Company: FTSE 100
Location: Multiple locations across Europe
3 x UK
1 x Germany
1 x France
1 x Italy
1 x Nordics
1 x Benelux
1 x Eastern Europe
Reports to Regional Information Security Engineering Lead
Salary: £65,000
The Role
Background
Our organisation is in the process of maturing their Information Security services. A critical part of this is to accelerate the presence and capability of IT Security and Information Security within the core business units.
We have a requirement for a number of experienced Information and IT Security Engineers who can hit the ground running and drive progress across a wide range of Information Security Specialties; with a focus on mitigating and reducing the threat levels within the business.
You will be part of a network of Security Engineers supporting both local operations, IT and each other, using your specific expertise.
Summary of Requirements
-
Candidates will be responsible for working with colleagues from across the business and IT to deliver detection, protection and incident response for IT and Informational threats.
-
Candidates will be expected to provide advice and guidance to a range of information and cyber security projects. This will include documenting and recording requirements, architectures, solution designs and project priorities.
-
Candidates will be able to build trusted relationships at the local level within IT and the business as well as to liaise with counterparts around the wider group.
-
You will be part of a regional team that is expected to support all business activities across the region. This will include being present ‘on site’ on a regular basis. Visibility and the ability to build close working relationships with local IT and business contacts is a critical requirement.
Key Responsibilities
• Ensure IT security systems, process and policies are in place locally and rectify any gaps.
• Identify opportunities to improve local process and policy and act as a focal point for local advice on IT Security.
• Act as a local / regional point of contact to detect and remediate cyber threats.
• Following incident response undertake necessary investigations and problem management to ensure all remediations and learning is in place.
• Proactively monitor and investigate all local cyber threats and communicate outputs to the wider team.
• Act as a liaison to support and drive the central Information Security Awareness programmes.
• Provide advice and guidance to local IT and users on IT Security.
• Ensure process and policies are adhered to in order to maintain the status and versioning of all local systems.
• Prepare and document standard operating procedures and protocols to support project outcomes as a local ambassador for IT and Information Security.
• Participate in the local change management processes.
• Where appropriate, establish and manage relations with vendors and related equipment suppliers.
• Define security requirements and reviews systems to determine if they have been designed to comply with established security standards.
• Understand local IT services and configurations ensuring vulnerabilities are managed.
• Understand critical assets and data for local sites and work to ensure they are effectively protected.
Personal Attributes
• Builds trusted relationships.
• Demonstrates resilience over time, maintaining an up-beat and friendly attitude.
• Delegates where appropriate, giving authority and responsibility to others.
• Manages and handles conflict as a constructive force for change.
• Involves all interested groups in the planning process to ensure their perspectives are incorporated.
• Recognises and uses appropriate analytical tools to facilitate problem solving e.g. cost benefit analysis, risk assessment.
• Understands the complexity of business decision-making and follows logical processes to ensure commercially viable solutions.
• Ability to work on their own initiative, with minimal supervision and meet demanding milestones.
Competencies Expected
• A knowledge of the Microsoft security stack
• Expertise in deploying solutions towards a Zero Trust environment
• Experience of working as part of a team and in actively contributing to overall team deliverables
• Proficiency in a wide range of information security technologies including e-mail protection, active directory hardening, network hardening, firewall optimisation, data backup and restoration, end point security and so on
• Hands on experience in IT Security Incident Response and investigation
• Understanding and application of Cyber security frameworks e.g. NIST, ISO-27001 and Information Security Management System – ISMS would be beneficial
• Experience of working in accredited environments
• Possession of professional certifications and membership in professional associations is highly desirable (e.g. CISSP, ISO27000 certification, CISM, CEH, NCSC, CCP)
• Recognised qualification in Project Management would be desirable (e.g. Prince 2 Practitioner, PMP)