Armstrong Knight is delighted to be recruiting on behalf of large retail business specialising in the distribution of machinery and powertools, with over 65 stores across the UK. Our client is now seeking an Infrastructure Manager to join the business, situated in the Nottingham Head Office. Position: Network / Infrastructure Manager Responsible to: IT & Systems Manager Responsible for: Maintain, develop, optimise, audit and safeguard the Group IT Network and Infrastructure Principle responsibilities and duties: o Management - Proactive management of the Network team to: o Provide effective support and maintenance of existing network o Maintain the integrity of the Group IT Network & Infrastructure requirements o Facilitate site-specific installations for both replacement PCs and new store systems o Mentor or provide guidance to junior members of the team. Produce annual risk assessments and work with business insurers and auditors to maintain the integrity of group Information Systems. Design and implement short- and long-term strategic plans to ensure infrastructure capacity meets existing and future requirements. Participate in the development of IT strategies in collaboration with the Senior Management team. Interact, negotiate and manage relationships with vendors, outsourcers, and contractors to secure infrastructure products and services. Assisting in providing hands-on Infrastructure support when required Manage & facilitate the PCI compliance across the Group, together with any required questionnaires/audits with third part suppliers. Proactive management of Telecoms / Security / alarm providers, auditing of service levels, negotiating contracts for discussion / approval by the Senior Management Team Development - To maintain and improve the Group wide network and associated servers and the development of new procedures and work practices along with the Group Management. Proactive management of all ongoing IT projects Direct the development and oversee the implementation of business processes, company policies (Information Security, Network Security, Business Continuity Management etc) and controls so that all relevant legislative and compliance requirements (PCI, GDPR, Licensing agreements) are fulfilled. Implement a 'bestpractise', Service Desk Management function for the group. Create and maintain written documentation for user / system manuals, license agreements and documentation relating to modifications and upgrades. Develop SOP's (Standard Operating Procedures) for best practice Service Delivery and ensure written protocols and guidelines are provided for all staff across the group. Create budgets for cap ex projects for management to discuss and manage the op ex budgets for the IT department and the group. Housekeeping - Documentation, risk assessments, policies, procedures and business process mapping, disaster recovery plans, information security and compliance, archiving, monitoring of usages, software upgrades, web usage, licenses, penetration and cybercrime and insurance Troubleshooting system and network problems Installing and configuring computer hardware, operating systems and applications and specific site installations for replacement PC's, Laptops, Tablets and new store systems Teamwork and Communication - Proactive communication and liaison with external contractors and suppliers such as Polestar (where necessary) to ensure that external support is carried out in a timely manner in line with Group purchasing guidelines Effective communication and liaison with all internal departments including internal audit, stores and external suppliers to provide first line and second line IT response regarding: o Hardware and Software support o Hardware Repairs o Replenishment of consumables Security and Back Ups - Ensure all systems are backed up and disks are taken off site where required Ensure security levels are sufficient to avoid risk of cybercrime or attacks Business Support - 1st and 2nd line support, diagnosing hardware and software faults and solve technical and applications problems. Helpdesk activities on back- office applications Monitor the system downtime performance and work with Polestar to ensure that the systems are operating at maximum performance Management Information - To provide information and reports to the management and other departments as required Other: Maintain Group confidentiality at all times Working out of hours as required to maintain systems and business requirements Occasional travel and overnight stays will be required Promote and maintain safe working practices in all areas Report to senior personnel any breach of security or any act of dishonesty by a member of the public, visitor or member of staff Any other reasonable duties as required Limits to Authority: • Comply with operational practice as determined by the Director • Comply with accounting/administration practices as determined by the Management Accountant • Comply with HR and Payroll working practices as determined by HR Manager • Comply with Health & Safety Regulations as determined by the Health & Safety Manager • Comply with Fleet policy as determined by Aftersales & Fleet Manager
