£40000 - £50001 per annum
7 months ago
*The primary focus of this role is to provide support in building compliance with information security standards and audits, responding to cyber security threats and incidents as they happen and to ensure that appropriate controls are in place to minimise cyber risk.
*The team is also engaged with the definition and application of relevant policies and procedures, within the IT function and across the wider business.
*As part of the Information Security team, the role also contains tasking which may include:
oSupporting complex data discovery tasks
oSupporting the Security Operations Centre.
oSupporting the wider business security goals.
*Drive a culture of continual security improvement and best practice within the IT function and beyond.
*Through engagement with project teams and service owners, ensure that cyber and informational risk is kept as low as practicable.
*Ensure that cyber security incidents are investigated and resolved to a high standard.
*Ensure security alignment between all businesses entities.
*Provide regular status updates to line management.
*When required, support the business with complex data searches.
*Maintain an up to date knowledge of relevant tools and products.
*Standards: ISO27001, Cyber Essentials (including CE+), PAS1192-5, PAS555, DPA, GDPR, NISD.
*Frameworks: OWASP, NIST.
*Operating Systems: Windows, Linux.
*Scripting: Bash, Perl, PowerShell, Splunk
*Applications: Splunk / Splunk ES (or other enterprise SIEM), ISMS/GRC tools, Vulnerability scanning / penetration testing tools)
*Experience in administering security-based technologies, both on-premise and in the cloud (firewalls, proxies/content filters, IDS/IPS, DLP, mail gateways, MFA)
*Solid understanding of secure design principles, forensic evidence gathering and breach containment methodologies.
*Demonstrable knowledge of relevant exploits and vulnerabilities, their effects and mitigations.
*Broad understanding of IT infrastructure operational principles including application architecture
*5+ years' experience in an information or cyber security focused role for a medium or large organisation.
*Experience working with information security standards (ISO27001, Cyber Essentials, PAS1192-5, PAS555).
*Experience working with open source security tools to identify security risks.
*Experience with creating well defined communications and educational material.
*Experience in explaining technical concepts to non-technical colleagues
The JM Group is operating and advertising as an Employment Agency for permanent positions and as an Employment Business for interim / contract / temporary positions. The JM Group is an Equal Opportunities employer and we encourage applicants from all backgrounds.