Global major capital projects firm with operations across all sectors require an IT Security Specialist.
Working with the IT Infrastructure team to provide advice and guidance on IT security and further develop IT policies and processes across a multi-region infrastructure consisting of 4000+ staff and 70+ sites.
Education Requirements - NA
Industry - Capital Infrastructure Projects
Job Location - 2 Globe Road, Leeds
Work Hours - 9 - 5.30pm
Responsibilities
* Review all aspects of the IT environment and its components.
* Gather requirements, design and implement enterprise-wide solutions.
* Proactively improve and provide advice and guidance on information security matters.
* Support and develop the company’s IT policies and security solutions.
Essential Skills:
* Comprehensive experience including in-depth knowledge in a security or risk management role.
* An excellent understanding of enterprise information security and in-depth knowledge of standards including Cyber Essentials, ISO 27001, 27002, Data Protection Act, and the General Data Protection Regulation.
* Good understanding of security testing principles, including experience of penetration testing, identifying, resolving, and reporting risks.
* Technical security experience with Microsoft core OS, Networking, Security operations, Penetration testing/Security Auditing, Forensics, and Security architecture.
* Technical expertise in Cisco security products, specifically ASA firewalls, AnyConnect, VPN, and clientless portal.
* A good understanding of normal network infrastructure such as VPNs, firewalls, switches, routers, LANs, etc.
* Experience of formal document creation, such as the creation of reports or procedures.
* Experience of carrying out risk reviews, technology audits, or other similar work.
Principal Duties, Responsibilities & Accountabilities:
* Maintain and improve a Cyber Essentials Plus Security Standard.
* Co-ordinate, measure, and report on the technical aspects of security management.
* Fully participate in internal governance activities relating to Information Security.
* Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
* Identify security non-conformities, patch or reconfigure systems to resolve issues and build and test new security technologies.
* Research and propose appropriate security solutions.
* Design, co-ordinate, and manage security testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.
* Recommend and co-ordinate the implementation of technical controls to support and enforce defined security policies.
* Manage the process of gathering, analysing, and assessing the current and future threat landscape, as well as providing the IT Director with a realistic overview of risks and threats in the enterprise environment.
* Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department.
* Provide information security compliance consultancy to projects and operational teams to ensure that the design of new systems infrastructure or applications are compliant with security policies and standards from inception to production delivery.
* Manage issues and exceptions processing and tracking.
* Conduct Technology Infrastructure Assessments for new, changed, and existing systems in accordance with the information Security Policies Standards and Procedures.
* Work with the Infrastructure manager to develop a security program and security projects that address identified risks and business security requirements.
* Track issues and agreed actions to completion, escalating issues to the Head of IT.
* Define and develop security control designs including those required to support external regulations.
* Provide security communication, awareness, and training for audiences ranging from senior leaders to field staff.
* Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
* Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation, and configuration of hardware, applications, and software.
* Research, evaluate, design, test, recommend, or plan the implementation of new or updated information security hardware or software and analyse its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
* Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, and communicate information about residual risk.
* Manage security projects and provide expert guidance on security matters for other IT projects.
* Ensure audit trails, system logs, and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
Duties will vary and be revised due to the nature of the IT Support environment (the above is a guide and not a comprehensive list of responsibilities).
Experience Requirements
Skills
* Experienced information security risk and compliance function.
* Experience of technical vulnerability management processing and reporting.
* Ability to engage with projects and provide information security awareness and to raise compliance requirements within projects and operational teams.
* Proven track record as an information security analyst supporting global sites and regions.
Qualifications
* Experienced Cisco Administrator (CCNA Security) Desirable.
#J-18808-Ljbffr