|Location: Crawley, West Sussex||Salary: £55000 - £60000 per annum + Excellent company benefits|
|Type: Permanent||Contact: Stalla Xystra|
Gold Group have a fantastic opportunity for an Information Security Lead to join a well-established Travel company located in Crawley, West Sussex.
Our client is looking for an Information Security Lead who will be responsible for designing technical solutions to address specific security challenges. The successful candidate must be able to provide operational security subject matter expertise to the IT support teams and the wider business, risk methodologies, Information Security Management Systems (ISMS) and related security standards e.g. PCI DSS.
The vacancy is a permanent opportunity with a salary of up to £60k per annum depending on experience.
- Pension Plan
- Employee Referral Scheme
- Life Assurance: 3 x your salary
- Employee Assistance Programme (EAP):
- Health cash plan:
- Private Medical Insurance
- Private Health Insurance
- Additional Holiday through Salary Sacrifice: Where it is operationally possible you will have the opportunity to request up to 10 days additional leave -
- The Travel Bar: This scheme is all about opportunities to make your money go further - you can save up to £1,000 per year on your everyday and exceptional shopping and services.
- Childcare Vouchers
- Cycle to Work
- Season Ticket Loan
- Long Service Recognition: It may seem like a long way ahead, but we believe that it is important to thank everyone for their contribution to the success of our business. Please contact your local HR team for more information.
- Payroll Giving
- Discounted travel opportunities
- Developing, supporting and maintaining the in-house anti-phishing campaigns, supporting the vulnerability management service, implementing vulnerability scanning and interpreting output for remediation, supporting awareness campaigns, reporting on risk exposure and providing risk prioritised remediation advisories and tracking progress;
- Support the development of the Information Security Management System (ISMS);
- Coordinating penetration tests and vulnerability scans (PT) with PT testing partners, IT and Development teams, acting as key point of contact for security activities and communicating advisories in relation to remediation and mitigation;
- Implementing security controls in compliance with legislation and regulatory frameworks (e.g. DPA, PCI-DSS, HIPPA)
- Responsible for maintenance and update of the Group Information Security Policies;
- Implementing security methodologies and industry standards (e.g. ISO27001, NIST, SANS, OWASP)
- Identifying, prioritising and presenting IT/ security risks & controls;
- Conducting risk assessments of changes, projects, programmes, services and communicating findings;
- Providing recommendations to manage information security risk, including aligning projects to policies and standards;
- Input into the Information Security Strategy and development of future capability;
- Develop and review corrective action plans to address the root cause and prevent reoccurrences of compliance issues or security incidents;
- Undertaking security gap analysis internally, of third parties and other partners;
- Supporting IT Security and compliance awareness initiatives.
The Ideal candidate:
We are looking for an adaptable and proactive team worker who is able to prioritise effectively and use their initiative to further the information security control environment. The business has varying levels of information security maturity so a cool, calm, consultative approach is essential to ensure business buy-in and achieve the objective of both protecting and educating the business. With this in mind we are looking for:
- Exposure to multi-tier, web and cloud based IT architectures;
- Knowledge of security technologies (e.g. AV, SIEM, IAM, PAM, IPS, F/W, SSO, DLP);
- Knowledge of security assessment frameworks (e.g. threat modelling, controls and risk assessments);
- Experience in investigating security incidents, escalating issues where necessary;
- Experience using security information management tools;
- Experience in security assessment tools particularly vulnerability scanning tools;
- A minimum 5 years' experience in an active IT security role;
- Working knowledge and experience of the ITIL framework;
- Experience developing, managing and improving operational risk and compliance processes;
- Excellent written and spoken communication skills;
- An ability to deal with ambiguity, rapid change and cope well with pressure;
- An ability to manage conflicting priorities, multitask and meet challenging deadlines;
- Experience working within a team environment delivering projects for production systems;
- Experience of working in a Global and distributed environment;
- Proven ability to work well with people at all levels within a business;
- Knowledge of PCI DSS and DPA/GDPR requirements would be a benefit.