Cyber Security Specialist| 6 Month Contract | (Outside IR35) | Onsite Required Weekly | Starting ASAP
Day Rate: 450 per day
Job Description:
Harvey Nash's client is looking for a person to be part of the cyber security team but working across our digital department and with business process owners, they must work to understand the client's core business priorities and our digital services. They must enhance processes to identify and assess technical risks and make prioritised recommendations for remediation. The focus will be to develop ongoing, cost effective, objective and where possible automated, risk management processes. The outcome must be to support data driven decisions through having trusted, accurate, up-to-date data available to those who need it. This will include supporting the development of risk management tools and potential integration with sources such as network, endpoint and service management. Close contacts in the team are the product owners, architects, developers and engineers. Close contacts in security are change aligned security consultants, the SecOps team and the head of security.
Key Responsibilities
* Be aware of the current cyber threat landscape and industry best practices and standards.
* Support initial scoping and risk assessment of a change project.
* Interpret security best practice and accreditation requirements to assess security posture
* Understand existing cyber security standards and controls to assess security posture
* Carry out risk assessments and threat modelling
* Review high and low level designs to identify risk.
* Develop risk management processes to ensure risk data is captured and maintained.
* Interpret vulnerability scan and pen test output and capture in risk management processes
* Provide recommendations for risk treatment
* Scope of management to cover both cyber and wider technical risks
* Develop risk data model
* Support development of risk management tooling
Technical scope
* Security products (email filtering, AV, firewalls, WAFs, MS Defender)
* Virtualisation platforms and operating systems, including Hyper-V and Windows Server.
* Enterprise Systems (email, PKI, AD, GP, SCCM, Azure, M365, Intune)
* Application platforms (MS Dynamics, Power Platform)
* Cloud platforms (Azure)
Skills Required
* Security and Risk assessment
* In depth understanding of and experience with enterprise scale digital service provision
* Demonstrable recent contribution to the development of risk processes and ongoing risk management
* Ability to work well in an agile environment with internal colleagues and suppliers
* Ability to self-start, accept ownership and see through improvements and benefits realisation
* Ability to share knowledge and experience with colleagues and collaborate with business and technical colleagues
Desirable Skills
* Experience with Azure, O365 and Power Platform
* Experience with common risk management frameworks
Desirable Qualifications
* Formal IT risk accreditation beneficial
This role has been deemed Outside IR35 by the client. Applicants must hold, or be happy to apply for, a valid Basic Disclosure Scotland. Please click the link to apply.