Senior Security Monitoring and Response Analyst Senior Security Monitoring and Response Analyst Apply locations London, England (Angel Lane) time type Full time posted on Posted Yesterday time left to apply End Date: February 25, 2025 (30+ days left to apply) job requisition id R-237194 Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart, and accessible. Title and Summary Mastercard Vocalink is looking for a driven and motivated Senior Security Operations Analyst with Incident Response capabilities, to contribute to securing critical payments infrastructure in the UK. In this role you'll be responsible for triaging alerts and responding to security incidents. When not actively engaged in ongoing incidents, the team works on the improvement and streamlining of the detection and response function. Role Responsibilities Providing monitoring coverage, triage and investigation of escalated alerts (T3) from various sources. Responding to cybersecurity incidents through critical thinking, defining, and applying playbook responses. Applying root cause analysis and lessons learned to improve security posture and processes. Working closely with security engineering, threat intelligence, insider threat and a managed SOC service, providing critical feedback to improve and automate monitoring and response. Strong collaboration with the team to develop knowledge base, playbook and use cases. Proactive initiatives and project-related support by providing subject matter expertise. Ability to work independently as well as collaborate with different teams to assess impact, mitigate risk, and resolve security incidents. Qualifications Required Experience: Direct experience in a Security Operations Center (SOC). Experience working in an incident response or digital forensics role. Demonstrated experience with cybersecurity related disciplines, not limited to: vulnerability research, network traffic analysis, static and dynamic malware analysis, digital forensics, memory analysis, web-security and threat hunting. Preferred Experience: Experience in creating queries and alerts in a SIEM, preferably in SPL. Experience with Windows/Unix OS forensics. Experience with Cloud Security (Azure, AWS, GCP). Experience working with NDR/EDR solutions. Familiarity with Indicators of Compromise (IoCs), Indicators of Attack (IoAs), ATT&CK Tools, Techniques and Procedures (TTPs). Strong interpersonal skills, including good communication with the ability to articulate ideas in a precise and concise manner. CISSP, GIAC certifications or equivalent. The Ideal candidate is a technically inclined and experienced security specialist who enjoys working in a fast-paced collaborative team environment. Corporate Security Responsibility All activities involving access to Mastercard assets, information, and networks come with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must: Abide by Mastercard's security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach; Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines. About Us Everyone wants easier ways to pay; we invent them. Checkout lines are slow; we speed them along. Merchants want more sales; we give them data and insights. People need financial access; we connect them. Corporate purchasing is complicated; we make it simple. Commuters are busy; we speed them on their way. Small businesses are virtual; we give them access to a world of buyers.
Feb 13, 2025
Full time
Senior Security Monitoring and Response Analyst Senior Security Monitoring and Response Analyst Apply locations London, England (Angel Lane) time type Full time posted on Posted Yesterday time left to apply End Date: February 25, 2025 (30+ days left to apply) job requisition id R-237194 Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart, and accessible. Title and Summary Mastercard Vocalink is looking for a driven and motivated Senior Security Operations Analyst with Incident Response capabilities, to contribute to securing critical payments infrastructure in the UK. In this role you'll be responsible for triaging alerts and responding to security incidents. When not actively engaged in ongoing incidents, the team works on the improvement and streamlining of the detection and response function. Role Responsibilities Providing monitoring coverage, triage and investigation of escalated alerts (T3) from various sources. Responding to cybersecurity incidents through critical thinking, defining, and applying playbook responses. Applying root cause analysis and lessons learned to improve security posture and processes. Working closely with security engineering, threat intelligence, insider threat and a managed SOC service, providing critical feedback to improve and automate monitoring and response. Strong collaboration with the team to develop knowledge base, playbook and use cases. Proactive initiatives and project-related support by providing subject matter expertise. Ability to work independently as well as collaborate with different teams to assess impact, mitigate risk, and resolve security incidents. Qualifications Required Experience: Direct experience in a Security Operations Center (SOC). Experience working in an incident response or digital forensics role. Demonstrated experience with cybersecurity related disciplines, not limited to: vulnerability research, network traffic analysis, static and dynamic malware analysis, digital forensics, memory analysis, web-security and threat hunting. Preferred Experience: Experience in creating queries and alerts in a SIEM, preferably in SPL. Experience with Windows/Unix OS forensics. Experience with Cloud Security (Azure, AWS, GCP). Experience working with NDR/EDR solutions. Familiarity with Indicators of Compromise (IoCs), Indicators of Attack (IoAs), ATT&CK Tools, Techniques and Procedures (TTPs). Strong interpersonal skills, including good communication with the ability to articulate ideas in a precise and concise manner. CISSP, GIAC certifications or equivalent. The Ideal candidate is a technically inclined and experienced security specialist who enjoys working in a fast-paced collaborative team environment. Corporate Security Responsibility All activities involving access to Mastercard assets, information, and networks come with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must: Abide by Mastercard's security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach; Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines. About Us Everyone wants easier ways to pay; we invent them. Checkout lines are slow; we speed them along. Merchants want more sales; we give them data and insights. People need financial access; we connect them. Corporate purchasing is complicated; we make it simple. Commuters are busy; we speed them on their way. Small businesses are virtual; we give them access to a world of buyers.
Cyber GRC Consultant Tech Transformation Practice London Consultant - Senior Consultant level You want to boost your career and collaborate with expert, talented colleagues to solve and deliver against our clients' most important challenges? We are growing and are looking for people to join our team. You'll be part of an entrepreneurial, high-growth environment of 300,000 employees. Our dynamic organization allows you to work across functional business pillars, contributing your ideas, experiences, diverse thinking, and a strong mindset. Are you ready? About the role We are looking for a highly skilled Cyber GRC (Governance, Risk, and Compliance) Consultant to help organizations strengthen their cybersecurity posture, manage cyber risks, and ensure regulatory compliance. The ideal candidate will have deep expertise in cybersecurity frameworks, risk management, regulatory compliance, and security governance. As a Cyber GRC Consultant, you will collaborate with security, IT, and compliance teams to develop and implement cybersecurity policies, conduct risk assessments, and ensure adherence to global security standards and regulations. You will: Work on global projects with a truly global team, with the support of over 330,000 technical staff from our parent organization. Contribute to the development of consulting go-to-market offerings and innovative solutions targeted at the C-Suite executive community that help them to understand and mitigate their cyber risks. Support and maybe lead NIST CSF risk assessments. Help design innovative new services to lead the market incorporating AI and ML where it brings value. Support presales, sales, and account management pursuits from a subject matter expert perspective. You will have already achieved strong career progression to date, and experience working with recognized consulting brands and large commercial sector clients. You will have a passion for cyber security and a genuine interest in staying updated with the latest industry trends and developments. Your security experience must include: A relevant undergrad or post grad degree (Infosec, Cyber Security, IT Security). 1-5 years+ in the field of cyber security/infosec. Your diverse Security experience may include one or some of the following: A good understanding of NIST CSF. A post graduate degree in cyber/information security. An understanding of ISO27001, NIS2, SOX, GDPR, DORA. Cyber Due Diligence Assessments. Third-Party & Supply chain Cyber Risk Management. Incident Response Plan review. Supporting bids, RFP responses and proposals. Crisis Management Exercises (CMX). Accreditation such as CISSP, CISM, CISA, GSLC, GSTRT, GCPM. Helped design Target Operating Models (TOMs) and RACI Matrices. Helping the design of Cyber Security Roadmaps. Supporting Post Incident Reviews. Reading and summarising Cyber Threat Intelligence reports. Cyber security compliance programs (GDPR, DORA, ISO27001, NIS2, SOX). Cyber Security Risk Assessments or Maturity Assessments. Design and deliver awareness training. Worked on Identity and Access Management projects. Worked on Privileged access management projects. Our ideal candidate may have some of the following skills: Have a broad business skill set including stakeholder management, problem-solving, and resilience. Have experience in gathering, validating, synthesizing, documenting, and communicating data and information for a range of audiences. Have excellent interpersonal skills and strong written and verbal communication skills in country's official language(s) (C2 proficiency) and English (C2 proficiency), project-related mobility/willingness to travel. Enjoy working with different clients from different industries. Have some experience in balancing technical and commercial considerations to develop practical advice or solutions for clients. Be able to build strong and effective business relationships at all levels. Be able to support and oversee staff with less experience in their tasks. Be able to explain complex cyber methodologies using accessible non-technical language (both written and verbal). Given that this is just a short snapshot of the role, we encourage you to apply even if you don't meet all the requirements listed above. We are looking for team members who strive to make an impact and are eager to learn. If this sounds like you and you feel you have the skills and experience required, then please apply now. About your team At the Tech Transformation practice, we help CIOs overcome their biggest challenges such as geopolitical and macroeconomic uncertainty, cybersecurity, digital transformation, and budget constraints; enabling them to leverage technology to deliver value to their business. We have a team of business analysts, enterprise architects, and cybersecurity specialists with business, operational, strategic, analytical, and innovation skills that come together to drive business IT alignment, transform IT governance, IT cost containment, operating efficiency improvements, innovation enablement, and cybersecurity risk, governance, and compliance. About Infosys Consulting Be part of a globally renowned management consulting firm on the front-line of industry disruption and at the cutting edge of technology. We work with market-leading brands across sectors. Our culture is inclusive and entrepreneurial. Being a mid-size consultancy within the scale of Infosys gives us the global reach to partner with our clients throughout their transformation journey. Our core values, IC-LIFE, form a common code that helps us move forward. IC-LIFE stands for Inclusion, Equity and Diversity, Client, Leadership, Integrity, Fairness, and Excellence. To learn more about Infosys Consulting and our values, please visit our careers page. Within Europe, we are recognized as one of the UK's top firms by the Financial Times and Forbes due to our client innovations, our cultural diversity, and dedicated training and career paths. Infosys is on Germany's top employers list for 2023. Management Consulting Magazine named us on their list of Best Firms to Work for. Furthermore, Infosys has been recognized by the Top Employers Institute, a global certification company, for its exceptional standards in employee conditions across Europe for five years in a row. We offer industry-leading compensation and benefits, along with top training and development opportunities so that you can grow your career and achieve your personal goals. Curious to learn more? We'd love to hear from you Apply today!
