proficient in working with Service-Now tool. Strong documentation skills, for example delivery of technical reports, process documents Ability to work independently Must be an excellent communicator and speaker both in front of large groups of team members and in written interactions Knowledge of infrastructure solutions, firewalls, routers GDPR / Data Protection regulation knowledge Knowledge of Cyber Security frameworks, for example, NIST, ISO27001, CIS Ability to work in UK without sponsorship is essential. Ability to influence at senior levels on matters relating to security and information risk. Desirable: Hospitality/retail experience highly desirable (but not essential) PCI DSS awareness Educated to degree standard or equivalent (or appropriate practical experience) Relevant security qualifications Governance, Risk and Compliance knowledge What's in it for theTechnical Security Analyst? 25 days annual leave Annual Leave Purchase Scheme Pension Vitality Healthcare Opt in dental insurance programme Annual bonus scheme The Stonegate discount card offering discounts across our managed estate Online benefits portal offering discounts across the High Street and other retailers At Stonegate Group, we're proud to be the biggest operator of pubs, bars, and late-night venues in the United Kingdom. Our leading brands are diverse and well-known, including names like Slug & Lettuce, Be At One and Popworld. If you have a disability as outlined by the Equality Act 2010 and require reasonable adjustments to be made during the recruitment process, please let us know in advance so that any support, aids or adaptations can be put in place to assist you.
Sep 12, 2024
Full time
Purpose of the Technical Security Analyst Role: The role of the Technical Security Analyst is to assist the Information Security Manager to ensure the confidentiality, integrity and availability of Stonegate Group information assets and systems. They will be a technical resource that will assess security policies and controls for effectiveness and suitability against the security risk profile. They will have experience in Cyber Security and information security and either hold a professional qualification or willing to do whatever is required to become trained and qualified. They will work as a part of the IT Operations team to ensure business is protected from Cyber threats , is able to respond to and recovers from incidents , and operates within an appropriate cyber security management framework. Protection of digital assets from unauthorised access will be paramount, documenting risk mitigation before a data breach occurs. As a security professional, they will research and organise ethical hacking to expose weaknesses in the on-site infrastructure. Technical Security Analyst Key Responsibilities Duties and Responsibilities: Using the information security risk assessment methodology to provide expert advice and guidance. Conduct threat assessments for infrastructure and applications to ensure adequate technical and non-technical effective controls are in place. Documentation of information security risk assessments to identify any issues or risks that need to be articulated to senior management for remediation and/or to follow formal risk acceptance governance processes. Supporting delivery of projects with security risk assessment/mitigation and ensuring that they align to the appropriate technology change framework and that solutions meet relevant security principles. Responsible for the identification of security gaps and advising on design of new controls and processes to be implemented by IT, Business and third parties. Support the Information Security Manager in developing any penetration testing requirements, engaging with third parties, managing security engineering and the business to remediate any risk/issues identified before go-live. Interpreting and developing the Stonegate Group security policies, standards and baselines and liaising with the project teams to ensure solutions are delivered securely. Perform periodic internal reviews of systems and identifying compliance gaps that should be escalated. Contribute to the creation of detailed metrics and reports based on information security risk analysis to reduce and mitigate risk. Engaging with the business to highlight information security risks to ensure they are making informed decisions around technology and implementation choices. Technical Security Analyst Skills, Experience & Qualifications: Essential: Deep technical knowledge of cloud platform security technologies, including but not limited to Microsoft Defender, Azure Sentinel and Endpoint. Knowledge of email and Web gateway's Understanding of wider general infrastructure with Windows and Microsoft. Delivery of security-based projects to set deadlines. Knowledge and use of vulnerability scanning tools, for example, Qualys, Tenable, Nessus Proficient in working with Service-Now tool. Strong documentation skills, for example delivery of technical reports, process documents Ability to work independently Must be an excellent communicator and speaker both in front of large groups of team members and in written interactions Knowledge of infrastructure solutions, firewalls, routers GDPR / Data Protection regulation knowledge Knowledge of Cyber Security frameworks, for example, NIST, ISO27001, CIS Ability to work in UK without sponsorship is essential. Ability to influence at senior levels on matters relating to security and information risk. Desirable: Hospitality/retail experience highly desirable (but not essential) PCI DSS awareness Educated to degree standard or equivalent (or appropriate practical experience) Relevant security qualifications Governance, Risk and Compliance knowledge What's in it for theTechnical Security Analyst? 25 days annual leave Annual Leave Purchase Scheme Pension Vitality Healthcare Opt in dental insurance programme Annual bonus scheme The Stonegate discount card offering discounts across our managed estate Online benefits portal offering discounts across the High Street and other retailers At Stonegate Group, we're proud to be the biggest operator of pubs, bars, and late-night venues in the United Kingdom. Our leading brands are diverse and well-known, including names like Slug & Lettuce, Be At One and Popworld. If you have a disability as outlined by the Equality Act 2010 and require reasonable adjustments to be made during the recruitment process, please let us know in advance so that any support, aids or adaptations can be put in place to assist you.
Information Security Consultant - SC - Remote - Inside IR35 Our client, a global consultancy company, are currently looking for an Information Security Manager to join an expanding Cyber Security Consulting practice. This role would be Inside IR35, and working on a hybrid basis. Security Clearance (SC) is required for this position. In this role you will be responsible for providing assurance, management and control of cyber security on behalf of clients. Key Responsibilities: Identifies and reports systemic weaknesses in control effectiveness Specifies requirements for cyber Health Checks to ensure identification of vulnerabilities and testing of cyber security controls, and to protect other cyber systems. Manages the resulting remediating controls for the business Reports and where applicable investigates security incidents or breaches of security policy in accordance with local procedures and guidance. Chairs cyber security working groups Represents cyber security on Change Advisory Board Manages compliance in area of responsibility with organisational commitments to Codes of Connection with partners Contributes to development of cyber security policy Maintains the information security risk register ensuring that all known risks are appropriately assessed, and risk treatment plans are in place for all risks assessed to be above the organisations risk tolerance level. Ensures that the acceptance of risks by the organisation's senior management is properly recorded. Promotes a culture of information security awareness within the organisation. Plans and conducts a programme of internal and second-party audits to measure compliance with security policy and associated standards. May manage a team of Security Analysts on assigned client engagements Skills & Experience: Essential: Broad technical background in ICT ISACA Certified Information Security Manager (CISM) certified Strong knowledge and experience with the ISO27001:2013 standard Certified ISO27001:2013 Lead Implementer and/or Lead Auditor Graduate or similar educational level Strong communication skills, both verbal and written. Stakeholder management Desirable: ISO 22301 Lead Implementer and/or Lead Auditor certified PCI-DSS Internal Security Auditor (PCI ISA) certified CESG Certified Professional (CCP) ITSO certified ISACA Certified Information Systems Auditor (CISA) certified ISC2 Certified Information Systems Security Professional (CISSP) certified If this role would be a good fit for you, please apply! Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
Sep 11, 2024
Full time
Information Security Consultant - SC - Remote - Inside IR35 Our client, a global consultancy company, are currently looking for an Information Security Manager to join an expanding Cyber Security Consulting practice. This role would be Inside IR35, and working on a hybrid basis. Security Clearance (SC) is required for this position. In this role you will be responsible for providing assurance, management and control of cyber security on behalf of clients. Key Responsibilities: Identifies and reports systemic weaknesses in control effectiveness Specifies requirements for cyber Health Checks to ensure identification of vulnerabilities and testing of cyber security controls, and to protect other cyber systems. Manages the resulting remediating controls for the business Reports and where applicable investigates security incidents or breaches of security policy in accordance with local procedures and guidance. Chairs cyber security working groups Represents cyber security on Change Advisory Board Manages compliance in area of responsibility with organisational commitments to Codes of Connection with partners Contributes to development of cyber security policy Maintains the information security risk register ensuring that all known risks are appropriately assessed, and risk treatment plans are in place for all risks assessed to be above the organisations risk tolerance level. Ensures that the acceptance of risks by the organisation's senior management is properly recorded. Promotes a culture of information security awareness within the organisation. Plans and conducts a programme of internal and second-party audits to measure compliance with security policy and associated standards. May manage a team of Security Analysts on assigned client engagements Skills & Experience: Essential: Broad technical background in ICT ISACA Certified Information Security Manager (CISM) certified Strong knowledge and experience with the ISO27001:2013 standard Certified ISO27001:2013 Lead Implementer and/or Lead Auditor Graduate or similar educational level Strong communication skills, both verbal and written. Stakeholder management Desirable: ISO 22301 Lead Implementer and/or Lead Auditor certified PCI-DSS Internal Security Auditor (PCI ISA) certified CESG Certified Professional (CCP) ITSO certified ISACA Certified Information Systems Auditor (CISA) certified ISC2 Certified Information Systems Security Professional (CISSP) certified If this role would be a good fit for you, please apply! Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
