Security Specialist

• This role forms part of the Risk and Security team. Risk and Security is part of the wider Business Operations function. We are responsible for managing Information Security, Business Risk Management, Business Continuity and Physical Security.
• The role will work very closely with our Managed Service Providers and will also interface to security teams within our operations in India as well as a wide variety of internal stakeholder areas.
• You`ll be dealing with a variety of challenges including working on a programme to significantly improve our security capability through outsourced transformation.

• You`ll be working with onshore and offshore teams to understand what`s happening on our network and make sense of it in a business context and supporting those teams in helping set the strategic and tactical direction for security.
• You`ll also be keeping an eye on our own internal product development processes and designing security in and risk out from early in the lifecycle.
• On top of that, there`s a variety of other security programmes and projects to work on covering security awareness, risk, key management, user management, third-party reviews and compliance activities relating to PCI DSS, ND1643, and Cyber Essentials

Responsibilities:

• Provide input and support into the management of security toolsets, including IDS and Log Management tools, ensuring that indications of malicious activity are identified, investigated and resolved.
• Performance of network reviews and certification against industry standards including PCI DSS and ND1643 Interconnect Standard, Cyber Essentials
• Identify, log, communicate and manage security weaknesses and risks throughout the business, working cross-functionally to remediate or control those risks.
• Implement and maintain a suite of security metrics to enable the effectiveness of the security strategy and operation to be measured and related security issues to be understood and managed.
• To provide and support an assurance process around our product pipeline from a security perspective - designing security features in and vulnerabilities out as part of product development.
• Recommend, develop, publish, implement and monitor security policy and procedures for the business taking into account legislation, business culture and risk.
• To manage the security processes that support the customer including carrying out day to day operational security requests

• Supports, advises and gives guidance to internal customers on security risk matters ensuring that risks and weaknesses throughout the business are correctly identified, prioritised, investigated and resolved

Our candidate must have:

• Experience we are looking for:

  • Analysing and guiding the security around toolsets
  • Reviewing of certification against security standards including PCI-DSS, Interconnect standards and Cyber Essentials
  • Identify, log, manage and communicate any security weaknesses and risks, and work to mitigate or control the risks.
  • Develop and implement the security policy and procedures

  Need to have

  • Strong technical understanding of information security (infosec) and risk principles, with an ability to recommend simple solutions that are relevant
  • Experience of administration of Windows, Linux or Solaris (nice to have)
  • Good understanding of authentication and directory services like active directory
  • Good understanding of network technologies
  • Ability to persuade stakeholders if they spot risks or security weaknesses
  • Need clear and very good comms with an ability to translate technical information in simple terms
  • Ideally CISM, or CISA would be great.