Feb 13, 2025
Full time
Cyber GRC Consultant Tech Transformation Practice London Consultant - Senior Consultant level You want to boost your career and collaborate with expert, talented colleagues to solve and deliver against our clients' most important challenges? We are growing and are looking for people to join our team. You'll be part of an entrepreneurial, high-growth environment of 300,000 employees. Our dynamic organization allows you to work across functional business pillars, contributing your ideas, experiences, diverse thinking, and a strong mindset. Are you ready? About the role We are looking for a highly skilled Cyber GRC (Governance, Risk, and Compliance) Consultant to help organizations strengthen their cybersecurity posture, manage cyber risks, and ensure regulatory compliance. The ideal candidate will have deep expertise in cybersecurity frameworks, risk management, regulatory compliance, and security governance. As a Cyber GRC Consultant, you will collaborate with security, IT, and compliance teams to develop and implement cybersecurity policies, conduct risk assessments, and ensure adherence to global security standards and regulations. You will: Work on global projects with a truly global team, with the support of over 330,000 technical staff from our parent organization. Contribute to the development of consulting go-to-market offerings and innovative solutions targeted at the C-Suite executive community that help them to understand and mitigate their cyber risks. Support and maybe lead NIST CSF risk assessments. Help design innovative new services to lead the market incorporating AI and ML where it brings value. Support presales, sales, and account management pursuits from a subject matter expert perspective. You will have already achieved strong career progression to date, and experience working with recognized consulting brands and large commercial sector clients. You will have a passion for cyber security and a genuine interest in staying updated with the latest industry trends and developments. Your security experience must include: A relevant undergrad or post grad degree (Infosec, Cyber Security, IT Security). 1-5 years+ in the field of cyber security/infosec. Your diverse Security experience may include one or some of the following: A good understanding of NIST CSF. A post graduate degree in cyber/information security. An understanding of ISO27001, NIS2, SOX, GDPR, DORA. Cyber Due Diligence Assessments. Third-Party & Supply chain Cyber Risk Management. Incident Response Plan review. Supporting bids, RFP responses and proposals. Crisis Management Exercises (CMX). Accreditation such as CISSP, CISM, CISA, GSLC, GSTRT, GCPM. Helped design Target Operating Models (TOMs) and RACI Matrices. Helping the design of Cyber Security Roadmaps. Supporting Post Incident Reviews. Reading and summarising Cyber Threat Intelligence reports. Cyber security compliance programs (GDPR, DORA, ISO27001, NIS2, SOX). Cyber Security Risk Assessments or Maturity Assessments. Design and deliver awareness training. Worked on Identity and Access Management projects. Worked on Privileged access management projects. Our ideal candidate may have some of the following skills: Have a broad business skill set including stakeholder management, problem-solving, and resilience. Have experience in gathering, validating, synthesizing, documenting, and communicating data and information for a range of audiences. Have excellent interpersonal skills and strong written and verbal communication skills in country's official language(s) (C2 proficiency) and English (C2 proficiency), project-related mobility/willingness to travel. Enjoy working with different clients from different industries. Have some experience in balancing technical and commercial considerations to develop practical advice or solutions for clients. Be able to build strong and effective business relationships at all levels. Be able to support and oversee staff with less experience in their tasks. Be able to explain complex cyber methodologies using accessible non-technical language (both written and verbal). Given that this is just a short snapshot of the role, we encourage you to apply even if you don't meet all the requirements listed above. We are looking for team members who strive to make an impact and are eager to learn. If this sounds like you and you feel you have the skills and experience required, then please apply now. About your team At the Tech Transformation practice, we help CIOs overcome their biggest challenges such as geopolitical and macroeconomic uncertainty, cybersecurity, digital transformation, and budget constraints; enabling them to leverage technology to deliver value to their business. We have a team of business analysts, enterprise architects, and cybersecurity specialists with business, operational, strategic, analytical, and innovation skills that come together to drive business IT alignment, transform IT governance, IT cost containment, operating efficiency improvements, innovation enablement, and cybersecurity risk, governance, and compliance. About Infosys Consulting Be part of a globally renowned management consulting firm on the front-line of industry disruption and at the cutting edge of technology. We work with market-leading brands across sectors. Our culture is inclusive and entrepreneurial. Being a mid-size consultancy within the scale of Infosys gives us the global reach to partner with our clients throughout their transformation journey. Our core values, IC-LIFE, form a common code that helps us move forward. IC-LIFE stands for Inclusion, Equity and Diversity, Client, Leadership, Integrity, Fairness, and Excellence. To learn more about Infosys Consulting and our values, please visit our careers page. Within Europe, we are recognized as one of the UK's top firms by the Financial Times and Forbes due to our client innovations, our cultural diversity, and dedicated training and career paths. Infosys is on Germany's top employers list for 2023. Management Consulting Magazine named us on their list of Best Firms to Work for. Furthermore, Infosys has been recognized by the Top Employers Institute, a global certification company, for its exceptional standards in employee conditions across Europe for five years in a row. We offer industry-leading compensation and benefits, along with top training and development opportunities so that you can grow your career and achieve your personal goals. Curious to learn more? We'd love to hear from you Apply today!
In Technology Group Limited
Manchester, Lancashire
Senior Cyber Security Analyst Wanted in Manchester! Salary: £50,000 - £70,000 Are you a Cyber Security expert ready to take the lead in a dynamic and cutting-edge environment? Join our team in Manchester as a Senior Cyber Security Analyst and make a significant impact on our organization's security posture. Key Responsibilities: Threat Detection and Response: Utilize advanced tools and techniques to detect and respond to security incidents promptly. Incident Management: Lead incident response efforts, coordinating with cross-functional teams for effective resolution. Vulnerability Management: Conduct assessments, identify vulnerabilities, and implement strategies for remediation. Security Architecture: Provide expertise in designing and implementing robust security architectures. Security Awareness: Foster a culture of security awareness and best practices throughout the organization. Qualifications: ? Experience: Minimum of 5 years in Cyber Security roles with a focus on analysis and incident response. ? Certifications: CISSP, CISM, or equivalent certifications highly desirable. ? Technical Proficiency: Strong understanding of security technologies, network protocols, and emerging threats. ? Leadership Skills: Proven ability to lead and mentor a team of security professionals effectively. Perks and Benefits: ? Competitive Compensation: Enjoy a competitive salary with performance-based bonuses. ? Comprehensive Benefits: Health, dental, and retirement benefits to ensure your well-being. ? Work-Life Balance: Flexible work hours and remote work options available. ? Professional Development: Access to training programs and certifications to support your continuous learning. Why Us: ? Innovation Hub: Be part of a forward-thinking organization at the forefront of technological advancements. ? Collaborative Culture: Join a team that values collaboration, creativity, and a passion for staying ahead of cyber threats. ? Career Growth: We believe in investing in our team's development, offering ample opportunities for career advancement. If you are passionate about cyber security and want to be part of a team dedicated to excellence, apply now and let's shape the future of security together! ? In Technology Group Ltd is acting as an Employment Agency in relation to this vacancy.