Job Title : GRC Security Consultant Contract Duration : 6 Months Location : Remote with occasional site visit Day Rate : Inside IR35 - £550-£700 per day The Role : We are seeking an experienced Security Consultant to join our team on a contract basis. In this role, you will focus on providing expert guidance in information security management, risk assessments, governance, and compliance aligned with industry standards such as ISO27001 and NIST frameworks. Your primary responsibility will be to assess, design, and implement security strategies that mitigate risks and ensure compliance with relevant regulations. Key Responsibilities : Governance, Risk, and Compliance (GRC) : Design and implement governance frameworks that ensure alignment with ISO27001, NIST, and other relevant standards. Develop and maintain risk management strategies, identifying, assessing, and mitigating security risks across the organization. Conduct regular compliance assessments and audits to ensure adherence to regulatory requirements (e.g., GDPR, PCI-DSS). NIST Cybersecurity Framework : Implement and manage cybersecurity controls in alignment with the NIST Cybersecurity Framework (CSF). Perform gap analyses between current practices and NIST CSF to identify areas for improvement. Recommend and implement cybersecurity measures based on NIST standards to enhance the organization's security posture. Risk Management : Conduct risk assessments to identify vulnerabilities and threats, proposing solutions for risk mitigation. Develop risk treatment plans that prioritize business-critical risks and ensure continuous monitoring and reporting. Work closely with cross-functional teams to integrate risk management into day-to-day operations. Compliance & Auditing : Perform internal security audits to ensure compliance with ISO27001, NIST, and other regulatory frameworks. Review and maintain documentation related to compliance audits and risk assessments. Collaborate with external auditors during formal audits, providing required evidence and remediation plans. Reporting and Documentation : Prepare detailed reports on risk assessments, compliance findings, and security governance initiatives for management. Document security incidents, non-compliance issues, and corrective actions taken to ensure continual compliance. Key Skills and Requirements : Proven experience as a Security Consultant with a focus on ISO27001, NIST, and risk management frameworks. In-depth knowledge of ISO27001 implementation, audits, and continual improvement processes. Hands-on experience with NIST CSF, including assessment and control implementation. Strong understanding of governance, risk, and compliance (GRC) frameworks, along with regulatory requirements such as GDPR, HIPAA, and PCI-DSS. Excellent analytical and problem-solving skills to assess security risks and recommend mitigation strategies. Strong communication skills, with the ability to articulate complex security issues clearly to both technical and non-technical stakeholders. Experience in preparing detailed audit reports and risk treatment plans. Relevant certifications such as ISO27001 Lead Auditor, CISSP, CISM, or CRISC are highly desirable.
Sep 10, 2024
Full time
Job Title : GRC Security Consultant Contract Duration : 6 Months Location : Remote with occasional site visit Day Rate : Inside IR35 - £550-£700 per day The Role : We are seeking an experienced Security Consultant to join our team on a contract basis. In this role, you will focus on providing expert guidance in information security management, risk assessments, governance, and compliance aligned with industry standards such as ISO27001 and NIST frameworks. Your primary responsibility will be to assess, design, and implement security strategies that mitigate risks and ensure compliance with relevant regulations. Key Responsibilities : Governance, Risk, and Compliance (GRC) : Design and implement governance frameworks that ensure alignment with ISO27001, NIST, and other relevant standards. Develop and maintain risk management strategies, identifying, assessing, and mitigating security risks across the organization. Conduct regular compliance assessments and audits to ensure adherence to regulatory requirements (e.g., GDPR, PCI-DSS). NIST Cybersecurity Framework : Implement and manage cybersecurity controls in alignment with the NIST Cybersecurity Framework (CSF). Perform gap analyses between current practices and NIST CSF to identify areas for improvement. Recommend and implement cybersecurity measures based on NIST standards to enhance the organization's security posture. Risk Management : Conduct risk assessments to identify vulnerabilities and threats, proposing solutions for risk mitigation. Develop risk treatment plans that prioritize business-critical risks and ensure continuous monitoring and reporting. Work closely with cross-functional teams to integrate risk management into day-to-day operations. Compliance & Auditing : Perform internal security audits to ensure compliance with ISO27001, NIST, and other regulatory frameworks. Review and maintain documentation related to compliance audits and risk assessments. Collaborate with external auditors during formal audits, providing required evidence and remediation plans. Reporting and Documentation : Prepare detailed reports on risk assessments, compliance findings, and security governance initiatives for management. Document security incidents, non-compliance issues, and corrective actions taken to ensure continual compliance. Key Skills and Requirements : Proven experience as a Security Consultant with a focus on ISO27001, NIST, and risk management frameworks. In-depth knowledge of ISO27001 implementation, audits, and continual improvement processes. Hands-on experience with NIST CSF, including assessment and control implementation. Strong understanding of governance, risk, and compliance (GRC) frameworks, along with regulatory requirements such as GDPR, HIPAA, and PCI-DSS. Excellent analytical and problem-solving skills to assess security risks and recommend mitigation strategies. Strong communication skills, with the ability to articulate complex security issues clearly to both technical and non-technical stakeholders. Experience in preparing detailed audit reports and risk treatment plans. Relevant certifications such as ISO27001 Lead Auditor, CISSP, CISM, or CRISC are highly desirable.
PCI Analyst - Retail - £50,000 - Mostly Remote (Coventry) One of the UK's leading retail clients now requires a PCI Analyst to manage in PSI compliance assessments across a wide range of brands and technology.This is an exciting opportunity for a skilled PCI specialist who's looking to move into a more fast-paced environment which involves engaging with a wide range of stakeholders.The PCI Analyst will also be liaising very closely to Technical Stakeholders too and so a strong technical background is required!The successful candidate will be given the opportunity to take true ownership of their workload in a high performing team where career development is high on the agenda!The ideal PCI Analyst will have the following skills/experience: Strong knowledge of the PCI DSS, particularly in a retail environment Awareness of core Info Sec controls in a commercial environment Certifications such PCIP, ISA, CompTIA Sec+ or CISSP are desirable, but not essential Ideally, worked on websites from a wide range of PCI-DSS inputs. Passion for Information Security and an eye for detail Strong interpersonal and stakeholder management skills This is a mostly remote position; however, you would be asked to be onsite twice a month on an ad-hoc basis to their site in Coventry .Salary is offered up to £50,000 for the right candidate.If you're an experienced PCI Analyst with a strong technical background looking for an exciting new opportunity at a UK-leading retail brand, please apply!
Sep 10, 2024
Full time
PCI Analyst - Retail - £50,000 - Mostly Remote (Coventry) One of the UK's leading retail clients now requires a PCI Analyst to manage in PSI compliance assessments across a wide range of brands and technology.This is an exciting opportunity for a skilled PCI specialist who's looking to move into a more fast-paced environment which involves engaging with a wide range of stakeholders.The PCI Analyst will also be liaising very closely to Technical Stakeholders too and so a strong technical background is required!The successful candidate will be given the opportunity to take true ownership of their workload in a high performing team where career development is high on the agenda!The ideal PCI Analyst will have the following skills/experience: Strong knowledge of the PCI DSS, particularly in a retail environment Awareness of core Info Sec controls in a commercial environment Certifications such PCIP, ISA, CompTIA Sec+ or CISSP are desirable, but not essential Ideally, worked on websites from a wide range of PCI-DSS inputs. Passion for Information Security and an eye for detail Strong interpersonal and stakeholder management skills This is a mostly remote position; however, you would be asked to be onsite twice a month on an ad-hoc basis to their site in Coventry .Salary is offered up to £50,000 for the right candidate.If you're an experienced PCI Analyst with a strong technical background looking for an exciting new opportunity at a UK-leading retail brand, please apply!
