Salary: 55,000
Education Requirements: None but degree preferred or commercial exposure
Experience Requirements: Expert
Industry: Technology
Location: Leeds
Qualifications: Any MS or Security Relevant Quals
Work Hours: The role will initially require 3 days in the office per week but normal working practices will apply post Covid.
Principal Duties, Responsibilities & Accountabilities:
As a member of the IT Security team, you will review all aspects of the IT environment and its components. This role shall be responsible for gathering requirements, designing and implementing enterprise-wide solutions. The successful candidate will be required to proactively improve and provide advice and guidance on information security matters.
Responsibilities:
* Develop and enhance security policies, processes, procedures and technical controls to strengthen security capabilities and resilience to cyber threats.
* Take a proactive role in identifying security risks, mitigations and opportunities to strengthen resilience to cyber-attacks and security incidents.
* Participate in the design and implementation of systems and applications to ensure that proposed solutions comply with the company’s IT Security policies.
* Assist with security incident management and response activities.
* Interact with the IT team to provide and share technical issue resolution knowledge and deployment/adoption processes best practices.
* Configuration and maintenance of Microsoft 365 security solutions including Azure Information Protection, Data Loss Protection, Rights Management and Cloud App Security Broker, ensuring alignment to both business requirements and security best practices.
* Implementation of an automatic information classification process that will tag documents with the correct classification based on content, either at creation or retrospectively.
* Creation and maintenance of an Information Asset Register.
* Creation and implementation of Data Loss Prevention rules that protect information from being transferred using unauthorized methods or to inappropriate recipients.
* Develop end user and technical guidance for utilizing and supporting Microsoft Cloud Security solutions, for example, OneDrive, Teams, OneNote, Outlook etc.
* Provide analysis of information security risk and issues of non-compliance.
* Employ previous experience and industry best practices to monitor, enhance and report on security posture, including dashboard reports and management information.
* Gather and use cyber threat intelligence to provide greater insight into cyber threats, to enable a faster, more targeted response and to identify new risks, along with proactive, best practice methods to mitigate them.
Skills:
* Develop and enhance security policies, processes, procedures and technical controls to strengthen security capabilities and resilience to cyber threats.
* Take a proactive role in identifying security risks, mitigations and opportunities to strengthen resilience to cyber-attacks and security incidents.
* Participate in the design and implementation of systems and applications to ensure that proposed solutions comply with the company’s IT Security policies.
* Assist with security incident management and response activities.
* Interact with the IT team to provide and share technical issue resolution knowledge and deployment/adoption processes best practices.
* Implement and manage the Microsoft MFA environment to protect critical systems and information.
* Develop user and technical training guides to help support and use the system.
* Implement and manage Microsoft end-point management to secure and protect end user devices by introducing controls in line with IT policies.
* Management and maintenance of the Thycotic PAM environment to restrict unauthorized software usage and to proactively block malicious processes.
* Maintain and manage the IT Risk register to ensure that IT risks are regularly reviewed, correctly identified, assessed, reported and mitigated in line with recommended best practices.
* Provide analysis of information security risk and issues of non-compliance.
* Perform regular, proactive reviews of system audit logs to identify inappropriate usage, system configuration issues and faults, ensuring issues are raised and mitigated and retested.
* Test DR plans and capabilities to ensure they work as designed, identifying gaps and lessons learned to drive continual development and enhancement.
* Work with the business to formalize and develop Business Continuity plans and perform periodic testing to ensure they remain effective and are updated to reflect changes in the business.
Preferred Skills:
* Excellent hands-on experience of security and/or infrastructure within an enterprise environment.
* Comprehensive experience and in-depth knowledge of enterprise information security and standards including Cyber Essentials, ISO 27001, 27002 etc., Data Protection Act and the General Data Protection Regulation.
* Microsoft O365 Security solutions; Microsoft core OS; Networking; Security operations; Penetration testing; Security Auditing; Forensics; Security architecture.
* Good understanding of security testing principles, including experience of penetration testing, identifying, resolving and reporting risks.
* Experience of formal document creation, such as the creation of reports or procedures.
* Experience of carrying out risk reviews, technology audits or other similar work.
Detailed Knowledge of:
* Microsoft O365 environment.
* Threat Intelligence analysis and best practice.
* Security Incident Response processes, procedures and best practices.
* Disaster Recovery and Business Continuity principles and testing methodologies, Risk analysis and data management methodologies.
* Event and log analysis.
We believe this is an excellent opportunity for candidates who have a strong understanding of IT security with experience of working in a fast-paced environment.
#J-18808-Ljbffr