|Location: Surrey, England||Salary: £50000 - £63000 per annum + Company benefits|
|Sector: IT & Telecoms||Specialism:|
|Type: Permanent||Contact: Stalla Xystra|
Gold Group Recruitment are seeking an Information Assurance Specialist to join our client's internal IT Security Group. This opportunity is based in Surrey and is offering a salary of up to £63k per annum depending on experience.
The IT Security Group is the lead for all cyber security related activity within the company and its functions are split into two areas;
Governance, Accreditation and Compliance - providing security advice and guidance to the wider IT Department to support IT projects and change management and to the business with regard to accreditation, customer requests, service requests and general user queries
IT Security Operations - providing effective security monitoring, testing and analysis of the IT infrastructure
Responsibilities for the Information Assurance Specialist:
- Understand the different compliance frameworks required by the business (including, but not limited to, ISO 27001, MOD DAIS, Cyber Essentials, MOD Cyber Profiles, Australian DoD, etc)
- Engagement with the broader security industry and community to ensure company is aware of current and future threats, and is aligned with industry best practise.
- Develop contacts with relevant IT Accreditors and key customer IT Security functions.
- Review and update of the adequacy and completeness of IT Security documentation against changing customer and regulatory requirements including defence, civil nuclear, commercial, and data protection, and in the light of emerging risks.
- Support the accreditation processes, working with internal and external stakeholders to acquire and maintain all required security certifications.
- Liaise with other governance process holders, both in the IT department and the wider business, to ensure security best practise is correctly included in applicable procedures.
- Creation and maintenance of the IT security standards and other documentation to enable delegation of day to day IT security tasks to the IT Operations Group.
- Provide advice and guidance to IT Department projects, reviews, change requests and development processes
- Provide advice and guidance to the wider business regarding customer requests, service requests and general user queries
- Manage 3rd party cyber security audit processes
- Undertake security audits across IT systems, applications, processes and projects.
- Keep current with the latest threats, vulnerabilities and developments in cyber security.
- Taking an active part in security incident response
- Taking an active part in the continuous improvement processes with the wider IT department to ensure that security improvements are completed
- Identification and analysis of vulnerabilities within the Companies IT infrastructure, prioritising them in the context of the business
- Ensuring the IT security tools and systems are implemented and upgraded in line with industry best practise or vendor recommendation, and ensuring all security systems remain fit for purpose.
- Maintain relationships with key IT security suppliers to ensure continued delivery of service
- Information Assurance
- Adhere to the Company Information Assurance Manual and Handbook of Security Procedures.
- Ensure that the appropriate levels of protection, storage and access control are applied to all information in the company's possession.
- Adhere to the acceptable use policy for all company IT systems and resources to which they have been granted access.
- Ensure the physical security of the Companies premises when responsible for the locking up process.
Although individual specialists will have specific lead responsibilities, they will be expected to be able to take on any of the duties of the IT Security group when required, and hence are expected to have a range of skills from both categories below.
Skills, Knowledge and Experience required
- Developing IT security department processes and procedures
- Understanding and developing controls in line with ISO 27000, Cyber Essentials, CIS (SANS) cyber controls & CSA Cloud cyber controls
- Conducting, or participating, in internal and external audit processes
- Broad IT knowledge to be able to provide security input into a range of projects
- Understanding and analysing system vulnerabilities
- Identification of remediation activities, working alongside IT Operations and Infrastructure Groups
- Understanding attack vectors and exploitation of vulnerabilities
- Understand firewall, network and server logs
- Network traffic capture and analysis.
- Understand the features of modern security monitoring systems
- The ability to analyse events and reported incidents
The Information Assurance Specialist should have experience in the following types of security tools
- Vulnerability scanning and analysis
- Enterprise SIEMs
- Network and host Intrusion Detection Systems
- Endpoint security and monitoring solutions
- Digital Forensics & Incident Response (DFIR) tools
- Relevant cyber security qualifications are desirable, but not obligatory. Candidates will be assessed on their experience and capability. Relevant qualifications include:
- 27000 Lead Implementer or Auditor
- SANS GCIA & GCIH
- Certified Ethical Hacker (CEH)