IT Manager Salary: 50,000 - 60,000 Location: London (Hybrid) Permanent I have an exciting IT Manager opportunity with one of the country's leading independent communications companies. Our client is a dynamic and client focused managed service provider who specialise in communications and networking for a wide range of clients all over the UK and who pride themselves on providing complex solutions made simple for their customers. This is an exceptional time to join the company, supporting clients in 100 different countries via our UK-based Network Operations Centre and our in-house technical, engineering and professional services teams, as well as via our established network of global partners. Their culture is open, honest & supportive and they only partner with best-of-breed technology vendors such as Microsoft, Cisco, Amazon, Genesys & Avaya. They have a service-based culture, which earns "Trusted Advisor" Status with blue-chip customers. We require skilful, ambitious and flexible staff to work alongside us to continue our success and expansion. As IT Manager you will be expected to report on all aspects of IT, identify opportunities for improvement and help develop new features on the business systems and core infrastructure. The Role As IT Manager, you will be working within the Operations department ensuring the business systems are secure, operating optimally and always available to both staff and clients. You will be expected to report on all aspects of IT, identify opportunities for improvement and help develop new features on the business systems and core infrastructure. Having experience working with on premise and cloud based solutions, you will be aware of the challenges of integrating diverse solutions while maintaining data security and future proofing solutions. Streamlining our service offerings and the use of automation will be key to success of the team and business. Communication internally within the team as well as around the other business units will be crucial to driving customer success and identifying issues before they arise. Responsibilities Management of IT Support teams in UK, South Africa & India Interviewing and recruitment of IT professionals Creating and maintaining corporate and personal development plans for IT Support teams Undertaking staff appraisals, setting corporate and personal goals Ensuring ITIL best practices are utilised within IT Support Reporting on Internal IT Support performance Management of IT Managed Service Provider (MSP) & leading IT MSP service reviews Reporting on IT MSP performance Building and managing IT Budget, forecasting for growth Ensuring compliance with Data Protection register Creating and maintaining ISO27001 policies, processes and guidelines in-line with Compliance Ensuring IT policies are adhered to and have auditable evidence Acting as primary interface for IT during compliance audits Managing IT escalations Liaising with Project Managers & Solution Designers Attending New Product Introduction (NPI) meetings Essential Skills & Experience Excellent knowledge and understanding of: O365 Active Directory Cloud solutions In depth understanding of applying ITIL best practices to ITSM Excellent team building and motivational skills 24/7 Service Desk management skills Excellent knowledge of building and maintaining IT policies and processes Demonstrable track record of Change, Configuration and Release Management processes Excellent ISO27001 experience KPI/SLA/OLA implementation and monitoring Desirable Skills & Experience Experience of: PCI/DSS requirements Utilising systems to support a secure environment Requirements for handling security vulnerability breaches Building ServiceNow customer service request & incident portals Building ServiceNow CSM & ITSM workflows Supporting Salesforce Supporting NetSuite Monitoring systems, such as, Logic Monitor, Nectar, SolarWinds WAN, LAN technologies, such as, Cisco, Meraki, Juniper Managing data migration projects Desirable Certifications ITIL v4 Foundation , Service Manager MSCE - Microsoft Certified Systems Engineer ECS Recruitment Group Ltd is acting as an Employment Agency in relation to this vacancy.
Sep 09, 2024
Full time
IT Manager Salary: 50,000 - 60,000 Location: London (Hybrid) Permanent I have an exciting IT Manager opportunity with one of the country's leading independent communications companies. Our client is a dynamic and client focused managed service provider who specialise in communications and networking for a wide range of clients all over the UK and who pride themselves on providing complex solutions made simple for their customers. This is an exceptional time to join the company, supporting clients in 100 different countries via our UK-based Network Operations Centre and our in-house technical, engineering and professional services teams, as well as via our established network of global partners. Their culture is open, honest & supportive and they only partner with best-of-breed technology vendors such as Microsoft, Cisco, Amazon, Genesys & Avaya. They have a service-based culture, which earns "Trusted Advisor" Status with blue-chip customers. We require skilful, ambitious and flexible staff to work alongside us to continue our success and expansion. As IT Manager you will be expected to report on all aspects of IT, identify opportunities for improvement and help develop new features on the business systems and core infrastructure. The Role As IT Manager, you will be working within the Operations department ensuring the business systems are secure, operating optimally and always available to both staff and clients. You will be expected to report on all aspects of IT, identify opportunities for improvement and help develop new features on the business systems and core infrastructure. Having experience working with on premise and cloud based solutions, you will be aware of the challenges of integrating diverse solutions while maintaining data security and future proofing solutions. Streamlining our service offerings and the use of automation will be key to success of the team and business. Communication internally within the team as well as around the other business units will be crucial to driving customer success and identifying issues before they arise. Responsibilities Management of IT Support teams in UK, South Africa & India Interviewing and recruitment of IT professionals Creating and maintaining corporate and personal development plans for IT Support teams Undertaking staff appraisals, setting corporate and personal goals Ensuring ITIL best practices are utilised within IT Support Reporting on Internal IT Support performance Management of IT Managed Service Provider (MSP) & leading IT MSP service reviews Reporting on IT MSP performance Building and managing IT Budget, forecasting for growth Ensuring compliance with Data Protection register Creating and maintaining ISO27001 policies, processes and guidelines in-line with Compliance Ensuring IT policies are adhered to and have auditable evidence Acting as primary interface for IT during compliance audits Managing IT escalations Liaising with Project Managers & Solution Designers Attending New Product Introduction (NPI) meetings Essential Skills & Experience Excellent knowledge and understanding of: O365 Active Directory Cloud solutions In depth understanding of applying ITIL best practices to ITSM Excellent team building and motivational skills 24/7 Service Desk management skills Excellent knowledge of building and maintaining IT policies and processes Demonstrable track record of Change, Configuration and Release Management processes Excellent ISO27001 experience KPI/SLA/OLA implementation and monitoring Desirable Skills & Experience Experience of: PCI/DSS requirements Utilising systems to support a secure environment Requirements for handling security vulnerability breaches Building ServiceNow customer service request & incident portals Building ServiceNow CSM & ITSM workflows Supporting Salesforce Supporting NetSuite Monitoring systems, such as, Logic Monitor, Nectar, SolarWinds WAN, LAN technologies, such as, Cisco, Meraki, Juniper Managing data migration projects Desirable Certifications ITIL v4 Foundation , Service Manager MSCE - Microsoft Certified Systems Engineer ECS Recruitment Group Ltd is acting as an Employment Agency in relation to this vacancy.
Azure Cloud Architect 6 months London 2-3 days a week £704 per day Inside IR35 Leading digital transformation agency are actively recruiting for an experienced Cloud Infrastructure Architect with expertise in the Microsoft Azure stack with particular interest in setting up cloud landing zones and establishing DevOps pipelines. This position will focus on modernising a client s marketing and customer relationship management (CRM) capability. The successful Azure Cloud Architect will play a key role in transforming how data is leveraged to enhance revenue opportunities, guest experiences, and customer services. Key Responsibilities for the position of Azure Cloud Architect Cloud Landing Zone Architecture: Design, implement, and manage Azure cloud landing zones, ensuring scalability, security, and compliance. This includes setting up Azure resource hierarchies, management groups, subscription management, Azure Policy, and RBAC (Role-Based Access Control). Azure Infrastructure: Architect and deploy core Azure services, including Azure Virtual Networks, Azure Active Directory, Azure Storage, Azure Kubernetes Service (AKS), Azure Firewall, and other related Azure infrastructure services. Azure DevOps Pipeline Setup: Establish and optimize Azure DevOps pipelines, automating CI/CD processes. This includes configuring build and release pipelines, integrating with Azure Repos, and managing Azure Artifacts. Infrastructure as Code (IaC): Utilize tools such as Azure Resource Manager (ARM) templates, Terraform, and Bicep to automate the deployment and management of Azure resources. Security and Compliance: Implement Azure Security Center, Azure Sentinel, and other security tools to ensure the environment adheres to best practices and compliance requirements, such as GDPR or PCI-DSS. Technology Integration: Oversee the integration of Microsoft Dynamics 365, Power BI, and an enterprise API suite into the existing Azure cloud environment. Ensure seamless data flow and compatibility with existing on-premises systems and third-party applications. Monitoring and Optimization: Set up Azure Monitor, Azure Log Analytics, and Application Insights to track performance, troubleshoot issues, and optimize the environment for cost and performance efficiency. Experience required for the position of Azure Cloud Architect Experience: Minimum of 8-10 years of experience in cloud architecture, with a strong focus on Microsoft Azure. Proven experience in designing and implementing cloud landing zones and DevOps pipelines in large-scale, enterprise environments. Technical Skills: Extensive knowledge of core Azure services: Azure Virtual Machines, Azure SQL Database, Azure App Services, and Azure Functions. Proficiency with Azure DevOps for CI/CD, including experience with YAML pipelines, Azure Repos, and integrating third-party tools. Strong experience with Azure Security services: Azure Security Center, Azure Defender, Azure Key Vault, and Azure Sentinel. Familiarity with Infrastructure as Code (IaC) using ARM templates, Terraform, and Bicep. Understanding of networking in Azure: Virtual Networks, ExpressRoute, Load Balancers, and Application Gateway.