Apr 18, 2024
Full time
Armstrong Knight is delighted to be recruiting on behalf of large retail business specialising in the distribution of machinery and powertools, with over 65 stores across the UK. Our client is now seeking an Infrastructure Manager to join the business, situated in the Nottingham Head Office. Position: Network / Infrastructure Manager Responsible to: IT & Systems Manager Responsible for: Maintain, develop, optimise, audit and safeguard the Group IT Network and Infrastructure Principle responsibilities and duties: o Management - Proactive management of the Network team to: o Provide effective support and maintenance of existing network o Maintain the integrity of the Group IT Network & Infrastructure requirements o Facilitate site-specific installations for both replacement PCs and new store systems o Mentor or provide guidance to junior members of the team. Produce annual risk assessments and work with business insurers and auditors to maintain the integrity of group Information Systems. Design and implement short- and long-term strategic plans to ensure infrastructure capacity meets existing and future requirements. Participate in the development of IT strategies in collaboration with the Senior Management team. Interact, negotiate and manage relationships with vendors, outsourcers, and contractors to secure infrastructure products and services. Assisting in providing hands-on Infrastructure support when required Manage & facilitate the PCI compliance across the Group, together with any required questionnaires/audits with third part suppliers. Proactive management of Telecoms / Security / alarm providers, auditing of service levels, negotiating contracts for discussion / approval by the Senior Management Team Development - To maintain and improve the Group wide network and associated servers and the development of new procedures and work practices along with the Group Management. Proactive management of all ongoing IT projects Direct the development and oversee the implementation of business processes, company policies (Information Security, Network Security, Business Continuity Management etc) and controls so that all relevant legislative and compliance requirements (PCI, GDPR, Licensing agreements) are fulfilled. Implement a 'bestpractise', Service Desk Management function for the group. Create and maintain written documentation for user / system manuals, license agreements and documentation relating to modifications and upgrades. Develop SOP's (Standard Operating Procedures) for best practice Service Delivery and ensure written protocols and guidelines are provided for all staff across the group. Create budgets for cap ex projects for management to discuss and manage the op ex budgets for the IT department and the group. Housekeeping - Documentation, risk assessments, policies, procedures and business process mapping, disaster recovery plans, information security and compliance, archiving, monitoring of usages, software upgrades, web usage, licenses, penetration and cybercrime and insurance Troubleshooting system and network problems Installing and configuring computer hardware, operating systems and applications and specific site installations for replacement PC's, Laptops, Tablets and new store systems Teamwork and Communication - Proactive communication and liaison with external contractors and suppliers such as Polestar (where necessary) to ensure that external support is carried out in a timely manner in line with Group purchasing guidelines Effective communication and liaison with all internal departments including internal audit, stores and external suppliers to provide first line and second line IT response regarding: o Hardware and Software support o Hardware Repairs o Replenishment of consumables Security and Back Ups - Ensure all systems are backed up and disks are taken off site where required Ensure security levels are sufficient to avoid risk of cybercrime or attacks Business Support - 1st and 2nd line support, diagnosing hardware and software faults and solve technical and applications problems. Helpdesk activities on back- office applications Monitor the system downtime