The Information Security Engineer /Consultant is responsible for developing & implementing security measures that support the successful delivery of the OCG Information Security Strategy. You will have accountability to implement & monitor solutions & processes that protect the organisation's networks, systems, software & data from malicious activity & infiltration
What's on offer?
- A competitive salary and a yearly performance bonus
- 33 Days Holiday (Inclusive of bank holidays) + increases with service
- A free film card for you and your friends.
- Private Healthcare
- Plus much more!
- Support the development & execution of the enterprise information security strategy/roadmap
- Implement & deliver information security initiatives with other IT & business teams & third parties
- Design & manage required security monitoring/logging systems & resources to provide relevant information on security incidents & potential risks
- Monitor and report on key security metrics
- Work with IT teams to maintain regular patching/upgrade schedules & processes across relevant systems in the group
- Actively maintain knowledge of the threat landscape, technology solutions & industry standards, leveraging external network & key advisors
- Support regular security and compliance tests across the group
- Support initiatives around change management & compliance controls such as PCIDSS, GDPR & SOx
- Act as a security subject matter expert and present ideas
- Perform security operations activities within the remit of systems & controls owned by the Security function
- Help manage security incidents & provide a response to identify contain and manage
- Support the implementation of disaster recovery schedules & processes across all business-critical IT services
What does it take?
- Expertise in implementing & running technical security measures such as
- Network Security (WAN/LAN, Firewall, Intrusion Detection/Protection, Proxy, Content Filtering)
- Component Security (Active Directory, Hardening, Endpoint Protection, Asset Management, Patching, Vulnerability Management)
- Monitoring & Detection (SEIM, Log Retention & Audit, Threat Detection & Response)
- Access Control (RBAC, IAM, PAM, Common Authentication/SSO, MFA)
- Data & Encryption (PKI, Device Encryption, Data Encryption)
- Worked extensively with Microsoft products & services
- Analytical & problem solver/solution provider
- Relevant certifications (e.g. CompTIA Security+, CISSP, GSEC: GIAC, CEH)