Sep 09, 2024
Contractor
Azure Cloud Architect 6 months London 2-3 days a week £704 per day Inside IR35 Leading digital transformation agency are actively recruiting for an experienced Cloud Infrastructure Architect with expertise in the Microsoft Azure stack with particular interest in setting up cloud landing zones and establishing DevOps pipelines. This position will focus on modernising a client s marketing and customer relationship management (CRM) capability. The successful Azure Cloud Architect will play a key role in transforming how data is leveraged to enhance revenue opportunities, guest experiences, and customer services. Key Responsibilities for the position of Azure Cloud Architect Cloud Landing Zone Architecture: Design, implement, and manage Azure cloud landing zones, ensuring scalability, security, and compliance. This includes setting up Azure resource hierarchies, management groups, subscription management, Azure Policy, and RBAC (Role-Based Access Control). Azure Infrastructure: Architect and deploy core Azure services, including Azure Virtual Networks, Azure Active Directory, Azure Storage, Azure Kubernetes Service (AKS), Azure Firewall, and other related Azure infrastructure services. Azure DevOps Pipeline Setup: Establish and optimize Azure DevOps pipelines, automating CI/CD processes. This includes configuring build and release pipelines, integrating with Azure Repos, and managing Azure Artifacts. Infrastructure as Code (IaC): Utilize tools such as Azure Resource Manager (ARM) templates, Terraform, and Bicep to automate the deployment and management of Azure resources. Security and Compliance: Implement Azure Security Center, Azure Sentinel, and other security tools to ensure the environment adheres to best practices and compliance requirements, such as GDPR or PCI-DSS. Technology Integration: Oversee the integration of Microsoft Dynamics 365, Power BI, and an enterprise API suite into the existing Azure cloud environment. Ensure seamless data flow and compatibility with existing on-premises systems and third-party applications. Monitoring and Optimization: Set up Azure Monitor, Azure Log Analytics, and Application Insights to track performance, troubleshoot issues, and optimize the environment for cost and performance efficiency. Experience required for the position of Azure Cloud Architect Experience: Minimum of 8-10 years of experience in cloud architecture, with a strong focus on Microsoft Azure. Proven experience in designing and implementing cloud landing zones and DevOps pipelines in large-scale, enterprise environments. Technical Skills: Extensive knowledge of core Azure services: Azure Virtual Machines, Azure SQL Database, Azure App Services, and Azure Functions. Proficiency with Azure DevOps for CI/CD, including experience with YAML pipelines, Azure Repos, and integrating third-party tools. Strong experience with Azure Security services: Azure Security Center, Azure Defender, Azure Key Vault, and Azure Sentinel. Familiarity with Infrastructure as Code (IaC) using ARM templates, Terraform, and Bicep. Understanding of networking in Azure: Virtual Networks, ExpressRoute, Load Balancers, and Application Gateway.
Job Overview:The Our Client Technology and Cyber Security Risk Analyst will be working closely with Our Client business stakeholders, customers, and suppliers to identify and understand risk so it can be effectively managed through ServiceNow's IRM module. You will have previous experience in transforming a GRC department and be able to directly transform current services as well as support business as usual activity. This is a global role with responsibility for responding to information security needs across the entire Our Client corporation.An ideal candidate will have a demonstrated ability to drive security risk change, compliance, and business outcomes, can present security practices to business stakeholders, customers and suppliers, is detail oriented and able to operate effectively under pressure.Responsibilities: Support internal and external stakeholders on matters of risk assessments and framework requirements (working knowledge of NIST CSF, 800-53). Ensuring security and compliance requirements are understood by those stakeholders Driving transformational change to the Technology and Security Risk program as it evolves to meet changing organizational and regulatory needs. Help build and maintain an effective third party risk assessment program Perform supplier risk assessments, contract reviews, respond to customer security questionnaires and establish that Our Client security and compliance requirements are understood. Develops tactical and trusted relationships within business stakeholders, partners and vendors. Awareness of project management techniques, while having the ability to support meetings when required. Ability to present clear, consistent information and professional risk reporting to directorate and executive to highlight highest priority risks and their treatment plans. Work directly with internal business partners to assist in the identification and assessment of potential security risks, establish risk owners, ratings, and management action plans Develop Standard Operating Procedures (SOP) to document procedures for risk assessments, third party assessments, and business process workflows for Security Governance, Risk, and Compliance Document recommendations and implementation of corrective action plans to remediate issues for identified deficiencies. Monitor the progress of plans for on time completion Counsel and guide business partners in identifying risks and potential risk mitigation alternatives commensurate with the risk identified and consistent with risk appetiteUtilizing working knowledge of IRM (Integrated Risk Management) of ServiceNow to build GRC processes within it. Ensure that fundamental information on accountable technology is accurate (e.g. KB Articles / process maps / training documents and presentations / RACI / Contract information). Identify problems that cause negative impact to Our Client or the team and help to create solutions. Provide on-the-job training and peer review to team members Feed recommendations into strategic plansRequired Skills and Experience : Security qualifications. i.e., CISSP, CISM. Work directly with technology, and business partners to assess security risk controls to ensure data is adequately safeguarded Experience in conducting internal security assessments and reviews Experience in articulating and documenting information security risks Customer driven; help bring the voice of customer into every technical decision. Influencing the security agenda across a large enterprise. Experience with security and privacy controls deployed in large enterprise and cloud environments Able to independently solve straightforward problems by investigating fully and provide recommended solutions for more sophisticated problems. A driven demeanour will thrive at Our Client. Proactive mentality is a must. Ability to clearly communicate information security concepts and complex technical topics to a wide audience of both technical and non-technical personnel (business leaders, auditors, legal staff, engineers) Execution oriented with an ability to manage multiple projects simultaneously with a focus on outcomes driving impact Ability to effectively work and collaborate with technical and non-technical resources. Demonstrates the ability to manage and prioritize multiple projects simultaneously and adapt to rapidly changing schedules, priorities, and workflows. Attention to detail, ability to multi-task and maintain composure when under pressure Agile, self-starter and can prioritize quickly and effectively. Contributes through the quality, accuracy and timeliness of the tasks/services provided by self, and quality control of work provided by others."Nice To Have" Skills and Experience : Hands on experience implementing security within public cloud services (AWS, Azure, Google) Good familiarity with other Enterprise Security organization (can identify which team fulfils which roles) and a Solid understanding of ITIL processes. Experience working in a security role focused on technical controls, services and procedures. Demonstrates a good understanding of the variety of technical security control concepts, procedures and systems (e.g., Email Security, AV, EDR, Firewalls). Experience with Configuration Management Database (CMDB) Strong familiarity with security standards, and audit requirements including NIST CSF, 800-53, ISO 27001, PCI DSS, and SOC 2 Type 2 reportsIn Return:Our Client is an equal opportunity employer, committed to providing an environment of mutual respect where equal opportunities are available to all applicants and colleagues. We are a diverse organization of dedicated and innovative individuals, and don't discriminate on the basis of any characteristic If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion on your career. Hays Talent Solutions is a trading division of Hays Specialist Recruitment Limited and acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk
Sep 08, 2024
Full time
