Following a team re-structure our client is looking for an experienced Information Security Control Manager to join their Risk and Compliance department
The team is part of the 2nd line of defence and works collaboratively withe the 1st line.
You will review 1st line activities and ensuring that data is interpreted correctly in regards to Vulnerability tests etc.
The company also works with a 3rd party outsourced provider and the 1st line is the link between the 3rd party and the company - so you will be closely involved with IS controls for this too.
You will have a strong working understanding of Security controls - in particular the OWASP Top 10 and SQL Injection.
They currently work with MS365 and are building an Azure environment. They are looking for someone who can build their technical knowledge and expertise within IS Controls
This role is responsible for providing expertise in technical information security controls as part of the second line of defence Information Security team. The successful candidate will oversee and support the design, delivery and management of technical security controls delivered by the company and third party service suppliers. They will also support the management of the ISMS as well as supporting compliance checks on technology based information security controls. This role requires a passion for the technical aspects of information security controls and the candidate will be expected to maintain an understanding of current capabilities and innovations in the field to make sure that our client maintains appropriate technical controls across its enterprise.
You will also
Produce Information Security reports detailing the status and effectiveness of technical information security controls.
Produce technical information security controls requirements for third party suppliers and the company`s internal teams as required.
Recommend the company issues "Proof of completion" certificates for major security deliverables
Support the production of post incident reports for security investigations
You will also need:
a detailed understanding of network technologies and information security technologies such as IDS/IPS, SIEM monitoring and alerting, Firewalls etc. and Information Security domains including Identity & Access Management, Mobile Device Management, Data Management, Data Protection, Security Architecture, Network Security, Vulnerability Management, Anti-Malware, Cloud Security and Software Development
Strong communication skills and good team working are essential for this role as is the desire to learn and expand your skills and knowledge
The ideal candidate may have appropriate security certifications such as CISSP, CISA, CISM, CCSP and/or ISO 27001 Auditor/Implementor certification (or significant recent progress towards such certification)
The candidate may be educated to degree level or equivalent (ideally in a security or computing related discipline)
If this exciting new opportunity is of interest and you have relevant experience , please apply today