Feb 01, 2024
Full time
Senior Cyber Security Analyst Wanted in Manchester! Salary: £50,000 - £70,000 Are you a Cyber Security expert ready to take the lead in a dynamic and cutting-edge environment? Join our team in Manchester as a Senior Cyber Security Analyst and make a significant impact on our organization's security posture. Key Responsibilities: Threat Detection and Response: Utilize advanced tools and techniques to detect and respond to security incidents promptly. Incident Management: Lead incident response efforts, coordinating with cross-functional teams for effective resolution. Vulnerability Management: Conduct assessments, identify vulnerabilities, and implement strategies for remediation. Security Architecture: Provide expertise in designing and implementing robust security architectures. Security Awareness: Foster a culture of security awareness and best practices throughout the organization. Qualifications: ? Experience: Minimum of 5 years in Cyber Security roles with a focus on analysis and incident response. ? Certifications: CISSP, CISM, or equivalent certifications highly desirable. ? Technical Proficiency: Strong understanding of security technologies, network protocols, and emerging threats. ? Leadership Skills: Proven ability to lead and mentor a team of security professionals effectively. Perks and Benefits: ? Competitive Compensation: Enjoy a competitive salary with performance-based bonuses. ? Comprehensive Benefits: Health, dental, and retirement benefits to ensure your well-being. ? Work-Life Balance: Flexible work hours and remote work options available. ? Professional Development: Access to training programs and certifications to support your continuous learning. Why Us: ? Innovation Hub: Be part of a forward-thinking organization at the forefront of technological advancements. ? Collaborative Culture: Join a team that values collaboration, creativity, and a passion for staying ahead of cyber threats. ? Career Growth: We believe in investing in our team's development, offering ample opportunities for career advancement. If you are passionate about cyber security and want to be part of a team dedicated to excellence, apply now and let's shape the future of security together! ? In Technology Group Ltd is acting as an Employment Agency in relation to this vacancy.
As a Cyber Security Manager, you will be working with different teams to deliver high quality work. Help gain comfort by using your technical knowledge of Cyber Security risks and controls. Your role will require you to lead teams on a range of Cyber Security engagements, supporting services to design and assess the effectiveness of their Cyber Security mechanisms. Client Details National organisation within the public sector based in Cardiff Description As a Cyber Security Manager in our Digital Directorate, you will be working with different teams to deliver high quality work. You will help gain comfort by using your technical knowledge of Cyber Security risks and controls. You will actively improve operational efficiency on projects and internal initiatives, in line with the UHB's commitment to quality. Your role will require you to lead teams on a range of Cyber Security engagements, supporting services to design and assess the effectiveness of their Cyber Security mechanisms. Provide and receive complex, sensitive information relating to Cyber Security andCorporate issues ensuring the safe operation of the organisations ICT systems Investigate complex Cyber Security enquiries providing assistance & advice asrequired Coordinate Cyber Security incident responses at organisational level Communicate complex ICT and Cyber Security issues to non-ICT managers Negotiate with external organisations over service issues and supply chain management Leads on Cyber Security issues and compliance in ICT Implement Cyber Security policy, procedures and processes which impacts Informatics and within own team Ensures that all health board hardware and software are security protected Achieve and maintain compliance with National Cyber Security Standards Manage the operation of Cyber Security information system within the health board Develop Cyber Incident Management procedures in conjunction with other ICT leads and health board emergency planning team Evaluation of Cyber Security solutions, either hardware or software based, for use in organisation Regular testing of Cyber Incident Management procedures in conjunction with other ICT leads and health board emergency planning team Profile A strong academic background to degree level or equivalent experience in a directly related role A related professional certification, for example; Certified Information systems security professional (CISSP), Certified Information Security Manager (CISM) Solid IT and/or technology background ITIL Foundation Educated to Degree level (preferably Cyber Security) or equivalent level of work experience and knowledge Degree educated in an IT related discipline Information Technology Infrastructure Library (ITIL) Foundation Certificate IT based qualification preferably security related such as GCIA Certified intrusion Analyst, etc. ITIL Managing Across the Lifecycle PRINCE2 Foundation Formal leadership training at equivalent or greater to Institute of Leadership & Management (ILM) Level 5 Application Form Certificate Check CAJE Reference: RWM/2019/0140 Professional qualification or membership in cyber security (International Information Systems Security Certification (ISC2), British Computer Society (BCS), National Computer Security Centre (NCSC), etc) or equivalent Evidence of Continual Professional Development At least 3 years working in an IT based role preferably in a security related area Strong knowledge and experience of a number of the following; Information Security, architecture design and implementation, security assessments, Identity and Access Management, Third Party Risk Management and IT Controls Testing Awareness of National and International security standards Relevant experience working in a senior Cyber Security Role Broad knowledge of and understanding of IT Knowledge of IT security principles Full stack knowledge from network to server Excellent understanding of cyber security best practices and terminology Knowledge of desktop and mobile devices and operating systems Good knowledge of common cyber security tools and solutions Good understanding of security monitoring and alerting solutions Excellent understanding of Cyber Security professional code of conduct Good understanding of vulnerability scanning and penetration testing Job Offer Permanent Salary: £41,659 - £47,672 + Benefits Location: Cardiff Flexible working Patterns
Dec 18, 2022
Full time
As a Cyber Security Manager, you will be working with different teams to deliver high quality work. Help gain comfort by using your technical knowledge of Cyber Security risks and controls. Your role will require you to lead teams on a range of Cyber Security engagements, supporting services to design and assess the effectiveness of their Cyber Security mechanisms. Client Details National organisation within the public sector based in Cardiff Description As a Cyber Security Manager in our Digital Directorate, you will be working with different teams to deliver high quality work. You will help gain comfort by using your technical knowledge of Cyber Security risks and controls. You will actively improve operational efficiency on projects and internal initiatives, in line with the UHB's commitment to quality. Your role will require you to lead teams on a range of Cyber Security engagements, supporting services to design and assess the effectiveness of their Cyber Security mechanisms. Provide and receive complex, sensitive information relating to Cyber Security andCorporate issues ensuring the safe operation of the organisations ICT systems Investigate complex Cyber Security enquiries providing assistance & advice asrequired Coordinate Cyber Security incident responses at organisational level Communicate complex ICT and Cyber Security issues to non-ICT managers Negotiate with external organisations over service issues and supply chain management Leads on Cyber Security issues and compliance in ICT Implement Cyber Security policy, procedures and processes which impacts Informatics and within own team Ensures that all health board hardware and software are security protected Achieve and maintain compliance with National Cyber Security Standards Manage the operation of Cyber Security information system within the health board Develop Cyber Incident Management procedures in conjunction with other ICT leads and health board emergency planning team Evaluation of Cyber Security solutions, either hardware or software based, for use in organisation Regular testing of Cyber Incident Management procedures in conjunction with other ICT leads and health board emergency planning team Profile A strong academic background to degree level or equivalent experience in a directly related role A related professional certification, for example; Certified Information systems security professional (CISSP), Certified Information Security Manager (CISM) Solid IT and/or technology background ITIL Foundation Educated to Degree level (preferably Cyber Security) or equivalent level of work experience and knowledge Degree educated in an IT related discipline Information Technology Infrastructure Library (ITIL) Foundation Certificate IT based qualification preferably security related such as GCIA Certified intrusion Analyst, etc. ITIL Managing Across the Lifecycle PRINCE2 Foundation Formal leadership training at equivalent or greater to Institute of Leadership & Management (ILM) Level 5 Application Form Certificate Check CAJE Reference: RWM/2019/0140 Professional qualification or membership in cyber security (International Information Systems Security Certification (ISC2), British Computer Society (BCS), National Computer Security Centre (NCSC), etc) or equivalent Evidence of Continual Professional Development At least 3 years working in an IT based role preferably in a security related area Strong knowledge and experience of a number of the following; Information Security, architecture design and implementation, security assessments, Identity and Access Management, Third Party Risk Management and IT Controls Testing Awareness of National and International security standards Relevant experience working in a senior Cyber Security Role Broad knowledge of and understanding of IT Knowledge of IT security principles Full stack knowledge from network to server Excellent understanding of cyber security best practices and terminology Knowledge of desktop and mobile devices and operating systems Good knowledge of common cyber security tools and solutions Good understanding of security monitoring and alerting solutions Excellent understanding of Cyber Security professional code of conduct Good understanding of vulnerability scanning and penetration testing Job Offer Permanent Salary: £41,659 - £47,672 + Benefits Location: Cardiff Flexible working Patterns