Job Overview:The Our Client Technology and Cyber Security Risk Analyst will be working closely with Our Client business stakeholders, customers, and suppliers to identify and understand risk so it can be effectively managed through ServiceNow's IRM module. You will have previous experience in transforming a GRC department and be able to directly transform current services as well as support business as usual activity. This is a global role with responsibility for responding to information security needs across the entire Our Client corporation.An ideal candidate will have a demonstrated ability to drive security risk change, compliance, and business outcomes, can present security practices to business stakeholders, customers and suppliers, is detail oriented and able to operate effectively under pressure.Responsibilities: Support internal and external stakeholders on matters of risk assessments and framework requirements (working knowledge of NIST CSF, 800-53). Ensuring security and compliance requirements are understood by those stakeholders Driving transformational change to the Technology and Security Risk program as it evolves to meet changing organizational and regulatory needs. Help build and maintain an effective third party risk assessment program Perform supplier risk assessments, contract reviews, respond to customer security questionnaires and establish that Our Client security and compliance requirements are understood. Develops tactical and trusted relationships within business stakeholders, partners and vendors. Awareness of project management techniques, while having the ability to support meetings when required. Ability to present clear, consistent information and professional risk reporting to directorate and executive to highlight highest priority risks and their treatment plans. Work directly with internal business partners to assist in the identification and assessment of potential security risks, establish risk owners, ratings, and management action plans Develop Standard Operating Procedures (SOP) to document procedures for risk assessments, third party assessments, and business process workflows for Security Governance, Risk, and Compliance Document recommendations and implementation of corrective action plans to remediate issues for identified deficiencies. Monitor the progress of plans for on time completion Counsel and guide business partners in identifying risks and potential risk mitigation alternatives commensurate with the risk identified and consistent with risk appetiteUtilizing working knowledge of IRM (Integrated Risk Management) of ServiceNow to build GRC processes within it. Ensure that fundamental information on accountable technology is accurate (e.g. KB Articles / process maps / training documents and presentations / RACI / Contract information). Identify problems that cause negative impact to Our Client or the team and help to create solutions. Provide on-the-job training and peer review to team members Feed recommendations into strategic plansRequired Skills and Experience : Security qualifications. i.e., CISSP, CISM. Work directly with technology, and business partners to assess security risk controls to ensure data is adequately safeguarded Experience in conducting internal security assessments and reviews Experience in articulating and documenting information security risks Customer driven; help bring the voice of customer into every technical decision. Influencing the security agenda across a large enterprise. Experience with security and privacy controls deployed in large enterprise and cloud environments Able to independently solve straightforward problems by investigating fully and provide recommended solutions for more sophisticated problems. A driven demeanour will thrive at Our Client. Proactive mentality is a must. Ability to clearly communicate information security concepts and complex technical topics to a wide audience of both technical and non-technical personnel (business leaders, auditors, legal staff, engineers) Execution oriented with an ability to manage multiple projects simultaneously with a focus on outcomes driving impact Ability to effectively work and collaborate with technical and non-technical resources. Demonstrates the ability to manage and prioritize multiple projects simultaneously and adapt to rapidly changing schedules, priorities, and workflows. Attention to detail, ability to multi-task and maintain composure when under pressure Agile, self-starter and can prioritize quickly and effectively. Contributes through the quality, accuracy and timeliness of the tasks/services provided by self, and quality control of work provided by others."Nice To Have" Skills and Experience : Hands on experience implementing security within public cloud services (AWS, Azure, Google) Good familiarity with other Enterprise Security organization (can identify which team fulfils which roles) and a Solid understanding of ITIL processes. Experience working in a security role focused on technical controls, services and procedures. Demonstrates a good understanding of the variety of technical security control concepts, procedures and systems (e.g., Email Security, AV, EDR, Firewalls). Experience with Configuration Management Database (CMDB) Strong familiarity with security standards, and audit requirements including NIST CSF, 800-53, ISO 27001, PCI DSS, and SOC 2 Type 2 reportsIn Return:Our Client is an equal opportunity employer, committed to providing an environment of mutual respect where equal opportunities are available to all applicants and colleagues. We are a diverse organization of dedicated and innovative individuals, and don't discriminate on the basis of any characteristic If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion on your career. Hays Talent Solutions is a trading division of Hays Specialist Recruitment Limited and acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk
To support the Chief Information Security Officer in managing and reporting the Information Security Risks faced by Technology Services (TS) in delivering AJ Bell's systems and services. This role is responsible for facilitating the secure delivery of AJ Bell's technology and business change. The Security Architect will join a team of architects and play a lead role in designing and implementing security controls and processes. Key to this is assisting and supporting our colleagues in achieving their goals, but in a secure manner. This is a hybrid role with occasional travel to our Manchester Head Office. The key responsibilities of the role are: Subject matter expertise for security best practice, ensuring the maintenance of the confidentiality, integrity and availability of AJ Bell's systems and data. Design and implementation of enterprise security technology controls and platforms, following industry best practices. Supporting and advising on projects and change initiatives to ensure that there is no negative impact on our security posture Carrying out internal security reviews both on solutions we develop in house and third-party solutions. Supporting audit and due diligence activities within Technology Services Working with Information Security, Infrastructure and Architecture to define security standards. Acts as an integration point between the CISO and AJ Bell business and technology teams to ensure security is embedded across the organisation Essential experience, knowledge and skills: Demonstrable experience of implementing enterprise security platforms Previous experience of delivering and maintaining of technical enterprise security solutions for (but not limited to) the following areas: End Point Protection, Cloud Security, Network Security, DevOps, Security Monitoring & Remediation is advantageous. Knowledge of Secure Software Development Life Cycle best practices Strong understanding and knowledge of Information Security risk management tools and techniques Experience of security governance and compliance, ideally gained in financial services organisations Demonstrable understanding of Information Security control standards and frameworks e.g. ISO27001, NIST, PCI DSS Awareness and understanding of the Information Security threat landscape Deep understanding of Information Security solutions and controls Experience of Cloud security solutions and standards is highly advantageous Knowledge & Skills Excellent communicator, able to translate complex topics to all areas of the business Significant experience in the area of Information security Strong knowledge of core IT and networking concepts Well versed in IT security capabilities, framework and concepts Strong ownership of tasks, attention to detail and following through to conclusion Ability to challenge approach, strategy and implementation to ensure Information Security is consistently considered and improved Ability to work under own initiative to plan and communicate effectively with colleagues and customers Structured, self-starting, flexible and enjoy working in fast-paced environments Effective communication skills, both written and verbal Ability to plan, organise and follow through on assigned tasks and complete with little or no prompting from management Excellent attention to detail Attained CISSP or similar certification Minimum of 5 years' experience in an Information Security role gained in a financial services or e-commerce environment is preferred About Us: AJ Bell is one of the fastest-growing investment platform businesses in the UK offering an award-winning range of solutions that caters for everyone, from professional financial advisers, to DIY investors with little to no experience. We have 480.000 customers using our award-winning platform propositions to manage assets totalling more than £75.1 billion. Our customers trust us with their investments, and by continuously striving to make investing easier, we aim to help even more people take control of their financial futures. Having listed on the Main Market of the London Stock Exchange in December 2018, AJ Bell is now a FTSE 250 company. Headquartered in Manchester with offices in central London and Bristol, we now have over 1100 employees and have been named one of the UK's 'Best 100 Companies to Work For' for five consecutive years. There are opportunities for growth and professional development for employees wanting to progress within their career including induction training and our study support scheme which is part of our benefits package. There is an active programme of social events throughout the year, which are open to all employees. What we offer: • Generous holiday allowance increasing up to 30 days with service, plus bank holidays• Company Health cash plan• Holiday buy/sell scheme• Hybrid working policy• Casual dress code• Discretionary bonus• Contributory pension scheme• Dedicated time for proof-of-concepts and assessing new tech• Support to attend conferences, events, and meet-ups• Buy as you earn share scheme• Free share scheme• Paid study support for qualifications• Maternity/paternity scheme • Bike loan• Season ticket loan portal• Discounted PMI and Dental• On-site gym and personal trainer led classes• Paid volunteering opportunities• Free social events and more AJ Bell is committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and all employees are empowered to bring their whole self to work. We do not discriminate on the basis of race, sex, gender identity, sexual orientation, age, pregnancy, religion, physical and mental disability, marital status and any other characteristics protected by the Equality Act 2010. All decisions to hire are based on qualifications, merit and business need.
