IT Security Specialist

Location: Crawley, West Sussex Salary: £45000 - £55000 per annum + benefits
Sector: IT & Telecoms Specialism:
Type: Permanent Contact: Sam Francis

IT Security Specialist


My client based near Crawley are looking for an IT Security Specialist to focus on risk mitigation and response, compliance requirements for GDPR and PCI DSS, standard security industry compliance (ISO 27001), control assurance and the provision of expert technical IT security advice for projects and BAU activities. The role will be responsible for identifying and designing security solutions to meet business needs, while developing and driving security strategies, policies and standards both in IS and across the company.

This role holder will work with the IS Department and the Data Security Compliance Team to ensure that a security culture is firmly embedded within the IS Department and across the client as a whole. For this they are paying £45,000-£55,000 + benefits.

General responsibilities:

  • Develop technical security principles, policies and procedures such as security requirements for identity and access management, malware prevention, build standards, remote access, secure configuration, data leakage prevention, cloud security, firewall check procedures, patching and technical rules around the use of encryption, obfuscation and pseudonymisation
  • Be responsible for vulnerability management at the client, ensuring that regular internal scans, as well as ASV scans for PCI, are run, reviewed and remediation plans actioned in a timely manner
  • Monitor security profiles on all platforms by reviewing security violation reports and investigating exceptions
  • Introduce new and update existing security controls as part of ISO 27001 improvements and Cyber Essentials + programme implementation
  • Perform technical security assessments and attestations
  • Support the IS Run Manager with the management of security incidents
  • Build on existing monitoring and eDiscovery analysis and requests
  • Work with the Data Security Compliance Team on security for business continuity
  • Build on the existing relationship with the Client's third party information security consultancy and maximise value

PCI DSS responsibilities:

  • Work with the Data Security Compliance Manager to:
  • develop cardholder data flows for each payment channel
  • assess new payment channels and changes to existing channels
  • plan, scope and execute monthly ASV scans, remediating where required and resulting in a passing scan each quarter
  • plan, scope and execute annual penetration tests, remediating where required
  • develop governance arrangements to manage PCI DSS compliance in BAU, this includes recurring tasks such as reviews of access controls, logs, user accounts
  • collate evidence for all of the Clients's IS SAQ requirements on an on-going basis
  • Document technical PCI DSS security processes for the IS Department
  • Provide specialist technical PCI DSS security advice for IT projects
  • Individual to complete ISA training and re-qualify annually
  • Action the incident response plans and PCI DSS processes set by the Compliance Officer
  • Contribute to PCI SSC consultation papers, working groups and Special Interest Groups where appropriate under the Client's Participating Organisation status
  • Attend relevant security industry events to keep knowledge current and stay up to date with legislation and best practice

Highly desirable qualifications/certifications:

  • CISM
  • ISA / PCIP
  • Some knowledge of data protection law, whether DPA, GDPR or PECR

This advert was posted by Gold Group - one of the UK's leading niche recruitment consultancies. We span a variety of specialist industries and are the recruitment company to help you find your next career opportunity. We pride ourselves on our commitment to candidates and stick to our ethos of finding the right role for the right person. Visit our website or get in touch today to discuss this role, find out what else we've got or just for a chat about the state of your industry. Services advertised by Gold Group are those of an Agency and/or an Employment Business. Please be aware that we receive a high volume of applications for every role advertised and regularly receive applications from candidates who exceed the job credentials. We will only contact you within the next 14 days if you are selected for interview.

Similar Jobs

IT Service Delivery / Security Technician

Surrey, England £25000 - £30000 per annum + + Benefits

IT Support

Sittingbourne, Kent £20000 - £25000 per annum + Pension

2nd/3rd Line IT Support

Helensburgh, Argyll & Bute £30000 - £34000 per annum

1st/2nd Line IT Support

Helensburgh, Argyll & Bute £22000 - £28000 per annum

IT Infrastructure Engineer

Suffolk, England £30000 - £35000 per annum + + Benefits