performance and work with Polestar to ensure that the systems are operating at maximum performance Management Information - To provide information and reports to the management and other departments as required Other: Maintain Group confidentiality at all times Working out of hours as required to maintain systems and business requirements Occasional travel and overnight stays will be required Promote and maintain safe working practices in all areas Report to senior personnel any breach of security or any act of dishonesty by a member of the public, visitor or member of staff Any other reasonable duties as required Limits to Authority: • Comply with operational practice as determined by the Director • Comply with accounting/administration practices as determined by the Management Accountant • Comply with HR and Payroll working practices as determined by HR Manager • Comply with Health & Safety Regulations as determined by the Health & Safety Manager • Comply with Fleet policy as determined by Aftersales & Fleet Manager
Governance, Risk and Compliance (GRC) Analyst - ISO27001 - SOX - Audit Kingston-Upon-Thames, Surrey (3 days per week in the office) My client, a successful UK based company are looking for a GRC Analyst to join them on a permanent basis. Working in a small Information Security team this responsible role involves supporting the operation, maintenance and maturity of the Information Security program. Duties and responsibilities will include: Ensuring the protection of information assets and technologies Contribution to completion of security related audits such as ISO27001, ISO27017, NIST-CSF, IASME Governance, SOX Conduct and document internal audits Manage Third Party Risk Management (TPRM) including vendor security programme reviews, Contribution to Subject Access Request and eDiscovery processes You will need: Extensive Information Security Governance, Risk and Compliance (GRC) experience as well as InfoSec Operations experience Experience contributing to an Information Security Management System (ISMS) certified to ISO27001 standards Good knowledge of the Cyber Essentials Plus Scheme as well as UK & EU General Data Protection Regulation (GDPR) and the Data Protection Act (2018) The ability to work autonomously and as part of a team, excellent communication skills Advantageous certifications ISO/IEC 27001 Lead Implementer ISO/IEC 27001 Internal Auditor Security+ CISM / CISSP This is an excellent opportunity within a stable organisation dedicated to IT Security. Governance, Risk and Compliance (GRC) Analyst - ISO27001 - SOX - Audit Kingston-Upon-Thames, Surrey (3 days per week in the office)
Apr 18, 2024
Full time
Governance, Risk and Compliance (GRC) Analyst - ISO27001 - SOX - Audit Kingston-Upon-Thames, Surrey (3 days per week in the office) My client, a successful UK based company are looking for a GRC Analyst to join them on a permanent basis. Working in a small Information Security team this responsible role involves supporting the operation, maintenance and maturity of the Information Security program. Duties and responsibilities will include: Ensuring the protection of information assets and technologies Contribution to completion of security related audits such as ISO27001, ISO27017, NIST-CSF, IASME Governance, SOX Conduct and document internal audits Manage Third Party Risk Management (TPRM) including vendor security programme reviews, Contribution to Subject Access Request and eDiscovery processes You will need: Extensive Information Security Governance, Risk and Compliance (GRC) experience as well as InfoSec Operations experience Experience contributing to an Information Security Management System (ISMS) certified to ISO27001 standards Good knowledge of the Cyber Essentials Plus Scheme as well as UK & EU General Data Protection Regulation (GDPR) and the Data Protection Act (2018) The ability to work autonomously and as part of a team, excellent communication skills Advantageous certifications ISO/IEC 27001 Lead Implementer ISO/IEC 27001 Internal Auditor Security+ CISM / CISSP This is an excellent opportunity within a stable organisation dedicated to IT Security. Governance, Risk and Compliance (GRC) Analyst - ISO27001 - SOX - Audit Kingston-Upon-Thames, Surrey (3 days per week in the office)