Aug 13, 2023
Full time
To support the Chief Information Security Officer in managing and reporting the Information Security Risks faced by Technology Services (TS) in delivering AJ Bell's systems and services. This role is responsible for facilitating the secure delivery of AJ Bell's technology and business change. The Security Architect will join a team of architects and play a lead role in designing and implementing security controls and processes. Key to this is assisting and supporting our colleagues in achieving their goals, but in a secure manner. This is a hybrid role with occasional travel to our Manchester Head Office. The key responsibilities of the role are: Subject matter expertise for security best practice, ensuring the maintenance of the confidentiality, integrity and availability of AJ Bell's systems and data. Design and implementation of enterprise security technology controls and platforms, following industry best practices. Supporting and advising on projects and change initiatives to ensure that there is no negative impact on our security posture Carrying out internal security reviews both on solutions we develop in house and third-party solutions. Supporting audit and due diligence activities within Technology Services Working with Information Security, Infrastructure and Architecture to define security standards. Acts as an integration point between the CISO and AJ Bell business and technology teams to ensure security is embedded across the organisation Essential experience, knowledge and skills: Demonstrable experience of implementing enterprise security platforms Previous experience of delivering and maintaining of technical enterprise security solutions for (but not limited to) the following areas: End Point Protection, Cloud Security, Network Security, DevOps, Security Monitoring & Remediation is advantageous. Knowledge of Secure Software Development Life Cycle best practices Strong understanding and knowledge of Information Security risk management tools and techniques Experience of security governance and compliance, ideally gained in financial services organisations Demonstrable understanding of Information Security control standards and frameworks e.g. ISO27001, NIST, PCI DSS Awareness and understanding of the Information Security threat landscape Deep understanding of Information Security solutions and controls Experience of Cloud security solutions and standards is highly advantageous Knowledge & Skills Excellent communicator, able to translate complex topics to all areas of the business Significant experience in the area of Information security Strong knowledge of core IT and networking concepts Well versed in IT security capabilities, framework and concepts Strong ownership of tasks, attention to detail and following through to conclusion Ability to challenge approach, strategy and implementation to ensure Information Security is consistently considered and improved Ability to work under own initiative to plan and communicate effectively with colleagues and customers Structured, self-starting, flexible and enjoy working in fast-paced environments Effective communication skills, both written and verbal Ability to plan, organise and follow through on assigned tasks and complete with little or no prompting from management Excellent attention to detail Attained CISSP or similar certification Minimum of 5 years' experience in an Information Security role gained in a financial services or e-commerce environment is preferred About Us: AJ Bell is one of the fastest-growing investment platform businesses in the UK offering an award-winning range of solutions that caters for everyone, from professional financial advisers, to DIY investors with little to no experience. We have 480.000 customers using our award-winning platform propositions to manage assets totalling more than £75.1 billion. Our customers trust us with their investments, and by continuously striving to make investing easier, we aim to help even more people take control of their financial futures. Having listed on the Main Market of the London Stock Exchange in December 2018, AJ Bell is now a FTSE 250 company. Headquartered in Manchester with offices in central London and Bristol, we now have over 1100 employees and have been named one of the UK's 'Best 100 Companies to Work For' for five consecutive years. There are opportunities for growth and professional development for employees wanting to progress within their career including induction training and our study support scheme which is part of our benefits package. There is an active programme of social events throughout the year, which are open to all employees. What we offer: • Generous holiday allowance increasing up to 30 days with service, plus bank holidays• Company Health cash plan• Holiday buy/sell scheme• Hybrid working policy• Casual dress code• Discretionary bonus• Contributory pension scheme• Dedicated time for proof-of-concepts and assessing new tech• Support to attend conferences, events, and meet-ups• Buy as you earn share scheme• Free share scheme• Paid study support for qualifications• Maternity/paternity scheme • Bike loan• Season ticket loan portal• Discounted PMI and Dental• On-site gym and personal trainer led classes• Paid volunteering opportunities• Free social events and more AJ Bell is committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and all employees are empowered to bring their whole self to work. We do not discriminate on the basis of race, sex, gender identity, sexual orientation, age, pregnancy, religion, physical and mental disability, marital status and any other characteristics protected by the Equality Act 2010. All decisions to hire are based on qualifications, merit and business need.
Accenture is looking for an experienced solution architect for the role of Customer IAM solution architect to expand its market-wide Digital Identity team. As Customer IAM (CIAM) Security Architect, the candidate will be expected to: Manage a portfolio of Customer IAM solutions Work with market unit Customer IAM leads to provide awareness of new offerings on Accenture's CIAM solution portfolio Support market unit CIAM leads to evangelize best practices to Accenture delivery teams across Europe Support market unit CIAM leads to define a Digital Identity delivery plan for targeted accounts Support market unit CIAM leads with defined enablement activities Track and report on CIAM certifications and chargeability for CIAM across Europe Provide technical subject matter expertise on large value CIAM opportunities Work within a team of European CIAM solution architects Align with market unit CIAM leads to perform project delivery lessons learned and identify reusable assets and processes Prepare technical material to support the acceleration of CIAM delivery across Europe Maintain knowledge repository of European CIAM deliveries, assets and lessons learned Report and achieve Customer IAM technical KPIs to European market-wide CIAM lead What skills & experience are we looking for in an ideal candidate? Primary Skills Strong understanding of the Customer IAM landscape Strong experience of multiple CIAM projects using any of the leading vendor products ForgeRock Okta Ping Ability to develop innovative automated solutions to accelerate project delivery Ability to design structured and guided CIAM processes for standardizing delivery activities Self-driven with superior planning and execution skills Very strong written and oral communication skills Ability to work in a fast-paced, evolving and growing environment, with a diverse group of professionals Excellent time-management skills with the ability to meet deadlines End to end management of key strategic technical opportunities Strong Requirements gathering and experience in conducting workshops in complex and large organisations Hands on development experience using any one of Core Java / J2EE / Groovy / JavaScript Good understanding of LDAP, Directory server, SQL and Database concepts Experience on standards such as SCIM, OAuth, OpenID Connect, XACML, REST Understanding of Web Application Security Architecture Medium to Large scale SI Transformation project experience/Release Planning Build positive long-term senior relationships to help deliver with quality and pace to clients Multi-million dollars programme transformation experience in global delivery model Desirable Skills Experience working with a lead generation process and Salesforce CRM Understanding of consulting, automation, delivery Industry relationships with leading product vendors Roll up your sleeves to get the job done attitude Cloud infrastructure (AWS/Azure/GCP) based architecture and delivery experience RESTful API Architecture & Implementation experience Test and Deployment automation tools and methodologies DevOps methodologies and tools like SVN/GIT, Jenkins, JIRA, confluence, various monitoring/alerting tools Experience on Agile delivery. Set yourself apart: Proven track record of delivering at pace and with quality 7+ years of experience Experience working in a regulated environment Experience working in a Big4 advisory Security qualifications including CISSP, CISM, CISA, ISO 27001, PCI DSS What's in it for you? Being able to challenge yourself by working on some of the largest and most complex clients in the world Being able to develop yourself by working with some of the most driven and knowledgeable people in the market Being able to promote yourself in a very visible cross-market role within Accenture The team All our professionals receive comprehensive training covering business, technical and professional skills development. You will have opportunities to hone your functional skills and expertise in Cyber Security. The sheer variety and scale of the work we do, and the experience it offers, provides an unbeatable platform to build and development a career. In addition, our growth, combined with our integrated career counselling, offers great opportunities for rapid advancement. Accenture Security is one of the fastest growing areas of the business with significant growth plans through organic recruitment and acquisitions. Digital Identity is one of the key offerings of Accenture Security. It focusses on the design and implementation of identity services that help secure access to organisation's environments and data, in three main identity vectors: Consumer identity: securing customers' identities streamlining their access across the client's ecosystem and supporting analytics to generate new insights Enterprise identity: securing and accelerating access from employees and third-party providers to enterprise applications and streamlining their access Privileged identity: managing privileged credentials and providing secure access for privileged individuals and applications to critical assets and data. Show more Show less Qualifications From a Customer Identity perspective, our services include: Customer Identity access management maturity assessment Customer Identity access management strategy Installation and configuration of Customer IAM solutions Integration of Customer IAM solution with other security solutions Implementation and run of application onboarding factory CIAM programme management CIAM change management CIAM solution operations and support In our team, the ideal candidate will be: Working with truly global organisations and the related complexity of their Identity and Access requirements Working in a multi-disciplined team of Strategy, Digital and Technology professionals to bring the best of Accenture to our clients Working with and often managing a multi-shore delivery team to provide cost-effective consulting services Customising and improving Accenture's knowledge assets to support designs that are appropriate for each client Designing and building innovative solutions and offering for our clients. About Accenture Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. We combine unmatched experience and specialized capabilities across more than 40 industries - powered by the world's largest network of Advanced Technology and Intelligent Operations centres. With 509,000 people serving clients in more than 120 countries, Accenture brings continuous innovation to help clients improve their performance and create lasting value across their enterprises. Visit us at Accenture is an equal opportunities employer and welcomes applications from all sections of society and does not discriminate on grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, or gender identity, or any other basis as protected by applicable law. We believe in inclusion and diversity and supporting the whole person. Our core values comprise of Stewardship, Best People, Client Value Creation, One Global Network, Respect for the Individual and Integrity. Year after year, Accenture is recognized worldwide not just for business performance but for inclusion and diversity too. "Across the globe, one thing is universally true of the people of Accenture: We care deeply about what we do and the impact we have with our clients and with the communities in which we work and live. It is personal to all of us." - Julie Sweet, Accenture CEO.
