IT Security Officer
This Business Process Outsource provider is part of a £6bn group, with 60K staff worldwide, delivering back-office workflow and e-commerce solutions to large (mostly Fortune 500) clients, especially those in the finance, utilities & telecoms sectors.
Continued growth means they are now hiring a dedicated IT Security Officer to direct their UK IT Operations to reduce IT risks, establish appropriate standards and controls and develop/implement policies and procedures. This is an exciting time to join this rapidly expanding company with forthcoming projects including gaining PCI accreditation and building their own UK Data Centre.
Duties will include:
• Infrastructure security reporting and incident management
• Internal and external penetration test management and issue resolution
• Identify and assess key InfoSec risks and issues
• Develop and manage security standards and InfoSec policies
• Oversee the dissemination and enforcement of IT governance, policies and procedures
• Analyse security incidents, real and potential, initiate and monitor effective incident resolution
• Audit for compliance against agreed quality & security standards
• Respond to security questionnaires required by external customers
• Identify, resolve and where appropriate escalate potential information security risks/issues
• Provide advice and guidance on security technology changes
• Maintain specialist knowledge of Information Security subject matter responsibilities, such as PCI DSS and associated IS standards.
• Maintain up-to-date knowledge of information security threats, technologies and best practices
• Communicate information relating to compliance in an effective and timely manner to all stakeholders.
• Ensure that the Information Security Policy is maintained and enforced that covers the use and misuse of all IT systems and services as well as customer information.
• Hands-on experience defining and enforcing security policies, performing risk assessments, overseeing PCI compliance, reviewing third parties, maintaining data protection policies etc.
• Good understanding of PCI DSS, and ISO27001/2 standards
• Certified (or working towards) relevant security certifications eg CISM,CISSP,MCSA, Security+
• Knowledge of Cisco, Citrix, IIS, VMware, SAN Infrastructure, McAfee AV / HIDS, Checkpoint/Cisco ASA Firewalls
• Knowledge of Data Loss Prevention (DLP) and Security Incident and Event Management (SIEM)
• Knowledge of vulnerability management and penetration testing
• Broad knowledge of Data Protection requirements
• ITIL Certified (V3)
• Able to pass security clearance to SC level
• Information regulatory compliance (e.g. PCI Compliance)
• Knowledge of ITIL best practices and project management principles
You will be eager to further your existing knowledge of compliance methods and options and will be comfortable identifying areas for improvement and recommending how to improve them. You should also be comfortable meeting with customers to explain the implemented InfoSec policies and procedures and have a flexible approach to working hours for projects & incidents extending outside normal office hours.
This is a great opportunity for a passionate IT Security professional to join a business enjoying substantial growth, both organically and through acquisition. Candidates with the right core competencies and attitude can expect a salary of up to £45K, a high degree of autonomy and great career development.
PLEASE NOTE: Due to the highly sensitive and confidential nature of some of our client’s work their selection and onboarding processes involve all Candidates having to complete security clearance. ACCORDINGLY, APPLICATIONS CAN ONLY BE CONSIDERED FROM CANDIDATES WHO HAVE BEEN RESIDENT IN THE UK FOR AT LEAST 5 YRS.
Technology Resourcing is acting as an Employment Agency in relation to this vacancy.