Are you an experienced Senior Security Operations analyst/officer, who has worked extensively in a Microsoft security focussed environment? Are you now looking to further your skills by developing a cloud security specialism? If so, this is fantastic opportunity to join and further develop a best of breed Info Sec function within an exemplar organisation - a public sector body that holds the government to account. The Senior Information Security Officer: Cloud Security will be responsible for the following: Cloud Security Assurance Using your knowledge of Microsoft's Azure and Defender capabilities discover, validate and drive treatment of security threats, risks, vulnerabilities, and configuration gaps that may exist across the organisation's cloud services. Define, refine, and deliver cloud security controls, empowering the organisation in its continued application of security and privacy by default principles. Develop and maintain a schedule for the ongoing assessment of cloud security controls, seeking opportunities to leverage automation to enable a continuous assurance culture. Support the ongoing assurance of suppliers and cloud service provider (CSPs), advising on cloud specific regulatory risks or regulatory requirements relating to cloud assurance. Advise on and support the implementation of effective and pragmatic security controls across all SaaS applications in use or being assessed by the organisation. Alongside the Senior SecOps Officer, deliver a protect, detect, and respond role, investigating and responding to alerts and supporting the usual activities of a SecOps function. Support the implementation and use of Microsoft Sentinel within the SecOps function. Risk Management Proactively identify, evaluate, and assess threats and risks that may impact the organisation's ability to deliver on its vision and strategy. Management Systems Support the ongoing retention of the organisation's information security certifications. Lead on the development of standards ensuring that appropriate monitoring, prevent, CASB, DLP and compliance controls are applied. Support the wider business in the delivery of secure, strategic business changes and technical projects. Deliver and maintain documentation and procedures to ensure effective, ongoing management of the ISMS. Evangelise information security, as an SME Continuous Improvement Maintain awareness of security industry best practice to drive continuous improvement within the organisation. Identify, develop, implement, and continuously improve appropriate and proportionate cloud security controls in response to an evolving threat landscape. Provide technical expertise in support of internal security designs, projects, and activities. Work in collaboration with the wider Information Security and Digital Services teams in the continuous improvement of cloud controls, policies, and standards; as part of our ISO27001 certified Information Security. Stakeholder Engagement Collaborate with and build relationships with key stakeholder groups, such as Information Security and Digital Services. Build strong relationships with stakeholder groups outside of the team to establish a strong understanding of the organisation and its needs. Key skills/competencies required: Essential Demonstrable, technical background working in an information security or cyber security role within a fast paced and dynamic environment. Demonstrable hands-on experience contributing to the delivery of and continuous improvement of cloud security controls. Demonstrable experience working with cloud security technologies across IaaS, PaaS, SaaS, or hybrid cloud environments. Must hold, or be able to achieve within six months, a relevant industry certification, such as CISSP, CCSP, CISM, CISA or similar. Strong background in the identification, evaluation and assessment of cloud security threats and risks; and providing recommendations on appropriate and proportionate mitigations. SC Security Clearance, or able to achieve SC clearance* Strong experience with two or more of the following toolsets: Identity & Access Management platforms (such as Azure Active Directory) Threat Protection tools (such as Defender ATP, Office 365 ATP, and Cloud App Security) Web application Firewalls (such as Cloudflare or Azure WAF) Security Incident & Event Management (SIEM) platforms (such as Azure Sentinel) Compliance and Privacy (Microsoft Purview) Benefits Flexible, hybrid working: 2 days a week in London office 30% employer pension contribution Take your bank holidays whenever you want Support in training and career development Nationality Requirements: -UK nationals -nationals of Commonwealth countries who have the right to work in the UK -nationals from the EU, EEA or Switzerland with (or eligible for) status under the European Union Settlement Scheme (EUSS)
Dec 16, 2022
Full time
Are you an experienced Senior Security Operations analyst/officer, who has worked extensively in a Microsoft security focussed environment? Are you now looking to further your skills by developing a cloud security specialism? If so, this is fantastic opportunity to join and further develop a best of breed Info Sec function within an exemplar organisation - a public sector body that holds the government to account. The Senior Information Security Officer: Cloud Security will be responsible for the following: Cloud Security Assurance Using your knowledge of Microsoft's Azure and Defender capabilities discover, validate and drive treatment of security threats, risks, vulnerabilities, and configuration gaps that may exist across the organisation's cloud services. Define, refine, and deliver cloud security controls, empowering the organisation in its continued application of security and privacy by default principles. Develop and maintain a schedule for the ongoing assessment of cloud security controls, seeking opportunities to leverage automation to enable a continuous assurance culture. Support the ongoing assurance of suppliers and cloud service provider (CSPs), advising on cloud specific regulatory risks or regulatory requirements relating to cloud assurance. Advise on and support the implementation of effective and pragmatic security controls across all SaaS applications in use or being assessed by the organisation. Alongside the Senior SecOps Officer, deliver a protect, detect, and respond role, investigating and responding to alerts and supporting the usual activities of a SecOps function. Support the implementation and use of Microsoft Sentinel within the SecOps function. Risk Management Proactively identify, evaluate, and assess threats and risks that may impact the organisation's ability to deliver on its vision and strategy. Management Systems Support the ongoing retention of the organisation's information security certifications. Lead on the development of standards ensuring that appropriate monitoring, prevent, CASB, DLP and compliance controls are applied. Support the wider business in the delivery of secure, strategic business changes and technical projects. Deliver and maintain documentation and procedures to ensure effective, ongoing management of the ISMS. Evangelise information security, as an SME Continuous Improvement Maintain awareness of security industry best practice to drive continuous improvement within the organisation. Identify, develop, implement, and continuously improve appropriate and proportionate cloud security controls in response to an evolving threat landscape. Provide technical expertise in support of internal security designs, projects, and activities. Work in collaboration with the wider Information Security and Digital Services teams in the continuous improvement of cloud controls, policies, and standards; as part of our ISO27001 certified Information Security. Stakeholder Engagement Collaborate with and build relationships with key stakeholder groups, such as Information Security and Digital Services. Build strong relationships with stakeholder groups outside of the team to establish a strong understanding of the organisation and its needs. Key skills/competencies required: Essential Demonstrable, technical background working in an information security or cyber security role within a fast paced and dynamic environment. Demonstrable hands-on experience contributing to the delivery of and continuous improvement of cloud security controls. Demonstrable experience working with cloud security technologies across IaaS, PaaS, SaaS, or hybrid cloud environments. Must hold, or be able to achieve within six months, a relevant industry certification, such as CISSP, CCSP, CISM, CISA or similar. Strong background in the identification, evaluation and assessment of cloud security threats and risks; and providing recommendations on appropriate and proportionate mitigations. SC Security Clearance, or able to achieve SC clearance* Strong experience with two or more of the following toolsets: Identity & Access Management platforms (such as Azure Active Directory) Threat Protection tools (such as Defender ATP, Office 365 ATP, and Cloud App Security) Web application Firewalls (such as Cloudflare or Azure WAF) Security Incident & Event Management (SIEM) platforms (such as Azure Sentinel) Compliance and Privacy (Microsoft Purview) Benefits Flexible, hybrid working: 2 days a week in London office 30% employer pension contribution Take your bank holidays whenever you want Support in training and career development Nationality Requirements: -UK nationals -nationals of Commonwealth countries who have the right to work in the UK -nationals from the EU, EEA or Switzerland with (or eligible for) status under the European Union Settlement Scheme (EUSS)
As a Cyber Security Manager, you will be working with different teams to deliver high quality work. Help gain comfort by using your technical knowledge of Cyber Security risks and controls. Your role will require you to lead teams on a range of Cyber Security engagements, supporting services to design and assess the effectiveness of their Cyber Security mechanisms. Client Details National organisation within the public sector based in Cardiff Description As a Cyber Security Manager in our Digital Directorate, you will be working with different teams to deliver high quality work. You will help gain comfort by using your technical knowledge of Cyber Security risks and controls. You will actively improve operational efficiency on projects and internal initiatives, in line with the UHB's commitment to quality. Your role will require you to lead teams on a range of Cyber Security engagements, supporting services to design and assess the effectiveness of their Cyber Security mechanisms. Provide and receive complex, sensitive information relating to Cyber Security and Corporate issues ensuring the safe operation of the organisations ICT systems Investigate complex Cyber Security enquiries providing assistance & advice as required Coordinate Cyber Security incident responses at organisational level Communicate complex ICT and Cyber Security issues to non-ICT managers Negotiate with external organisations over service issues and supply chain management Leads on Cyber Security issues and compliance in ICT Implement Cyber Security policy, procedures and processes which impacts Informatics and within own team Ensures that all health board hardware and software are security protected Achieve and maintain compliance with National Cyber Security Standards Manage the operation of Cyber Security information system within the health board Develop Cyber Incident Management procedures in conjunction with other ICT leads and health board emergency planning team Evaluation of Cyber Security solutions, either hardware or software based, for use in organisation Regular testing of Cyber Incident Management procedures in conjunction with other ICT leads and health board emergency planning team Profile A strong academic background to degree level or equivalent experience in a directly related role A related professional certification, for example; Certified Information systems security professional (CISSP), Certified Information Security Manager (CISM) Solid IT and/or technology background ITIL Foundation Educated to Degree level (preferably Cyber Security) or equivalent level of work experience and knowledge Degree educated in an IT related discipline Information Technology Infrastructure Library (ITIL) Foundation Certificate IT based qualification preferably security related such as GCIA Certified intrusion Analyst, etc. ITIL Managing Across the Lifecycle PRINCE2 Foundation Formal leadership training at equivalent or greater to Institute of Leadership & Management (ILM) Level 5 Application Form Certificate Check CAJE Reference: RWM/2019/0140 Professional qualification or membership in cyber security (International Information Systems Security Certification (ISC2), British Computer Society (BCS), National Computer Security Centre (NCSC), etc) or equivalent Evidence of Continual Professional Development At least 3 years working in an IT based role preferably in a security related area Strong knowledge and experience of a number of the following; Information Security, architecture design and implementation, security assessments, Identity and Access Management, Third Party Risk Management and IT Controls Testing Awareness of National and International security standards Relevant experience working in a senior Cyber Security Role Broad knowledge of and understanding of IT Knowledge of IT security principles Full stack knowledge from network to server Excellent understanding of cyber security best practices and terminology Knowledge of desktop and mobile devices and operating systems Good knowledge of common cyber security tools and solutions Good understanding of security monitoring and alerting solutions Excellent understanding of Cyber Security professional code of conduct Good understanding of vulnerability scanning and penetration testing Job Offer Permanent Salary: £41,659 - £47,672 + Benefits Location: Cardiff Flexible working Patterns
Dec 16, 2022
Full time