Sep 24, 2022
Full time
Accenture is looking for an experienced solution architect for the role of Customer IAM solution architect to expand its market-wide Digital Identity team. As Customer IAM (CIAM) Security Architect, the candidate will be expected to: Manage a portfolio of Customer IAM solutions Work with market unit Customer IAM leads to provide awareness of new offerings on Accenture's CIAM solution portfolio Support market unit CIAM leads to evangelize best practices to Accenture delivery teams across Europe Support market unit CIAM leads to define a Digital Identity delivery plan for targeted accounts Support market unit CIAM leads with defined enablement activities Track and report on CIAM certifications and chargeability for CIAM across Europe Provide technical subject matter expertise on large value CIAM opportunities Work within a team of European CIAM solution architects Align with market unit CIAM leads to perform project delivery lessons learned and identify reusable assets and processes Prepare technical material to support the acceleration of CIAM delivery across Europe Maintain knowledge repository of European CIAM deliveries, assets and lessons learned Report and achieve Customer IAM technical KPIs to European market-wide CIAM lead What skills & experience are we looking for in an ideal candidate? Primary Skills Strong understanding of the Customer IAM landscape Strong experience of multiple CIAM projects using any of the leading vendor products ForgeRock Okta Ping Ability to develop innovative automated solutions to accelerate project delivery Ability to design structured and guided CIAM processes for standardizing delivery activities Self-driven with superior planning and execution skills Very strong written and oral communication skills Ability to work in a fast-paced, evolving and growing environment, with a diverse group of professionals Excellent time-management skills with the ability to meet deadlines End to end management of key strategic technical opportunities Strong Requirements gathering and experience in conducting workshops in complex and large organisations Hands on development experience using any one of Core Java / J2EE / Groovy / JavaScript Good understanding of LDAP, Directory server, SQL and Database concepts Experience on standards such as SCIM, OAuth, OpenID Connect, XACML, REST Understanding of Web Application Security Architecture Medium to Large scale SI Transformation project experience/Release Planning Build positive long-term senior relationships to help deliver with quality and pace to clients Multi-million dollars programme transformation experience in global delivery model Desirable Skills Experience working with a lead generation process and Salesforce CRM Understanding of consulting, automation, delivery Industry relationships with leading product vendors Roll up your sleeves to get the job done attitude Cloud infrastructure (AWS/Azure/GCP) based architecture and delivery experience RESTful API Architecture & Implementation experience Test and Deployment automation tools and methodologies DevOps methodologies and tools like SVN/GIT, Jenkins, JIRA, confluence, various monitoring/alerting tools Experience on Agile delivery. Set yourself apart: Proven track record of delivering at pace and with quality 7+ years of experience Experience working in a regulated environment Experience working in a Big4 advisory Security qualifications including CISSP, CISM, CISA, ISO 27001, PCI DSS What's in it for you? Being able to challenge yourself by working on some of the largest and most complex clients in the world Being able to develop yourself by working with some of the most driven and knowledgeable people in the market Being able to promote yourself in a very visible cross-market role within Accenture The team All our professionals receive comprehensive training covering business, technical and professional skills development. You will have opportunities to hone your functional skills and expertise in Cyber Security. The sheer variety and scale of the work we do, and the experience it offers, provides an unbeatable platform to build and development a career. In addition, our growth, combined with our integrated career counselling, offers great opportunities for rapid advancement. Accenture Security is one of the fastest growing areas of the business with significant growth plans through organic recruitment and acquisitions. Digital Identity is one of the key offerings of Accenture Security. It focusses on the design and implementation of identity services that help secure access to organisation's environments and data, in three main identity vectors: Consumer identity: securing customers' identities streamlining their access across the client's ecosystem and supporting analytics to generate new insights Enterprise identity: securing and accelerating access from employees and third-party providers to enterprise applications and streamlining their access Privileged identity: managing privileged credentials and providing secure access for privileged individuals and applications to critical assets and data. Show more Show less Qualifications From a Customer Identity perspective, our services include: Customer Identity access management maturity assessment Customer Identity access management strategy Installation and configuration of Customer IAM solutions Integration of Customer IAM solution with other security solutions Implementation and run of application onboarding factory CIAM programme management CIAM change management CIAM solution operations and support In our team, the ideal candidate will be: Working with truly global organisations and the related complexity of their Identity and Access requirements Working in a multi-disciplined team of Strategy, Digital and Technology professionals to bring the best of Accenture to our clients Working with and often managing a multi-shore delivery team to provide cost-effective consulting services Customising and improving Accenture's knowledge assets to support designs that are appropriate for each client Designing and building innovative solutions and offering for our clients. About Accenture Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. We combine unmatched experience and specialized capabilities across more than 40 industries - powered by the world's largest network of Advanced Technology and Intelligent Operations centres. With 509,000 people serving clients in more than 120 countries, Accenture brings continuous innovation to help clients improve their performance and create lasting value across their enterprises. Visit us at Accenture is an equal opportunities employer and welcomes applications from all sections of society and does not discriminate on grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, or gender identity, or any other basis as protected by applicable law. We believe in inclusion and diversity and supporting the whole person. Our core values comprise of Stewardship, Best People, Client Value Creation, One Global Network, Respect for the Individual and Integrity. Year after year, Accenture is recognized worldwide not just for business performance but for inclusion and diversity too. "Across the globe, one thing is universally true of the people of Accenture: We care deeply about what we do and the impact we have with our clients and with the communities in which we work and live. It is personal to all of us." - Julie Sweet, Accenture CEO.
Senior Security Specialist - Salary £50,000 to £55,000 Are you someone who is passionate about Cyber Security and looking for an excellent opportunity to use and expand your skills within a dedicated security advisory team? This role exists within Aviva's CISO team and is responsible for carrying out consultancy and risk assessment activities across multiple geographical areas, business areas and change disciplines. If you feel this is something to which you could bring benefit, or indeed, personally benefit from joining, please read on... A bit about the job: The purpose of this role is to integrate into the existing team to provide a top-class service to protect Aviva against current and new cyber related threats. To reduce the risk of change activity (IT and Cyber initiatives) to Aviva, the successful candidate will provide: Security consultancy advice and guidance, security review of solution designs including recommendations, advice and guidance to promote secure by design and carry out Information Security Risk Assessments (ISRA) to better manage Aviva risks against reputational damage, system outage and data loss potentially leading to regulatory fines, as data security becomes an ever greater focus across the globe. The role will require someone with in-depth technical knowledge, who can collaborate well with colleagues across multiple disciplines as the team works with technical and operational teams across the business, to ensure change activity meets Aviva's security requirements whilst adopting the necessary security controls. The team is made up of professional people who are passionate about providing a top-class service and protecting Aviva, whilst also supporting each other. This is accomplished through knowledge sharing and maintaining an enjoyable working environment. Skills and experience we're looking for: Risk Assessment methods and frameworks (IRAM2, OCTAVE, NIST, ISO 27005 etc). Information Security Management System frameworks and standards and their application. Knowledge of governance processes and practices, including ISMS monitoring and control management frameworks such as, ISO, ISF and COBIT, their relationships to other frameworks and the application within a financial services environment. Good working knowledge of one or more security technologies and domains, including, but not limited to network security, cyber security, data security, identity and access management, application security & cloud security and associated compliance frameworks such as SOX, PCI-DSS etc Security technologies (firewalls, WAFs, DLP, cryptography, vulnerability scanning, identity and access management, etc.) The ability to carry out threat modelling, vulnerability assessment, control effectiveness review and risk assessment of a proposal or design and deliver a comprehensive, easy consumable report targeted to audience and stakeholders What you'll get for this role: Starting salary between £45,000 and £55,000 (depending on location, skills, experience, and qualifications) Generous pension (starting level Aviva contributes 8% when you contribute 2%) Eligibility for annual performance bonus Family friendly parental and carer's leave 29 days holiday per year plus bank holidays and the option to buy/sell up to 5 additional days Up to 40% discount for Aviva products Brilliant flexible benefits including electric cars Aviva Matching Share Plan and Save As You Earn scheme 21 volunteering hours per year Aviva is for everyone: We are inclusive - we want applications from people with diverse backgrounds and experiences. Excited but not sure you tick every box? Research tells us that women, particularly, feel this way. So, regardless of gender, why not apply. And if you're in a job share just apply as a pair. We flex locations, hours and working patterns to suit our customers, business, and you. Most of our people are smart working - spending around 60% of their time in our offices and 40% at home. To find out more about working at Aviva take a look here We interview every disabled applicant who meets the minimum criteria for the job. Once you've applied, please send us an email stating that you have a disclosed disability, and we'll interview you. We'd love it if you could submit your application online. If you require an alternative method of applying, please give Alice a call on or send an email to .
