Senior Information Security Engineer

This job has now expired please search on the home page to find live IT Jobs.

Senior Information Security Engineer

Role Purpose:

This Isle of Man based role will own and manage all aspects of information security for our Group Client, including policies, processes, controls and the execution of remediation activities, including (but not limited to); arranging external penetration testing/vulnerability scanning, physical security testing, social engineering testing, email phishing and ransomware testing, monitoring of systems, planning, reporting, risk mitigation and supporting compliance efforts for various regulations, standards and audits. Includes security testing and remediation of newly acquired businesses before and during integration.

Main Responsibilities:

This list of duties is not exhaustive and may change from time to time according to business needs.

- Build and maintain strong relationships within our Client’s Business in order to understand risk posture / issues and drive Information Security compliance.

- Develop a thorough understanding of business, systems and processes in order to provide tailored Information and Cyber Security solutions and services minimising disruption while maximising impact.

- Maintain IT Risk Register.

- Maintain Incident Response policies/processes/controls and perform regular desktop testing.

- Work with trusted third parties to undertake regular and various levels of information and cyber security testing.

- Monitor and document exceptions to policy presented for approval to confirm risk statement and assess action plan to mitigate risk.

- Develop and maintain robust patch management system, policy, processes and controls.

- Analyse, prioritise and remediate all systems and application vulnerabilities and patching to mitigate risk.

- Adhere to change management process.

- Ensure all implemented solutions are documented and knowledge shared appropriately.

- Perform security related reporting functions, e.g. Monitor and maintain security metrics.

- Participate in technology projects to identify Information Security weaknesses in proposed systems / applications and assist in development of appropriate solutions based on risk assessment.

- Support ISO27001 standard, and ensure information security management system (ISMS) is meeting business needs.

- Proactively maintain and develop knowledge, skills and experience through external partners, industry sources, formalised training and development plan.

- Participate in the upgrading of operating systems and design of systems enhancements.

- Reporting.

EXPERIENCE AND OR QUALIFICATIONS

Essential:

- At least 3 - 4 years’ hands-on experience in a similar role.

- Worked within Information Security, Risk or IT related teams.

- Worked with a broad range of users - technical and non-technical.

- Excellent knowledge of IT platforms, equipment and applications.

- Ability to present technical issues in easy to understand terms.

- Demonstrable in-depth IT, Risk and Information Security knowledge and experience.

- Working knowledge of social engineering, physical security, email phishing / fraud, malware and data loss prevention.

- Experience in a Security and Risk function or audit preparation/response.

- Solid knowledge / experience in the following technologies.

o Windows Server 2008/2012/2016

o Windows Workstation 7/8/8.1/10

o Non-Microsoft applications

o Patching tools WSUS / SCCM or similar

o SEPM or other enterprise antivirus solutions

o Vulnerability scanning systems and the concept.

- Demonstrated capability for problem solving, decision making, sound judgment and assertiveness across multiple business units / functions.

- Excellent oral and written communication skills as well as excellent presentation skills with ability to conduct presentations to large groups.

- Working to tight datelines.

- Willingness and ability to travel globally.

Desirable:

- Specialist knowledge in Information Security risk assessment and controls management or penetration testing.

- Knowledge of the legal and regulatory environment within which Financial Organisations operate.

- Relevant Information Security or technical qualifications (e.g. CISSP, CISSM, SSCP, CISA etc.) or willingness to work towards one.

- Specialist knowledge in Information Security risk assessment and controls management.

- Any Industry recognised qualifications or certifications would be an advantage.

- Experienced in ITIL best practices.

- Familiarity with standards such as ISO27001 and COBIT.