Location: Multiple locations across Europe
3 x UK
1 x Germany
1 x France
1 x Italy
1 x Nordics
1 x Benelux
1 x Eastern Europe
Reports to: Regional Information Security Engineering Lead
Our organisation is in the process of maturing their Information Security services. A critical part of this is to accelerate the presence and capability of IT Security and Information Security within the core business units.
We have a requirement for a number of experienced Information and IT Security Engineers who can hit the ground running and drive progress across a wide range of Information Security Specialties; with a focus on mitigating and reducing the threat levels within the business.
You will be part of a network of Security Engineers supporting both local operations, IT and each other, using your specific expertise.
Summary of Requirements
Candidates will be responsible for working with colleagues from across the business and IT to deliver detection, protection and incident response for IT and Informational threats.
Candidates will be expected to provide advice and guidance to a range of information and cyber security projects. This will include documenting and recording requirements, architectures, solution designs and project priorities.
Candidates will be able to build trusted relationships at the local level within IT and the business as well as to liaise with counterparts around the wider group.
You will be part of a regional team that is expected to support all business activities across the region. This will include being present ‘on site’ on a regular basis. Visibility and the ability to build close working relationships with local IT and business contacts is a critical requirement.
• Ensure IT security systems, process and policies are in place locally and rectify any gaps.
• Identify opportunities to improve local process and policy and act as a focal point for local advice on IT Security.
• Act as a local / regional point of contact to detect and remediate cyber threats.
• Following incident response undertake necessary investigations and problem management to ensure all remediations and learning is in place.
• Proactively monitor and investigate all local cyber threats and communicate outputs to the wider team.
• Act as a liaison to support and drive the central Information Security Awareness programmes.
• Provide advice and guidance to local IT and users on IT Security.
• Ensure process and policies are adhered to in order to maintain the status and versioning of all local systems.
• Prepare and document standard operating procedures and protocols to support project outcomes as a local ambassador for IT and Information Security.
• Participate in the local change management processes.
• Where appropriate, establish and manage relations with vendors and related equipment suppliers.
• Define security requirements and reviews systems to determine if they have been designed to comply with established security standards.
• Understand local IT services and configurations ensuring vulnerabilities are managed.
• Understand critical assets and data for local sites and work to ensure they are effectively protected.
• Builds trusted relationships.
• Demonstrates resilience over time, maintaining an up-beat and friendly attitude.
• Delegates where appropriate, giving authority and responsibility to others.
• Manages and handles conflict as a constructive force for change.
• Involves all interested groups in the planning process to ensure their perspectives are incorporated.
• Recognises and uses appropriate analytical tools to facilitate problem solving e.g. cost benefit analysis, risk assessment.
• Understands the complexity of business decision-making and follows logical processes to ensure commercially viable solutions.
• Ability to work on their own initiative, with minimal supervision and meet demanding milestones.
• A knowledge of the Microsoft security stack
• Expertise in deploying solutions towards a Zero Trust environment
• Experience of working as part of a team and in actively contributing to overall team deliverables
• Proficiency in a wide range of information security technologies including e-mail protection, active directory hardening, network hardening, firewall optimisation, data backup and restoration, end point security and so on
• Hands on experience in IT Security Incident Response and investigation
• Understanding and application of Cyber security frameworks e.g. NIST, ISO-27001 and Information Security Management System – ISMS would be beneficial
• Experience of working in accredited environments
• Possession of professional certifications and membership in professional associations is highly desirable (e.g. CISSP, ISO27000 certification, CISM, CEH, NCSC, CCP)
• Recognised qualification in Project Management would be desirable (e.g. Prince 2 Practitioner, PMP)