Sep 22, 2022
Full time
Senior Security Specialist - Salary £50,000 to £55,000 Are you someone who is passionate about Cyber Security and looking for an excellent opportunity to use and expand your skills within a dedicated security advisory team? This role exists within Aviva's CISO team and is responsible for carrying out consultancy and risk assessment activities across multiple geographical areas, business areas and change disciplines. If you feel this is something to which you could bring benefit, or indeed, personally benefit from joining, please read on... A bit about the job: The purpose of this role is to integrate into the existing team to provide a top-class service to protect Aviva against current and new cyber related threats. To reduce the risk of change activity (IT and Cyber initiatives) to Aviva, the successful candidate will provide: Security consultancy advice and guidance, security review of solution designs including recommendations, advice and guidance to promote secure by design and carry out Information Security Risk Assessments (ISRA) to better manage Aviva risks against reputational damage, system outage and data loss potentially leading to regulatory fines, as data security becomes an ever greater focus across the globe. The role will require someone with in-depth technical knowledge, who can collaborate well with colleagues across multiple disciplines as the team works with technical and operational teams across the business, to ensure change activity meets Aviva's security requirements whilst adopting the necessary security controls. The team is made up of professional people who are passionate about providing a top-class service and protecting Aviva, whilst also supporting each other. This is accomplished through knowledge sharing and maintaining an enjoyable working environment. Skills and experience we're looking for: Risk Assessment methods and frameworks (IRAM2, OCTAVE, NIST, ISO 27005 etc). Information Security Management System frameworks and standards and their application. Knowledge of governance processes and practices, including ISMS monitoring and control management frameworks such as, ISO, ISF and COBIT, their relationships to other frameworks and the application within a financial services environment. Good working knowledge of one or more security technologies and domains, including, but not limited to network security, cyber security, data security, identity and access management, application security & cloud security and associated compliance frameworks such as SOX, PCI-DSS etc Security technologies (firewalls, WAFs, DLP, cryptography, vulnerability scanning, identity and access management, etc.) The ability to carry out threat modelling, vulnerability assessment, control effectiveness review and risk assessment of a proposal or design and deliver a comprehensive, easy consumable report targeted to audience and stakeholders What you'll get for this role: Starting salary between £45,000 and £55,000 (depending on location, skills, experience, and qualifications) Generous pension (starting level Aviva contributes 8% when you contribute 2%) Eligibility for annual performance bonus Family friendly parental and carer's leave 29 days holiday per year plus bank holidays and the option to buy/sell up to 5 additional days Up to 40% discount for Aviva products Brilliant flexible benefits including electric cars Aviva Matching Share Plan and Save As You Earn scheme 21 volunteering hours per year Aviva is for everyone: We are inclusive - we want applications from people with diverse backgrounds and experiences. Excited but not sure you tick every box? Research tells us that women, particularly, feel this way. So, regardless of gender, why not apply. And if you're in a job share just apply as a pair. We flex locations, hours and working patterns to suit our customers, business, and you. Most of our people are smart working - spending around 60% of their time in our offices and 40% at home. To find out more about working at Aviva take a look here We interview every disabled applicant who meets the minimum criteria for the job. Once you've applied, please send us an email stating that you have a disclosed disability, and we'll interview you. We'd love it if you could submit your application online. If you require an alternative method of applying, please give Alice a call on or send an email to .
Salary - £60,000 - £80,000 About Technology at Which? Our Information Security, Product & Technology teams use leading technologies and tools - from AWS and Docker to Java, React.js and Salesforce - along with Agile working practices, to solve the technical challenges that enable Which? to champion consumers as a powerful digital force. About the role Information Security Technology Manager Reporting to our Head of Information Security, you'll be responsible for: Owning the operational and technical side of our security function. This will include reviewing and questioning current processes, suppliers, technologies and ways of working and collaborating with the Head of Information Security to use this insight and inform our strategy Partnering with technologists, business SMEs and our data compliance office to ensure that our teams are enabled and that controls are fit for purpose , this will also include partnering with our squads and engineering teams to automate tasks and optimise existing processes Owning security operations including managing incident management Partnering with our Managed Service Provider Evolving our information security function so that Which? continues to mature Recruiting, leading and supporting a small high performing Information Security Team Partnering with technologists to help inform and design security architecture All aspects of security change What we'll need from you You'll have a technical infosec background, so perhaps you are an existing security manager looking for a new challenge, a security engineer looking for your next step or a security architect that's looking to transition to a leadership role You'll enjoy working collaboratively with those around you, will be improvement focused and will make information security accessible to those that you partner with You'll be flexible, proactive and comfortable working as part of a small team that requires you to wear different hats at any one time Experience in PCI DSS would be an advantage, or a willingness to learn We also have these benefits for you to consider: 28 days holiday + all bank holidays 35 hour working week Hybrid way of working, with patterns agreed at team level, based on the requirements for the role Award winning pension scheme - when you pay in 3%,Which? paysin 6% (rising to 11% after one year of service.) Healthcare insurance Private medical insurance and opportunity to participate in Vitality rewards programme - at 6 months Free life assurance cover (worth at least 4x your annual salary) Free access to Which? member content Free access to Which? money and legal helplines 50% off making a will with Which? wills Tax-free cycle to work scheme Our office is across the road from Great Portland St Underground and a few minutes' walk from Regents Park Underground station. About Which? Which? is the UK's consumer champion, here to make life simpler, fairer and safer for everyone. As an organisation we're not for profit and all for making consumers more powerful - and as people we're brave, caring, rigorous and insightful in the way we connect with each other to make change happen. Our work impacts in high profile areas such as consumer rights, scams, data protection and unfair pricing. Our investigations go deep and our expert advice is completely impartial. Same goes for our product reviews - our rigorous tests and expert recommendations help consumers to make better decisions. Come and champion consumers with us - it's important work. At Which? we value diversity and we're committed to creating an inclusive culture where everyone is able to be themselves and to reach their full potential. We want to receive applications from all regardless of age, gender identity, disability, marriage or civil partnership, pregnancy or maternity, religion or belief, race or ethnic origin, sex, sexual orientation, transgender status, social economic background etc. We believe that a diverse workforce helps us to understand and create a positive impact for consumers. We want to ensure that everybody can apply and be part of our recruitment processes, and therefore when required we make reasonable adjustments to accommodate our candidates. If this sounds like the role for you then we would love to hear from you We're committed to making sure our application process is accessible to everyone who would like to apply for any of our vacancies! Please reach out to if you need us to provide an alternative application method to support your accessibility needs.
Sep 22, 2022
Full time
Salary - £60,000 - £80,000 About Technology at Which? Our Information Security, Product & Technology teams use leading technologies and tools - from AWS and Docker to Java, React.js and Salesforce - along with Agile working practices, to solve the technical challenges that enable Which? to champion consumers as a powerful digital force. About the role Information Security Technology Manager Reporting to our Head of Information Security, you'll be responsible for: Owning the operational and technical side of our security function. This will include reviewing and questioning current processes, suppliers, technologies and ways of working and collaborating with the Head of Information Security to use this insight and inform our strategy Partnering with technologists, business SMEs and our data compliance office to ensure that our teams are enabled and that controls are fit for purpose , this will also include partnering with our squads and engineering teams to automate tasks and optimise existing processes Owning security operations including managing incident management Partnering with our Managed Service Provider Evolving our information security function so that Which? continues to mature Recruiting, leading and supporting a small high performing Information Security Team Partnering with technologists to help inform and design security architecture All aspects of security change What we'll need from you You'll have a technical infosec background, so perhaps you are an existing security manager looking for a new challenge, a security engineer looking for your next step or a security architect that's looking to transition to a leadership role You'll enjoy working collaboratively with those around you, will be improvement focused and will make information security accessible to those that you partner with You'll be flexible, proactive and comfortable working as part of a small team that requires you to wear different hats at any one time Experience in PCI DSS would be an advantage, or a willingness to learn We also have these benefits for you to consider: 28 days holiday + all bank holidays 35 hour working week Hybrid way of working, with patterns agreed at team level, based on the requirements for the role Award winning pension scheme - when you pay in 3%,Which? paysin 6% (rising to 11% after one year of service.) Healthcare insurance Private medical insurance and opportunity to participate in Vitality rewards programme - at 6 months Free life assurance cover (worth at least 4x your annual salary) Free access to Which? member content Free access to Which? money and legal helplines 50% off making a will with Which? wills Tax-free cycle to work scheme Our office is across the road from Great Portland St Underground and a few minutes' walk from Regents Park Underground station. About Which? Which? is the UK's consumer champion, here to make life simpler, fairer and safer for everyone. As an organisation we're not for profit and all for making consumers more powerful - and as people we're brave, caring, rigorous and insightful in the way we connect with each other to make change happen. Our work impacts in high profile areas such as consumer rights, scams, data protection and unfair pricing. Our investigations go deep and our expert advice is completely impartial. Same goes for our product reviews - our rigorous tests and expert recommendations help consumers to make better decisions. Come and champion consumers with us - it's important work. At Which? we value diversity and we're committed to creating an inclusive culture where everyone is able to be themselves and to reach their full potential. We want to receive applications from all regardless of age, gender identity, disability, marriage or civil partnership, pregnancy or maternity, religion or belief, race or ethnic origin, sex, sexual orientation, transgender status, social economic background etc. We believe that a diverse workforce helps us to understand and create a positive impact for consumers. We want to ensure that everybody can apply and be part of our recruitment processes, and therefore when required we make reasonable adjustments to accommodate our candidates. If this sounds like the role for you then we would love to hear from you We're committed to making sure our application process is accessible to everyone who would like to apply for any of our vacancies! Please reach out to if you need us to provide an alternative application method to support your accessibility needs.