Job Description & Requirements
Responsibilities
•Work closely with the senior IT Services stakeholders to ensure that appropriate security guidance is provided to support project delivery;
•Input in to the design and implementation of standards, policies, guidelines and appropriate architectural principles to ensure the firm’s cyber security goals continue to be met;
•Provide risk based direction in conjunction with IT Services for future system enhancements in line with the overall firm’s strategy;
•Recognize potential opportunities for enhancing the firm’s security, ensuring minimal impact to practitioners;
•Provide subject matter expertise to support business relationship management functions.
•Take ownership and ensure Governance, Policy and Procedures in relation to Management of Information
Security meets agreed standards and Technology Risk Assurance
•Develop a culture of in-depth understanding as to why security testing is required at both business and internal team level;
•Analysis of information protection technologies and processes to identify technology security weaknesses;
•Lead ongoing risk assessments of data processing systems to confirm the design of logical controls are effective and meet regulatory and legal requirements; and
•Provide quality reports to summarize test activities, including objectives, planning, methodology, results, analysis and recommendations to both technical and non-technical audiences. From the output of the reports provide suggested approaches to enhance further.
•Provide oversight and guidance during security incidents and investigations, ensure RCA is undertaken and input suggested approaches to deal with lessons identified
•Assist in the enhancement of delivery and management of key technology security platforms.
•Provide continuous improvement to the Technology Security function;
•Collaborate with IT Services to develop and maintain secure technology solutions; and
•Actively contribute to the overall Ogier risk management framework reporting to the Head of Risk & Compliance ensuring consistency in the advice we provide to the business.
•Prepare Monthly reports
•Provide Internal and External Audit Support.
• Experience on Windows Server and Networking
• Knowledge on Azure SAAS
Essential Requirements (Skills Requirements)
· A Bachelor’s degree in Information Technology, Information Systems Security, Cyber Security related or IT related equivalent. Years of Experience
· Minimum 6 to 8 years of IT & Security Experience
· Preferred industry qualifications - CISSP / CISA / CRISC / or equivalent
· Broad knowledge of a wide range of Information Technology systems and a deep understanding of the inherent security risks associated with these technologies;
· Understanding of information security principles and best practice (e.g., ISO27001 and ISF Standards of Good Practice for Information Security);
Technical / Professional Skills
· VAPT
· Infrastructure Security (Nessus, Qualys)
· Risk assessment
· Application security
· Security Audit
Non-Technical / Soft Skills
· Ability to understand and assess technology systems and applications from both a technical and business
· function perspective;
· Ability to communicate business and technical risk to all levels of audience;
· Excellent interpersonal skills with the ability to build and influence teams; and self-motivated
· Strong technical abilities, combined with business acumen;
· Ability to present security topics to a non-technical audience and presenting the business value of security;
GOOD TO HAVE
· Understand IT security and infrastructure technology
· Understand IT service management
· A good understanding of IT networking and access management concepts
· Prior experiences in leading an end-to-end IT Audit with COBIT framework and ITIL practices.
Skills (Key Words)
VAPT,Infra security, Security architecture review, Application Security