As a Cyber Security Manager, you will be working with different teams to deliver high quality work. Help gain comfort by using your technical knowledge of Cyber Security risks and controls. Your role will require you to lead teams on a range of Cyber Security engagements, supporting services to design and assess the effectiveness of their Cyber Security mechanisms. Client Details National organisation within the public sector based in Cardiff Description As a Cyber Security Manager in our Digital Directorate, you will be working with different teams to deliver high quality work. You will help gain comfort by using your technical knowledge of Cyber Security risks and controls. You will actively improve operational efficiency on projects and internal initiatives, in line with the UHB's commitment to quality. Your role will require you to lead teams on a range of Cyber Security engagements, supporting services to design and assess the effectiveness of their Cyber Security mechanisms. Provide and receive complex, sensitive information relating to Cyber Security and Corporate issues ensuring the safe operation of the organisations ICT systems Investigate complex Cyber Security enquiries providing assistance & advice as required Coordinate Cyber Security incident responses at organisational level Communicate complex ICT and Cyber Security issues to non-ICT managers Negotiate with external organisations over service issues and supply chain management Leads on Cyber Security issues and compliance in ICT Implement Cyber Security policy, procedures and processes which impacts Informatics and within own team Ensures that all health board hardware and software are security protected Achieve and maintain compliance with National Cyber Security Standards Manage the operation of Cyber Security information system within the health board Develop Cyber Incident Management procedures in conjunction with other ICT leads and health board emergency planning team Evaluation of Cyber Security solutions, either hardware or software based, for use in organisation Regular testing of Cyber Incident Management procedures in conjunction with other ICT leads and health board emergency planning team Profile A strong academic background to degree level or equivalent experience in a directly related role A related professional certification, for example; Certified Information systems security professional (CISSP), Certified Information Security Manager (CISM) Solid IT and/or technology background ITIL Foundation Educated to Degree level (preferably Cyber Security) or equivalent level of work experience and knowledge Degree educated in an IT related discipline Information Technology Infrastructure Library (ITIL) Foundation Certificate IT based qualification preferably security related such as GCIA Certified intrusion Analyst, etc. ITIL Managing Across the Lifecycle PRINCE2 Foundation Formal leadership training at equivalent or greater to Institute of Leadership & Management (ILM) Level 5 Application Form Certificate Check CAJE Reference: RWM/2019/0140 Professional qualification or membership in cyber security (International Information Systems Security Certification (ISC2), British Computer Society (BCS), National Computer Security Centre (NCSC), etc) or equivalent Evidence of Continual Professional Development At least 3 years working in an IT based role preferably in a security related area Strong knowledge and experience of a number of the following; Information Security, architecture design and implementation, security assessments, Identity and Access Management, Third Party Risk Management and IT Controls Testing Awareness of National and International security standards Relevant experience working in a senior Cyber Security Role Broad knowledge of and understanding of IT Knowledge of IT security principles Full stack knowledge from network to server Excellent understanding of cyber security best practices and terminology Knowledge of desktop and mobile devices and operating systems Good knowledge of common cyber security tools and solutions Good understanding of security monitoring and alerting solutions Excellent understanding of Cyber Security professional code of conduct Good understanding of vulnerability scanning and penetration testing Job Offer Permanent Salary: £41,659 - £47,672 + Benefits Location: Cardiff Flexible working Patterns
Contents Location About the job Benefits Things you need to know Apply and further information Location Belfast, Cardiff, Darlington, Edinburgh, London About the job Summary Join a team at the heart of the global economy! We create digital services, data tools and technology for businesses to prosper around the world. Have a look at our video ! Our Digital, Data and Technology team develops and operates tools, services, and platforms that enable the UK government to provide world leading support to businesses in the UK and overseas. Youll get to constantly push boundaries in an environment free of heavy legacy, driven by curiosity, social purpose, diversity of thought, entrepreneurship, and the aspiration to offer an incredible experience to all our users. Find out more on our blog, Digital Trade. Job description This role sits within the DIT Security Operations Centre (SOC), which is responsible for the identification and handling of security threats. You will be responsible for the monitoring aspects of the SOCs Target Operating Model (TOM) at a high level, acting as the final point of escalation for the resolution of incidents identified by SOC analysts. A key part of the role will be the identification and implementation of lessons learned from cyber security incidents as part of a continuous improvement cycle. Improvements to DITs capability to detect and response will be a priority. In the role you will be managing and mentoring junior SOC staff, and so this role is suitable for someone looking for a position of responsibility. Responsibilities Responsibilities In your day-to-day role, you will: Lead the implementation of the DIT monitoring policyand management of the SOC TOM, providing expert advice to junior SOC staff. Review existing and new data sources being ingested into the SIEM and propose and implement use cases for detection and analysis. Produce thorough documentation on complex incidents focussing on the improvements that can be made to processes, playbooks, and tooling. Manage incident response exercises and scoping, design and governance of red-teaming and threat-hunting activity in collaboration with the Threat Hunterand in line with DITs policies. Communicate the significance of the results of investigations and risk mitigation outcomes and engage with a broad range of senior stakeholders. Be responsible for defining the vision, principles, and strategy for incident response. Essential Skills and Experience You should be able to demonstrate essential skills and experience of: Significant experience of working at tier 2 or tier 3 in a SOC with management/mentoring responsibilities . Demonstrable experience with KQL or similar query language . Solid knowledge of various information security frameworks, for example MITRE. Demonstrable experience in cyber security incident management . Effective verbal and written communication skills. Demonstrable knowledge and experience of intrusion detection and analysis skills . Desirable Skills and Experience While not essential, it would be ideal if you have demonstrable skills and experience of: SIEM and Security Software, especially Microsoft Professional information security certification CISSP or similar. Experience of working in a multi-cloud environment. Knowledge or experience of forensics. Benefits Learning and development tailored to your role An environment with flexible working options A culture encouraging inclusion and diversity A Civil Service pension with an average employer contribution of 27% Things you need to know Security Successful candidates must pass a disclosure and barring security check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check . See our vetting charter . People working with government assets must complete basic personnel security standard checks. Selection process details We are closely monitoring the situation regarding the coronavirus, and will be following central Government advice as it is issued. There is therefore a risk that recruitment to this post may be subject to change at short notice. In addition, where appropriate, you may be invited to attend a video interview. Please continue to follow the application process as normal and ensure that you check your emails regularly as all updates from us will be sent to you this way. Assessment and Interview As part of the application process you will be asked to upload a CV which outlines your experience, skills and fit for the role. At the sift stage for this role, Inspire People will assess you against the essential criteria listed above to compile a long list of applications. If you are progressed through to this stage, you will be asked to complete a short, pre-recorded video interview with Inspire People or provide written answers to questions. These applications will then be sifted by DIT hiring managers. Initial sifting will take place the week commencing 26th September, with CV submissions to DIT on the 30th September. Interviews will take place the week commencing 10th October. Please note that these dates are indicative and may be subject to change. At the interview stage for this role, we will assess your technical/specialist experience, outlined in the above role description, testing your ability through relevant assessments/presentations and ask you questions around Behaviours and Technical skills, which are part of the Civil Service Success Profiles . The technical element within the interview, where you will be asked a series of questions to demonstrate your specific professional skills and knowledge related directly to the job role and context, will assess against these Technical Skills: Intrusion detection and analysis Threat intelligence and assessment Incident management, investigation, and response Information risk assessment and risk management Applied security capability Query language expertise You will also be assessed against the Behaviours of: Developing Self and Others Changing and Improving Delivering at Pace Offer Stage Appointments may be made to candidates in merit order based on location preferences. The salary we will offer is determined using interview performance. Scores at interview translate to proficiency levels and an associated salary. Once a successful candidate has a proficiency level and is part of the capability framework, they will be given opportunities to self-assess to progress through the pay scale within their grade during their time at DIT. For further explanation of proficiency levels and more information about DDaT click here. The Department for International Trade embraces and values diversity in all forms. We welcome and pride ourselves on the positive impact diversity has on the work we do, and we promote equality of opportunity throughout the organisation. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. Candidates who pass the bar at interview but are not the highest scoring will be held on a 12-month reserve list for future appointments. Candidates who are judged to be a near miss at interview may be offered a post at the grade below the one advertised. If successful and transferring from another Government Department a criminal record check may be carried out. The Department for International Trade embraces and values diversity in all forms. We welcome and pride ourselves on the positive impact diversity has on the work we do, and we promote equality of opportunity throughout the organisation. Harmonised terms and conditions are attached. Please take time to read the document to determine how these may affect you. Please note the successful candidate will be expected to remain in post for a minimum of 18 months before being released for another role. Any move to the Department for International Trade from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at New entrants are expected to join on the minimum of the pay band. Reasonable adjustment If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes. If you need a change to be made so that you can make your application, you should contact the DDaT Recruitment team before the closing date to discuss your needs. Our recruitment process is underpinned by the principle of appointment on the basis of fair and open competition and appointment on merit, as outlined in the Civil Service Commissioners Recruitment Principles. If you feel your application has not been treated in accordance with these principles and you wish to make a complaint, you should in the first instance contact DIT by email: ..... click apply for full job details
Sep 09, 2022
Full time
