IT Security Consultant / Specialist
- Education Requirements - none but degree preferred or commercial exposure
- Experience Requirements - Professional Level of ability
- Industry - Technology
- Job Location - Horsforth
- Job Location - LS18 4RF
- Qualifications - CISP or CISMP
- Responsibilities - see below list within spec
- Skills - see below list within spec
- Work Hours 35 hours
- Salary £35,250 plus benefits
- Free parking
Working with the IT Infrastructure team to provide, advice and guidance on IT security and further develop IT policies and processes across a multi-region infrastructure consisting of 6,100+ staff and 90+ sites.
As a member of the Information Security team, you will review aspects of the Information and Cyber Security and its components. You will be required to proactively improve and provide advice and guidance on information security matters.
This position also entails support and development of the company’s IT policies and security solutions.
Principal Duties, Responsibilities & Accountabilities:
Responsibilities will include:
- Maintaining and improving the Cyber Essentials Plus Security Standard.
- Assist and report on the technical aspects of security management.
- Fully participate in internal governance activities relating to Information Security.
- Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
- Co-ordinate the population of information asset inventories.
- Identifying security non conformities.
- Design, enhance and manage security related procedures.
- Recommend and co-ordinate the implementation of security controls to support and enforce defined security policies.
- Liaise with relevant teams in specialist areas to manage security, contractual and regulatory requirements.
- Provide the Information Security Manager with feedback on the security program and security projects that address identified risks and business security requirements.
- Tracks issues and agreed actions to completion. Escalating issues to the Information Security Manager.
- Provide security communication, awareness and training for audiences which may range from senior leaders to field staff.
- Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
- Consult with IT and security staff to ensure that security is factored into the evaluation selection, installation and configuration of hardware, applications and software.
- Support the design and testing of new or updated information security hardware or software and analyse its impact on the existing environment.
- Manage security projects and provide expert guidance on security matters for other IT projects.
- Perform daily threat intelligence checks
Duties will vary and be revised due to the nature of the IT Support environment (the above is a guide and not a comprehensive list of responsibilities)
Core Technical Experience:
- Comprehensive experience including in-depth knowledge, in a security or risk management role.
- An excellent understanding of enterprise information security and a good working knowledge of standards including Cyber Essentials, ISO 27001, 27002 etc. Data Protection Act and the General Data Protection Regulation.
- Experience of formal document creation, including the creation of security policies, reports and procedures.
- Experience of carrying out risk reviews, technology audits or other similar work.