North Yorkshire, England
£65000.00 - £73000.00 per annum
about 1 month ago
A key member of the Global Information Security Architecture team you will work closely with the other members of the Information Security team to deliver security policies, processes, standards and solutions. Focused on cloud initiatives you will work with business units and other functions to identify security requirements, using methods that may include risk and business impact assessments.
- Works with internal teama to identify, select and implement technical security controls.
- Consults with IT solution designers (cloud and on-prem) to assure and approve designs and system changes in line with policy, agreed standards and/or risk profile.
- Develops security processes and procedures to ensure that security controls are managed and maintained.
- Recommends information security-related hardware and software,
- Mantains an in depth understanding of financial and credit card industry standards (e.g. PCI standards, card association requirements, GDPR) and ensures that all projects are delivered to these standards.
- Assesses IT operational activities for compliance and security gaps
- Prioritises remedial work, driving security improvements across the business.
- Trains non-security staff on risks and sensible approaches for mitigation.
- Supports incident response from a security technology perspective.
- Assess the impact of business change on the IT security model.
- Good understanding of business applications, including internet facing and financial systems.
- Strong knowledge of PCI DSS (mandatory)
- Excellent technical knowledge and preferably design experience of: Mainstream operating systems [for example, Microsoft Windows, Linux, AIX] databases, middleware, virtualisation and storage technologies.
- A wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, cryptography, SIEM, anti-malware solutions, automated policy compliance tools, and desktop security tools.
- Network infrastructure and design, including routers, switches, firewalls, and the associated network protocols and concepts.
- Knowledge of application and web security issues and standards (for example OWASP).
- Proficiency in performing risk, business impact, control and vulnerability assessments.
- Relevant security experience or degree in: Information Security or Computer Science
- Minimum 6 Years Relevant Experience
- One or more of the following -CISSP, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, Security +, CGEIT
- Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) and/or TOGAF
- CCSP or AWS Cloud Certifications
- ISO 27001 or NIST CSF experience