Contents Location About the job Benefits Things you need to know Apply and further information Location Belfast, Cardiff, Darlington, Edinburgh, London About the job Summary Join a team at the heart of the global economy! We create digital services, data tools and technology for businesses to prosper around the world. Have a look at our video ! Our Digital, Data and Technology team develops and operates tools, services, and platforms that enable the UK government to provide world leading support to businesses in the UK and overseas. Youll get to constantly push boundaries in an environment free of heavy legacy, driven by curiosity, social purpose, diversity of thought, entrepreneurship, and the aspiration to offer an incredible experience to all our users. Find out more on our blog, Digital Trade. Job description This role sits within the DIT Security Operations Centre (SOC), which is responsible for the identification and handling of security threats. You will be responsible for the monitoring aspects of the SOCs Target Operating Model (TOM) at a high level, acting as the final point of escalation for the resolution of incidents identified by SOC analysts. A key part of the role will be the identification and implementation of lessons learned from cyber security incidents as part of a continuous improvement cycle. Improvements to DITs capability to detect and response will be a priority. In the role you will be managing and mentoring junior SOC staff, and so this role is suitable for someone looking for a position of responsibility. Responsibilities Responsibilities In your day-to-day role, you will: Lead the implementation of the DIT monitoring policyand management of the SOC TOM, providing expert advice to junior SOC staff. Review existing and new data sources being ingested into the SIEM and propose and implement use cases for detection and analysis. Produce thorough documentation on complex incidents focussing on the improvements that can be made to processes, playbooks, and tooling. Manage incident response exercises and scoping, design and governance of red-teaming and threat-hunting activity in collaboration with the Threat Hunterand in line with DITs policies. Communicate the significance of the results of investigations and risk mitigation outcomes and engage with a broad range of senior stakeholders. Be responsible for defining the vision, principles, and strategy for incident response. Essential Skills and Experience You should be able to demonstrate essential skills and experience of: Significant experience of working at tier 2 or tier 3 in a SOC with management/mentoring responsibilities . Demonstrable experience with KQL or similar query language . Solid knowledge of various information security frameworks, for example MITRE. Demonstrable experience in cyber security incident management . Effective verbal and written communication skills. Demonstrable knowledge and experience of intrusion detection and analysis skills . Desirable Skills and Experience While not essential, it would be ideal if you have demonstrable skills and experience of: SIEM and Security Software, especially Microsoft Professional information security certification CISSP or similar. Experience of working in a multi-cloud environment. Knowledge or experience of forensics. Benefits Learning and development tailored to your role An environment with flexible working options A culture encouraging inclusion and diversity A Civil Service pension with an average employer contribution of 27% Things you need to know Security Successful candidates must pass a disclosure and barring security check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check . See our vetting charter . People working with government assets must complete basic personnel security standard checks. Selection process details We are closely monitoring the situation regarding the coronavirus, and will be following central Government advice as it is issued. There is therefore a risk that recruitment to this post may be subject to change at short notice. In addition, where appropriate, you may be invited to attend a video interview. Please continue to follow the application process as normal and ensure that you check your emails regularly as all updates from us will be sent to you this way. Assessment and Interview As part of the application process you will be asked to upload a CV which outlines your experience, skills and fit for the role. At the sift stage for this role, Inspire People will assess you against the essential criteria listed above to compile a long list of applications. If you are progressed through to this stage, you will be asked to complete a short, pre-recorded video interview with Inspire People or provide written answers to questions. These applications will then be sifted by DIT hiring managers. Initial sifting will take place the week commencing 26th September, with CV submissions to DIT on the 30th September. Interviews will take place the week commencing 10th October. Please note that these dates are indicative and may be subject to change. At the interview stage for this role, we will assess your technical/specialist experience, outlined in the above role description, testing your ability through relevant assessments/presentations and ask you questions around Behaviours and Technical skills, which are part of the Civil Service Success Profiles . The technical element within the interview, where you will be asked a series of questions to demonstrate your specific professional skills and knowledge related directly to the job role and context, will assess against these Technical Skills: Intrusion detection and analysis Threat intelligence and assessment Incident management, investigation, and response Information risk assessment and risk management Applied security capability Query language expertise You will also be assessed against the Behaviours of: Developing Self and Others Changing and Improving Delivering at Pace Offer Stage Appointments may be made to candidates in merit order based on location preferences. The salary we will offer is determined using interview performance. Scores at interview translate to proficiency levels and an associated salary. Once a successful candidate has a proficiency level and is part of the capability framework, they will be given opportunities to self-assess to progress through the pay scale within their grade during their time at DIT. For further explanation of proficiency levels and more information about DDaT click here. The Department for International Trade embraces and values diversity in all forms. We welcome and pride ourselves on the positive impact diversity has on the work we do, and we promote equality of opportunity throughout the organisation. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. Candidates who pass the bar at interview but are not the highest scoring will be held on a 12-month reserve list for future appointments. Candidates who are judged to be a near miss at interview may be offered a post at the grade below the one advertised. If successful and transferring from another Government Department a criminal record check may be carried out. The Department for International Trade embraces and values diversity in all forms. We welcome and pride ourselves on the positive impact diversity has on the work we do, and we promote equality of opportunity throughout the organisation. Harmonised terms and conditions are attached. Please take time to read the document to determine how these may affect you. Please note the successful candidate will be expected to remain in post for a minimum of 18 months before being released for another role. Any move to the Department for International Trade from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at New entrants are expected to join on the minimum of the pay band. Reasonable adjustment If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes. If you need a change to be made so that you can make your application, you should contact the DDaT Recruitment team before the closing date to discuss your needs. Our recruitment process is underpinned by the principle of appointment on the basis of fair and open competition and appointment on merit, as outlined in the Civil Service Commissioners Recruitment Principles. If you feel your application has not been treated in accordance with these principles and you wish to make a complaint, you should in the first instance contact DIT by email: ..... click apply for full job details
Role Introduction Advanced are looking for a Security Analyst to work with our Customers in delivering a virtual Security Manager service. This is an Information Security Assurance role with a strong focus on people, process and tooling; your remit will cover all aspects of Information Security Management. The Security Assurance team are responsible for the delivery of Information Security knowledge and guidance across the business, ultimately enabling services to our customers. You will be part of a wider team covering all aspects of Information Security and reporting into the Security Assurance Manager. We are looking for individuals who have a passion for cyber security and hold transferable technical skills, either from degree education or from professional experience. What you will do Manage the provision of Information Security Assurance to our customers. Advise and guide the remediation of risks and issues identified through pragmatic control definition taking cost and technical aspects into account. Help customers manage information security related incidents though liaison with Advanced teams and pragmatic advice. The focus on communication is a key aspect of this task along with expectation management. Provide Insight, Service and Transparency; Insight to drive decisions, empowering us to deliver continuous improvement and innovation to our customers, Service through listening to our customer's needs, owning our customers concerns and delivering robust solutions quickly, Transparency so our customers know exactly where their requests or incidents are in the process. What you will have Experience within a similar environment Profession Information Security Qualification (CISSP, CRISC, CISM) Knowledge of GDPR/DPA18, ISO 27001 and security testing Strong communication skills with an ability to set expectations with our customers What We Do For You Generous Annual Leave - 20-25 days, plus public holidays, with the possibility to buy additional days Summer Fridays! Every Friday afternoon off throughout July and August 2022 (or equivalent time in the week ) Life Insurance - 3-4x times annual salary Top Achievers Club - Our yearly VIP trip includes flights, transfers and accommodation to recognise excellence in our employees 65% Internal Mobility - Committed to the development & growth of our people All our benefits are subject to location Who We Are Advanced are one of the UK's largest and most successful software companies. Our products sit at the heart of some of the country's best-known businesses, powering their key services and functions. Driven by the millions of people who interact with our products every day in hospitals, schools, transport providers, sports clubs and a wide range of instantly recognisable brands. We've grown phenomenally quickly with a £275m turnover and 2,800 staff serving over 25,000 customers across the UK. As an employer, we do things differently. We hire differently. We promote at pace. We recognise excellence. Find out more at about-us
Dec 07, 2021
Full time
Role Introduction Advanced are looking for a Security Analyst to work with our Customers in delivering a virtual Security Manager service. This is an Information Security Assurance role with a strong focus on people, process and tooling; your remit will cover all aspects of Information Security Management. The Security Assurance team are responsible for the delivery of Information Security knowledge and guidance across the business, ultimately enabling services to our customers. You will be part of a wider team covering all aspects of Information Security and reporting into the Security Assurance Manager. We are looking for individuals who have a passion for cyber security and hold transferable technical skills, either from degree education or from professional experience. What you will do Manage the provision of Information Security Assurance to our customers. Advise and guide the remediation of risks and issues identified through pragmatic control definition taking cost and technical aspects into account. Help customers manage information security related incidents though liaison with Advanced teams and pragmatic advice. The focus on communication is a key aspect of this task along with expectation management. Provide Insight, Service and Transparency; Insight to drive decisions, empowering us to deliver continuous improvement and innovation to our customers, Service through listening to our customer's needs, owning our customers concerns and delivering robust solutions quickly, Transparency so our customers know exactly where their requests or incidents are in the process. What you will have Experience within a similar environment Profession Information Security Qualification (CISSP, CRISC, CISM) Knowledge of GDPR/DPA18, ISO 27001 and security testing Strong communication skills with an ability to set expectations with our customers What We Do For You Generous Annual Leave - 20-25 days, plus public holidays, with the possibility to buy additional days Summer Fridays! Every Friday afternoon off throughout July and August 2022 (or equivalent time in the week ) Life Insurance - 3-4x times annual salary Top Achievers Club - Our yearly VIP trip includes flights, transfers and accommodation to recognise excellence in our employees 65% Internal Mobility - Committed to the development & growth of our people All our benefits are subject to location Who We Are Advanced are one of the UK's largest and most successful software companies. Our products sit at the heart of some of the country's best-known businesses, powering their key services and functions. Driven by the millions of people who interact with our products every day in hospitals, schools, transport providers, sports clubs and a wide range of instantly recognisable brands. We've grown phenomenally quickly with a £275m turnover and 2,800 staff serving over 25,000 customers across the UK. As an employer, we do things differently. We hire differently. We promote at pace. We recognise excellence. Find out more at about-us
