Global major capital projects firm with operations across all sectors require an IT Security Specialist
Working with the IT Infrastructure team to provide, advice and guidance on IT security and further develop IT policies and processes across a multi-region infrastructure consisting of 4000+ staff and 70+ sites.
Education Requirements - NA
Industry - Capital Infrastructure Projects
Job Location - 2 Globe Road, Leeds
Work Hours - 9 - 5.30pm
As a member of the IT Infrastructure team, you will review all aspects of the IT environment and its components. This role shall be responsible for gathering requirements, designing and implementing enterprise-wide solutions. You will be required to proactively improve and provide advice and guidance on information security matters.
This position also entails support and development of the company’s IT policies and security solutions.
- Comprehensive experience including in-depth knowledge, in a security or risk management role.
- An excellent understanding of enterprise information security and in depth knowledge of standards including Cyber Essentials, ISO 27001, 27002 etc. Data Protection Act and the General Data Protection Regulation.
- Good understanding of security testing principles, including experience of penetration testing, identifying, resolving and reporting risks.
- Technical security experience with the following - Microsoft core OS; Networking; Security operations; Penetration testing/Security Auditing; Forensics; Security architecture.
- Technical expertise of Cisco security products, specifically ASA firewalls, AnyConnect, VPN and clientless portal.
- A good understanding of normal network infrastructure such as VPNs, firewalls, switches, routers, LANs etc.
- Experience of formal document creation, such as the creation of reports or procedures.
- Experience of carrying out risk reviews, technology audits or other similar work.Principal Duties, Responsibilities & Accountabilities:Responsibilities will include:
- Maintaining and improving a Cyber Essentials Plus Security Standard.
- Co-ordinate, measure and report on the technical aspects of security management.
- Fully participate in internal governance activities relating to Information Security.
Position Description IT Security Specialist
- Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
- Identifying security non conformities, patching or reconfiguring systems to resolve issues and building and testing new security technologies.
- Research and propose appropriate security solutions.
- Design, co-ordinate and manage security testing procedures to verify the security of systems,networks and applications, and manage the remediation of identified risks.
- Recommend and co-ordinate the implementation of technical controls to support and enforce defined security policies.
- Manage the process of gathering, analysing and assessing the current and future threat landscape, as well as providing the IT Director with a realistic overview of risks and threats in the enterprise environment.
- Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department.
- In addition the role will include the opportunity to provide information security compliance consultancy to projects and operational teams to ensure that the design of new systems infrastructure or applications are and remain compliant with security policies and standards from inception to production delivery.
- Issues and exceptions processing and tracking.
- Technology Infrastructure Assessments for new, changed and existing systems in accordance with the information Security Policies Standards and Procedures
- Work with the Infrastructure manager to develop a security program and security projects that address identified risks and business security requirements.
- Tracks issues and agreed actions to completion. Escalating issues to the Head of IT.
- Definition and development of security control designs including those required to support external regulations.
- Provide security communication, awareness and training for audiences which may range from senior leaders to field staff.
- Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
- Consult with IT and security staff to ensure that security is factored into the evaluation selection, installation and configuration of hardware, applications and software.
- Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software and analyse its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
- Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
- Manage security projects and provide expert guidance on security matters for other IT projects.
- Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
Duties will vary and be revised due to the nature of the IT Support environment (the above is a guide and not a comprehensive list of responsibilities)
- Experienced information security risk and compliance function.
- Experience of technical vulnerability management processing and reporting.
- Ability to engage with projects and provide information security awareness and to raise compliance requirements within projects and operational teams.
- Proven track record as an information security analyst supporting global sites and regions.
- Experienced Cisco Administrator (CCNA Security) Desirable.