Information Security Consultant
Recruiter
Listed on
Location
Salary/Rate
Salary Notes
Type
Start Date
This job has now expired please search on the home page to find live IT Jobs.
Background
Protecting ODEON's information assets is a key priority for our business and is part of our strategy. You'll join a team with responsibility to improve information security maturity and controls across people, process and technology. With support and oversight at the highest levels at ODEON and our parent company AMC, this role is an opportunity to influence and deliver meaningful change that manages a number of our key risks. You'll be working closely with key stakeholders in our operating regions our support service and other Group teams. You'll need all round skills and capabilities in all areas of Information security including implementing & running security services, improving policies, standards & processes, supporting training & awareness and provide oversight & assurance of 3rd parties, projects and business change. There's lots to do, no one day will be the same and there is fun to be had!
The Role
Support the development & execution of OCG's information security strategy & roadmap
Support tasks to maintain an Information Security Architecture for the group
Implement & deliver information security initiatives, directly & in cooperation with other IT & business teams & third parties, as part of the roadmap
Design & manage required security monitoring/logging systems & resources to provide relevant information on security incidents & potential risks
Monitor and report on key metrics to facilitate security governance & the assessment of the overall security risk position across the group
Work with infrastructure & service teams to maintain regular patching / upgrade schedules & processes across relevant systems in the group
Support the development and adoption of information security policies & standards
Help raise awareness about Security standards across the group and educate colleagues
Support regular security tests & other security related compliance across the group
Support initiatives around change management & compliance with PCIDSS, GDPR, SOx & any other key control requirements
Perform security operations activities within the remit of systems & controls owned by the Information Security function.
Manage security incidents & provide responses to detect, analyse, contain, eradicate and recover, integrating with wider group crisis management where required
Support the implementation of disaster recovery schedules & processes across all business critical IT services linked to Business Continuity requirements
Work within a virtual team across OCG territories
Act as a security subject matter expert as required
Actively maintain knowledge of the threat landscape, technology solutions & industry standards, leveraging external network & key advisors
Present ideas, MI & reports to technical & business teams, Senior Leadership & relevant partners
What does it take? (required)
At least 3 years working in an IT Security or Information Security function
Hands on expertise of implementing & managing a number of technical security measures such as
Network Security - WAN/LAN, Firewall, Intrusion Detection/Protection, Denial of Service, Proxy, Content Filtering
Web Security - Web Application Firewall, Web Security Risks & Controls such as Cross Site Scripting, SQL Injection, DDOS & Brute Force
Component Security - Active Directory, System Hardening, Endpoint Protection, Asset Management, Email Security, Patching, Vulnerability Management
Monitoring & Detection- Security Event & Incident Monitoring & Management, Log Retention & Audit, Threat Detection & Response
Access Control - Role based Access Control, Identity Access Management, Privileged Access Management, Common Authentication/Single Sign On, Multi-Factor Authentication, Password Security
Data & Cryptography - Public Key Infrastructure, File Integrity Monitoring, Device Encryption, Data Encryption, USB Control, Data Leakage Controls
Worked extensively with Microsoft products & services
Analytical & problem solver / solution provider
Able to work independently & as part of a team
Able to communicate up, down, & across all levels of the technical backgrounds & wider organisation
Relevant certifications (e.g. CompTIA Security+, CISSP: Certified Information Systems Security Professional. GSEC: GIAC Security Essentials. CEH: Certified Ethical Hacker)
Can travel within UK, & Europe
What else are we looking for? (preferable)
Working knowledge of securing the cloud (SaaS, PaaS & IaaS), specifically Azure and AWS and Web Application Firewalls such as Imperva & Cloudflare
Understanding and use of Information Security risk management frameworks
Worked within regulated environments (e.g. GDPR, SOx)
Microsoft, Cisco & other relevant product certifications
Worked in Retail or Entertainment industries
Degree or relevant professional security qualifications
Expertise in implementing & running a number of technical security measures such as
Living Our Values
Fun-Passion: Provides ‘hands-on' leadership, inspiration & promote a sense of urgency in setting vision & goals
Quality-Service: Ensures that all interactions (advisory & service provision) within the group are of a high standard & recognised
Trust-Respect: Listen & act upon feedback from all key stakeholders. Develop & maintain trust with colleagues & senior executives. Respect others' points of view & empower teams to trial new ideas, make the right decisions & deliver strategy
Co-operation-Accountability: Positively challenge managers & executives to make sure we're delivering on our strategy & achieving the right business outcomes
Strategic Leadership: Translates my understanding of our business & stakeholders to create compelling & sustainable business propositions
Inspirational Leadership: I put structures in place to facilitate business-wide collaboration & knowledge sharing
Change Leadership: Ability to think through all aspects of a change necessary to improve the group's security position, plan, deliver & communicate throughout