Description The IT Compliance Analyst II will have day-to-day responsibilities to fulfill and support the IT Compliance & Controls mission, including analysis of IT Control Framework assessments, analysis of IT Control gaps, assistance in remediation planning and tracking, analyzing legal or regulatory obligations (pending or enacted) for impact to existing baseline controls & test procedures, performing the IT compliance assurance function, evaluating the results of control owner self-assessments/control testing and recommend remediation steps, providing awareness of the IT control & risk frameworks, assisting in updating the IT Control Library & Control Plans to reflect the current CME operating environment & regulatory landscape. Incumbent will support IT compliance obligations as required, e.g. provide assistance in Global Assurance audits. The Incumbent will be responsible for: Learning and understanding the function and goals of the CME Group Technology Compliance Team Assessing the control implementation via defined test procedures and determining if controls are designed and operating as expected Analyzing and determining if existing controls are sufficient to meet new regulatory or legal obligations or if control enhancements are needed Deciding how authoritative source changes impact existing control plans & test procedures Helping to determine training/education needs (based on interaction with control plan owners) Helping assess the risk of controls not implemented Participating in application testing Performing audits of technology projects Recommending remediation actions. The Incumbent will follow common approaches for interacting with IT control owners while helping establish new approaches where precedent doesn’t exist in handling IT controls & associated risks. Given the current control environment, precedents will need to be established to determine how to properly respond, leaning on defined controls but helping to establish the compliance culture. In this role the Incumbent will be expected to: Recommend remediation actions for findings Decide on degree controls are operating based on independent assessment of test procedure results Recommend improvements in IT control & risk processes for potential automation. Decisions will generally be reviewed by IT Compliance Lead Analyst, IT Compliance Manager, and/or Sr. Director. This position, along with others being initiated, are critical for ensuring the implementation and operation of the IT compliance & risk management function while evolving the tools, processes and methodology established in the IT Control & Risk Framework initiative. The Incumbents ability to operate, enhance & assure IT controls will have a direct impact on reducing the overall IT and corporate risk. Competence Requirements: Demonstrated proven success in a role that emphasizes a thorough knowledge of technical aspects of the following areas: IT Risk Management, Information Security, Technical Privacy, and/or IT Audits Demonstrated knowledge of performing IT Risk & Security assessments across a broad range of technologies, leveraging thorough technical and operational knowledge of Information Security best practices and industry standards to define the security controls and processes. Demonstrated knowledge and/or exposure to the common issues facing the financial services market including privacy and regulatory concerns. Demonstrated abilities with the utilization of network and application security assessment tools and methodologies to manage and address security and control issues Demonstrated experience participating in key management discussions and meetings, preparing concise, accurate documents and balancing project deadlines with the occurrence of unanticipated issues Strong written and verbal communication and presentation skills, leadership, and ability to work with diverse teams Experience as a Staff/Senior level consultant, auditor, or Information Security analyst in a professional services firm or large enterprise, which includes: Interfacing with key stakeholders on control solutions Participating in the planning and execution of projects in the following areas: Information Security, Risk Management, Technical Compliance, IT Security Audit, Remediation, and / or IT Risk Management. Experience working with NIST, COBIT, CFTC, AICPA, ISO/IEC, PCI, FFIEC, etc. General proficiency as user of GRC & Audit tools Desired Experience: Proficiency in software development using Python, Java, R Language, JavaScript, Scala or similar Experience in developing automation within security tools Experience in developing solutions to mitigate security vulnerabilities Minimum Education/Experience Requirements: Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related discipline Incumbents who can clearly demonstrate transferable work experience skills from a previous role will be considered Minimum Experience Requirements: Experience in general accounting and/or working as a Staff/Senior level IT analyst, IT auditor, or IT risk adviser for a financial institution, public accounting firm (Big 4 preferred), or a professional services firm, performing IT Controls, IT Risk Management, and/or IT Internal Audit including experience in Information Security. Preferred Certifications: CISA CPA CISSP CISM CRISC CGEIT CDPSE or other related certifications completed or pursuing CME Group: Where Futures Are Made CME Group () is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. With 2,500 employees located around the world, we're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more. For EU Residents, the Candidate Privacy Policy can be found here.
Nov 30, 2021
Full time
Description The IT Compliance Analyst II will have day-to-day responsibilities to fulfill and support the IT Compliance & Controls mission, including analysis of IT Control Framework assessments, analysis of IT Control gaps, assistance in remediation planning and tracking, analyzing legal or regulatory obligations (pending or enacted) for impact to existing baseline controls & test procedures, performing the IT compliance assurance function, evaluating the results of control owner self-assessments/control testing and recommend remediation steps, providing awareness of the IT control & risk frameworks, assisting in updating the IT Control Library & Control Plans to reflect the current CME operating environment & regulatory landscape. Incumbent will support IT compliance obligations as required, e.g. provide assistance in Global Assurance audits. The Incumbent will be responsible for: Learning and understanding the function and goals of the CME Group Technology Compliance Team Assessing the control implementation via defined test procedures and determining if controls are designed and operating as expected Analyzing and determining if existing controls are sufficient to meet new regulatory or legal obligations or if control enhancements are needed Deciding how authoritative source changes impact existing control plans & test procedures Helping to determine training/education needs (based on interaction with control plan owners) Helping assess the risk of controls not implemented Participating in application testing Performing audits of technology projects Recommending remediation actions. The Incumbent will follow common approaches for interacting with IT control owners while helping establish new approaches where precedent doesn’t exist in handling IT controls & associated risks. Given the current control environment, precedents will need to be established to determine how to properly respond, leaning on defined controls but helping to establish the compliance culture. In this role the Incumbent will be expected to: Recommend remediation actions for findings Decide on degree controls are operating based on independent assessment of test procedure results Recommend improvements in IT control & risk processes for potential automation. Decisions will generally be reviewed by IT Compliance Lead Analyst, IT Compliance Manager, and/or Sr. Director. This position, along with others being initiated, are critical for ensuring the implementation and operation of the IT compliance & risk management function while evolving the tools, processes and methodology established in the IT Control & Risk Framework initiative. The Incumbents ability to operate, enhance & assure IT controls will have a direct impact on reducing the overall IT and corporate risk. Competence Requirements: Demonstrated proven success in a role that emphasizes a thorough knowledge of technical aspects of the following areas: IT Risk Management, Information Security, Technical Privacy, and/or IT Audits Demonstrated knowledge of performing IT Risk & Security assessments across a broad range of technologies, leveraging thorough technical and operational knowledge of Information Security best practices and industry standards to define the security controls and processes. Demonstrated knowledge and/or exposure to the common issues facing the financial services market including privacy and regulatory concerns. Demonstrated abilities with the utilization of network and application security assessment tools and methodologies to manage and address security and control issues Demonstrated experience participating in key management discussions and meetings, preparing concise, accurate documents and balancing project deadlines with the occurrence of unanticipated issues Strong written and verbal communication and presentation skills, leadership, and ability to work with diverse teams Experience as a Staff/Senior level consultant, auditor, or Information Security analyst in a professional services firm or large enterprise, which includes: Interfacing with key stakeholders on control solutions Participating in the planning and execution of projects in the following areas: Information Security, Risk Management, Technical Compliance, IT Security Audit, Remediation, and / or IT Risk Management. Experience working with NIST, COBIT, CFTC, AICPA, ISO/IEC, PCI, FFIEC, etc. General proficiency as user of GRC & Audit tools Desired Experience: Proficiency in software development using Python, Java, R Language, JavaScript, Scala or similar Experience in developing automation within security tools Experience in developing solutions to mitigate security vulnerabilities Minimum Education/Experience Requirements: Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related discipline Incumbents who can clearly demonstrate transferable work experience skills from a previous role will be considered Minimum Experience Requirements: Experience in general accounting and/or working as a Staff/Senior level IT analyst, IT auditor, or IT risk adviser for a financial institution, public accounting firm (Big 4 preferred), or a professional services firm, performing IT Controls, IT Risk Management, and/or IT Internal Audit including experience in Information Security. Preferred Certifications: CISA CPA CISSP CISM CRISC CGEIT CDPSE or other related certifications completed or pursuing CME Group: Where Futures Are Made CME Group () is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. With 2,500 employees located around the world, we're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more. For EU Residents, the Candidate Privacy Policy can be found here.