Title: Information Security Manager Salary: 45,000 to 55,000 Location: Stockport Overview Our client provides IT Managed Services and IT infrastructure solutions to customers across the UK, Europe, and APAC regions. Customers include both private corporations and government organisations. Our IT infrastructure solutions primarily focus on the Dell product range, Cisco networking, Citrix, Microsoft, and our own Cloud platform. They operates a security-first culture which we see as a critical capability to our future success. As an Information Security Manager you will be responsible for maintaining, enhancing and operating ISMS(Information Security Management System) and developing and reinforcing our security first culture. Working alongside the director of security you will focus on policy implementation, user training, security awareness and auditing. The role requires excellent documentation, auditing, and risk management skills, you must be organised and thorough in your approach. You will be expected to present new security risks to the board and make sure these are managed throughout their life cycle until they are remediated or mitigated. You will be responsible for maintaining our ISMS audit schedule and making sure these tasks are conducted in a timely manner. This includes coverage of key partners and suppliers to ensure security alignment across the supply chain. What Success Looks Like: Maintain our ISO27001 certification and the ISMS. Help to maintain their Cyber Essentials plus certification. Increase the current ISO27001 scope to include all data centre sites, Cloud, and other developments that come along from time to time. Keep up to date with the latest security threats and help mitigate these. Operate an effective security risk management process that identifies risks ahead of them occurring and puts in place effective risk mitigations where appropriate. Maintain a continuous improvement approach to improve our security capability. Maintain company-wide security awareness amongst our people. Train and develop our peoples understanding of security, our security systems to keep our people understanding of security current. Reduce the number of Security Incidents through risk management and keeping personal knowledge up to date on emerging trends and threats. Key Responsibilities Maintain our information security and compliance framework(ISO27001): Create and implement policies, procedures, and guidelines to establish an effective information security and compliance program aligned with industry standards and regulations. Complete routine IT security reviews and liaise with relevant staff members to help maintain our ISMS IT objectives. Work with relevant teams to ensure our internal KPI's for security related operations are within the accepted targets and SLAs. Support our teams who are supporting our Customers to enhance their security capabilities. Help to complete customer security compliance audits, assessments, and questionnaires in relation to security policies and procedures and the services we supply to these customers. For clarity, this role is not responsible for delivering consultancy to our customers. Ensure regulatory compliance: Stay up to date with relevant laws, regulations, and industry standards (such as GDPR, ISO27001, Cyber Essentials, etc.) and ensure our organisation's compliance. Monitor changes in regulations and update policies and procedures accordingly. Conduct risk assessments: Identify and assess potential security risks and vulnerabilities, both internally and externally, and develop strategies to mitigate and manage them effectively. Perform regular risk assessments and maintain risk registers. Skills & Experience Essential Experience maintaining an ISO27001 information management system Prior experience in assessing and managing information security risks Experience giving presentations to management-level audience Experience of at least 3 years in an information security role Strong ability to convey complex information risk and security issues in a manner that is easily understood and actionable and constructively challenges prevailing thoughts and processes Exceptional knowledge of the Cyber Security Industry and providers A passion for Information Security Desirable ISO27001 Lead Auditor/Implementer experience CISSP/CISM/CRISK/ISSMP/CISMA/ NIST/ Experience of managing Cyber Essentials and Cyber Essentials plus certification requirements Strong evidence of continued personal and professional development Colleague Benefits 25 days paid leave + Bank Holidays Contributory Pension Scheme, tiered contributions rising to 7% with length of service Tailored personal development plans and career journey planning Fully/Partially Funded training Free parking (if office based) Laptop & company mobile phone If you believe you are suitable for this job or know someone who is, please reply to this advertisement with a copy of your CV and all other relevant information. In Technology Group Ltd is acting as an Employment Agency in relation to this vacancy.
