Information Security Engineer – Permanent – Midlands - £good + benefits
We are recruiting an Information Security Engineer to join a global Information Security Team, the team is responsible for ensuring all corporate information and systems are secure, fit for purpose and protected to an optimal level. You will be a ‘sign-off' participant for risk and security assessments for new projects and BAU growth. You will help drive the scrutiny, culture, strategy and adoption across the global operation.
• Day-to-day running and monitoring of Information Security systems - analyse and interpret outputs to identify security weaknesses and recommend continuous improvements
• Respond to Security Incidents and alerts ensuring prompt containment and recovery - strong incident management skills – act as internal escalation point
• Plan and oversee regular security penetration testing against new and existing services to identify weaknesses and formulate plans and processes to minimise risk
• Own and update the Information Security Risk Register and produce Security KPIs
• Creation and enforcement of Information Security Policies and Standards
• Audit, risk and compliance reviews across the global business including third parties along with legal considerations for each region.
• Consult on and implement security best practice in new and existing IT projects including third party supply chain.
• Promote culture of ‘security by design' and facilitate appropriate activities to support and improve Information Security Awareness across the Group
• Understanding of information security principles, including regulatory, legislative and industry practices. Update policy and processes accordingly – e.g. for GDPR
• Articulate risk in technical and non-technical terminology so that it can be interpreted by Group IT and business stakeholders
• Remain up-to-date with new data and privacy legislation as well as emerging security technologies and understand/translate their risk relevance to the environment.
• At least 3+ years' experience of working within an Information Security role
• Good practical knowledge of GDPR (desirable) or data privacy by design
• Proven ability to manage a variety of security software, systems and services e.g. e-mail filtering, AV, DLP etc along with an understanding of malware prevention, emerging threats, attacks and vulnerability management
• A strong understanding of Information Security best practice for all elements including workstations, servers, networks and applications
• Knowledge of Security Frameworks, i.e. Cyber Essentials, ISO 27001
• Ability to confidently perform security audits, both internal and external (e.g. third party and supplier assurance) and ensure strong recommendations are followed
• Project Management skills - able to manage multiple projects
• Experience of reviewing existing and new business processes to ensure Information Security best practice is enforced
• Ability to remain calm under pressure and clearly communicate to all levels of management around the globe
• Ability to prioritise, meet tight deadlines, has a sense of urgency and a high degree of confidentiality
• Understanding of IT Service Management principles ideally ITIL.
Position comes with a competitive salary, company pension scheme, medical insurance and other benefits. Our client also invests in its people and will support your continued career progression and development.