Location - Central London with some travel across London sites Permanent, full time (37.5 hours per week) Salary - £55,000 - £60,000 dependant on experience + Benefits (pension, health cover, flexible benefits and excellent career development) About the Role We have a fantastic new opportunity for a Senior Security Risk Analyst to join our dynamic and growing IT function in a newly created Risk function. As part of the role you will play a key part in building the department from the ground up to form a dynamic function. As Senior Security Risk Analyst you are responsible for performing a wide range of tasks that support the ongoing maturation of the facility's IT Security program, including; driving consistency and visibility of IT Security risk management activities; working with business owners to protect patients and prevent data loss; and rounding with division and facility leadership to reduce or eliminate risk. The Senior Security Risk Analyst will support facility workforce members appropriately comply with the company's IT Security requirements. This role requires extensive focus on building and expanding relationships with key stakeholders such as facility and division leadership; workforce members; physicians; division and facility IT teams; business owners; vendors; and other people and entities who support ISG objectives and activities within the facility. Skills & Experience: Extensive experience within IT risk management to include a combination of audit, risk management, information security, privacy, and information technology. Experience in developing and reviewing technical and process-based controls, managing risk assessments/investigations, and working with organization management to integrate controls into the scope of existing business practices. CISSP, CISA, HCISPP, CHC, CHPC, CHSP, CISM or other relevant certifications in information security or privacy Clinical, healthcare, or medical experience is highly desirable HCA Healthcare UK - The World's largest private healthcare group; providing award winning primary, acute and complex care. From complex care to straightforward procedures in both adults and children, HCA Healthcare UK provides exceptional care across our six world-class hospitals, clinics, outpatient and diagnostics centres, and NHS partnerships. HCA UK are incredibly proud to be awarded 'Private Hospital Group of the Year '2020 at the Health Investor Awards. HCA Healthcare UK's Information Technology Group (ITG) is a Group IT function, developing and managing all aspects of healthcare IT across our portfolio of hospitals, clinics, outpatient centers, laboratories and other associated businesses. #LI-JR1
Nov 30, 2021
Full time
Location - Central London with some travel across London sites Permanent, full time (37.5 hours per week) Salary - £55,000 - £60,000 dependant on experience + Benefits (pension, health cover, flexible benefits and excellent career development) About the Role We have a fantastic new opportunity for a Senior Security Risk Analyst to join our dynamic and growing IT function in a newly created Risk function. As part of the role you will play a key part in building the department from the ground up to form a dynamic function. As Senior Security Risk Analyst you are responsible for performing a wide range of tasks that support the ongoing maturation of the facility's IT Security program, including; driving consistency and visibility of IT Security risk management activities; working with business owners to protect patients and prevent data loss; and rounding with division and facility leadership to reduce or eliminate risk. The Senior Security Risk Analyst will support facility workforce members appropriately comply with the company's IT Security requirements. This role requires extensive focus on building and expanding relationships with key stakeholders such as facility and division leadership; workforce members; physicians; division and facility IT teams; business owners; vendors; and other people and entities who support ISG objectives and activities within the facility. Skills & Experience: Extensive experience within IT risk management to include a combination of audit, risk management, information security, privacy, and information technology. Experience in developing and reviewing technical and process-based controls, managing risk assessments/investigations, and working with organization management to integrate controls into the scope of existing business practices. CISSP, CISA, HCISPP, CHC, CHPC, CHSP, CISM or other relevant certifications in information security or privacy Clinical, healthcare, or medical experience is highly desirable HCA Healthcare UK - The World's largest private healthcare group; providing award winning primary, acute and complex care. From complex care to straightforward procedures in both adults and children, HCA Healthcare UK provides exceptional care across our six world-class hospitals, clinics, outpatient and diagnostics centres, and NHS partnerships. HCA UK are incredibly proud to be awarded 'Private Hospital Group of the Year '2020 at the Health Investor Awards. HCA Healthcare UK's Information Technology Group (ITG) is a Group IT function, developing and managing all aspects of healthcare IT across our portfolio of hospitals, clinics, outpatient centers, laboratories and other associated businesses. #LI-JR1
Location - Central London with some travel across London sites Permanent, full time (37.5 hours per week) Salary - Up to £45,000 dependant on experience + Benefits (pension, health cover, flexible benefits and excellent career development) About the Role We have a fantastic new opportunity for a Security Risk Analyst to join our growing IT function in a newly created Risk function. As part of the role you will work with the Senior Security Risk Analysts in building the department from the ground up to form a dynamic function. As Security Risk Analyst you are responsible for performing a wide range of tasks that support the ongoing maturation of the facility's IT Security program, including; driving consistency and visibility of IT Security risk management activities; working with business owners to protect patients and prevent data loss; and rounding with division and facility leadership to reduce or eliminate risk. The Senior Security Risk Analyst will support facility workforce members appropriately comply with the company's IT Security requirements. This role requires extensive focus on building and expanding relationships with key stakeholders such as facility and division leadership; workforce members; physicians; division and facility IT teams; business owners; vendors; and other people and entities who support ISG objectives and activities within the facility. Skills & Experience: Experience within IT risk management to include a combination of audit, risk management, information security, privacy, and information technology. Experience in developing and reviewing technical and process-based controls, managing risk assessments/investigations, and working with organization management to integrate controls into the scope of existing business practices. CISSP, CISA, HCISPP, CHC, CHPC, CHSP, CISM or other relevant certifications in information security or privacy Clinical, healthcare, or medical experience is highly desirable HCA Healthcare UK - The World's largest private healthcare group; providing award winning primary, acute and complex care. From complex care to straightforward procedures in both adults and children, HCA Healthcare UK provides exceptional care across our six world-class hospitals, clinics, outpatient and diagnostics centres, and NHS partnerships. HCA UK are incredibly proud to be awarded 'Private Hospital Group of the Year '2020 at the Health Investor Awards. HCA Healthcare UK's Information Technology Group (ITG) is a Group IT function, developing and managing all aspects of healthcare IT across our portfolio of hospitals, clinics, outpatient centers, laboratories and other associated businesses.
Nov 30, 2021
Full time
Location - Central London with some travel across London sites Permanent, full time (37.5 hours per week) Salary - Up to £45,000 dependant on experience + Benefits (pension, health cover, flexible benefits and excellent career development) About the Role We have a fantastic new opportunity for a Security Risk Analyst to join our growing IT function in a newly created Risk function. As part of the role you will work with the Senior Security Risk Analysts in building the department from the ground up to form a dynamic function. As Security Risk Analyst you are responsible for performing a wide range of tasks that support the ongoing maturation of the facility's IT Security program, including; driving consistency and visibility of IT Security risk management activities; working with business owners to protect patients and prevent data loss; and rounding with division and facility leadership to reduce or eliminate risk. The Senior Security Risk Analyst will support facility workforce members appropriately comply with the company's IT Security requirements. This role requires extensive focus on building and expanding relationships with key stakeholders such as facility and division leadership; workforce members; physicians; division and facility IT teams; business owners; vendors; and other people and entities who support ISG objectives and activities within the facility. Skills & Experience: Experience within IT risk management to include a combination of audit, risk management, information security, privacy, and information technology. Experience in developing and reviewing technical and process-based controls, managing risk assessments/investigations, and working with organization management to integrate controls into the scope of existing business practices. CISSP, CISA, HCISPP, CHC, CHPC, CHSP, CISM or other relevant certifications in information security or privacy Clinical, healthcare, or medical experience is highly desirable HCA Healthcare UK - The World's largest private healthcare group; providing award winning primary, acute and complex care. From complex care to straightforward procedures in both adults and children, HCA Healthcare UK provides exceptional care across our six world-class hospitals, clinics, outpatient and diagnostics centres, and NHS partnerships. HCA UK are incredibly proud to be awarded 'Private Hospital Group of the Year '2020 at the Health Investor Awards. HCA Healthcare UK's Information Technology Group (ITG) is a Group IT function, developing and managing all aspects of healthcare IT across our portfolio of hospitals, clinics, outpatient centers, laboratories and other associated businesses.