Information Security Officer
* Location: Newport, South Wales
* Job Type: 37 hours Monday to Friday
* Salary: Starting at £41,446 rising to £47,365
We are seeking an Information Security Officer to assist with the coordination and support of security duties across IT and Cyber project initiatives. This role is crucial in ensuring that IT projects adhere to security policies, secure architecture principles, and regulatory cyber assessment frameworks. The ideal candidate will provide expert advice and manage information security risks effectively.
Day-to-day of the role:
* Support Information Security activities across all non-CAF based IT projects.
* Deliver security artifact requirements for each IT Project quality gate.
* Document and log security assessments, including arranging penetration tests and code reviews for ongoing and new projects.
* Report on all security incidents and risks identified within IT projects.
* Evaluate and coordinate tickets assigned to the security team within the IT ticketing system.
* Log and manage any control defects or failures identified via the SecOps ticket tracking system.
* Provide security support to other projects and ongoing programmes of work, both planned and ad hoc.
* Support the review and improvement of existing systems’ security operations capabilities.
Required Skills & Qualifications:
* Passionate about information security with a proactive approach to improving security posture.
* Strong understanding of cloud concepts, especially hybrid cloud environments. Experience with VMWare and Microsoft Azure is essential.
* Familiarity with project management methodologies such as Waterfall, Agile, and PRINCE2.
* Knowledge of cyber attack modelling, endpoint detection, threat management products, and network security.
* Strong commercial acumen and the ability to translate between technical and business language.
* Knowledge of information security control and compliance standards such as NCSC CAF, ISO27002, IEC17789, CIS CSC, and NIST CSF.
* Understanding of CSIRT and incident response processes. Experience with Microsoft Defender products and Microsoft Sentinel is advantageous.
Qualifications:
* CISMP (Essential)
* SC-900, AZ-900 (Essential)
* CISM (Advantageous but not essential)
* SC-200, SC-300, SC-400, and AZ-500 (Advantageous but not essential)
#J-18808-Ljbffr