Information Security Engineer


  • £40000 - £48000 per annum
  • Posted: 10/10/2017
  • Staffordshire
  • Job Ref: 216102205
  • Permanent

Job Details

Information Security Engineer – Permanent – Midlands - £good + benefits

We are recruiting an Information Security Engineer to join a global Information Security Team, the team is responsible for ensuring all corporate information and systems are secure, fit for purpose and protected to an optimal level. You will be a ‘sign-off' participant for risk and security assessments for new projects and BAU growth. You will help drive the scrutiny, culture, strategy and adoption across the global operation.

The role:

• Day-to-day running and monitoring of Information Security systems - analyse and interpret outputs to identify security weaknesses and recommend continuous improvements

• Respond to Security Incidents and alerts ensuring prompt containment and recovery - strong incident management skills – act as internal escalation point

• Plan and oversee regular security penetration testing against new and existing services to identify weaknesses and formulate plans and processes to minimise risk

• Own and update the Information Security Risk Register and produce Security KPIs

• Creation and enforcement of Information Security Policies and Standards

• Audit, risk and compliance reviews across the global business including third parties along with legal considerations for each region.

• Consult on and implement security best practice in new and existing IT projects including third party supply chain.

• Promote culture of ‘security by design' and facilitate appropriate activities to support and improve Information Security Awareness across the Group

• Understanding of information security principles, including regulatory, legislative and industry practices. Update policy and processes accordingly – e.g. for GDPR

• Articulate risk in technical and non-technical terminology so that it can be interpreted by Group IT and business stakeholders

• Remain up-to-date with new data and privacy legislation as well as emerging security technologies and understand/translate their risk relevance to the environment.

About you:

• At least 3+ years' experience of working within an Information Security role

• Good practical knowledge of GDPR (desirable) or data privacy by design

• Proven ability to manage a variety of security software, systems and services e.g. e-mail filtering, AV, DLP etc along with an understanding of malware prevention, emerging threats, attacks and vulnerability management

• A strong understanding of Information Security best practice for all elements including workstations, servers, networks and applications

• Knowledge of Security Frameworks, i.e. Cyber Essentials, ISO 27001

• Ability to confidently perform security audits, both internal and external (e.g. third party and supplier assurance) and ensure strong recommendations are followed

• Project Management skills - able to manage multiple projects

• Experience of reviewing existing and new business processes to ensure Information Security best practice is enforced

• Ability to remain calm under pressure and clearly communicate to all levels of management around the globe

• Ability to prioritise, meet tight deadlines, has a sense of urgency and a high degree of confidentiality

• Understanding of IT Service Management principles ideally ITIL.

Position comes with a competitive salary, company pension scheme, medical insurance and other benefits. Our client also invests in its people and will support your continued career progression and development.