Apr 18, 2024
Full time
Title: Information Security Manager Salary: 45,000 to 55,000 Location: Stockport Overview Our client provides IT Managed Services and IT infrastructure solutions to customers across the UK, Europe, and APAC regions. Customers include both private corporations and government organisations. Our IT infrastructure solutions primarily focus on the Dell product range, Cisco networking, Citrix, Microsoft, and our own Cloud platform. They operates a security-first culture which we see as a critical capability to our future success. As an Information Security Manager you will be responsible for maintaining, enhancing and operating ISMS(Information Security Management System) and developing and reinforcing our security first culture. Working alongside the director of security you will focus on policy implementation, user training, security awareness and auditing. The role requires excellent documentation, auditing, and risk management skills, you must be organised and thorough in your approach. You will be expected to present new security risks to the board and make sure these are managed throughout their life cycle until they are remediated or mitigated. You will be responsible for maintaining our ISMS audit schedule and making sure these tasks are conducted in a timely manner. This includes coverage of key partners and suppliers to ensure security alignment across the supply chain. What Success Looks Like: Maintain our ISO27001 certification and the ISMS. Help to maintain their Cyber Essentials plus certification. Increase the current ISO27001 scope to include all data centre sites, Cloud, and other developments that come along from time to time. Keep up to date with the latest security threats and help mitigate these. Operate an effective security risk management process that identifies risks ahead of them occurring and puts in place effective risk mitigations where appropriate. Maintain a continuous improvement approach to improve our security capability. Maintain company-wide security awareness amongst our people. Train and develop our peoples understanding of security, our security systems to keep our people understanding of security current. Reduce the number of Security Incidents through risk management and keeping personal knowledge up to date on emerging trends and threats. Key Responsibilities Maintain our information security and compliance framework(ISO27001): Create and implement policies, procedures, and guidelines to establish an effective information security and compliance program aligned with industry standards and regulations. Complete routine IT security reviews and liaise with relevant staff members to help maintain our ISMS IT objectives. Work with relevant teams to ensure our internal KPI's for security related operations are within the accepted targets and SLAs. Support our teams who are supporting our Customers to enhance their security capabilities. Help to complete customer security compliance audits, assessments, and questionnaires in relation to security policies and procedures and the services we supply to these customers. For clarity, this role is not responsible for delivering consultancy to our customers. Ensure regulatory compliance: Stay up to date with relevant laws, regulations, and industry standards (such as GDPR, ISO27001, Cyber Essentials, etc.) and ensure our organisation's compliance. Monitor changes in regulations and update policies and procedures accordingly. Conduct risk assessments: Identify and assess potential security risks and vulnerabilities, both internally and externally, and develop strategies to mitigate and manage them effectively. Perform regular risk assessments and maintain risk registers. Skills & Experience Essential Experience maintaining an ISO27001 information management system Prior experience in assessing and managing information security risks Experience giving presentations to management-level audience Experience of at least 3 years in an information security role Strong ability to convey complex information risk and security issues in a manner that is easily understood and actionable and constructively challenges prevailing thoughts and processes Exceptional knowledge of the Cyber Security Industry and providers A passion for Information Security Desirable ISO27001 Lead Auditor/Implementer experience CISSP/CISM/CRISK/ISSMP/CISMA/ NIST/ Experience of managing Cyber Essentials and Cyber Essentials plus certification requirements Strong evidence of continued personal and professional development Colleague Benefits 25 days paid leave + Bank Holidays Contributory Pension Scheme, tiered contributions rising to 7% with length of service Tailored personal development plans and career journey planning Fully/Partially Funded training Free parking (if office based) Laptop & company mobile phone If you believe you are suitable for this job or know someone who is, please reply to this advertisement with a copy of your CV and all other relevant information. In Technology Group Ltd is acting as an Employment Agency in relation to this vacancy.
My client, an International law firm based in London, are looking for an information security operational analyst to join their growing team. This role would require you to be in the office 3 days per week (2 from home). The hiring manager would also like someone from a legal or Financial Services/Banking background and a CISSP and/or MSC in Information Security is a MUST. Role and Responsibilities (this is a broad but not exhaustive list): Monitor computer networks for security issues Investigate security breaches and other cybersecurity incidents Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs Document security breaches and assess the damage they cause / Policy reviews Work with the security team and the wider IT team and external security partners to perform tests and uncover network vulnerabilities Fix detected vulnerabilities to maintain a high-security standard Stay current on IT security trends and news / Vendor security assessments Develop company-wide best practices for security / Network / Software / WIFI / Cloud / Messaging etc Assist in performing penetration testing / Monitoring and recording Risk and assessment Help colleagues install security software and understand information security best practice. Research security enhancements and make recommendations to management Stay up to date on information technology trends and security standards Qualifications and Experience: About the Information Security Operational Analyst role: The role of the Security Analyst will implement information security related tasks and focused on support and delivery, as advised and requested by the Head of Information Security (CISO). There are two streams of the organisational structure, Policy & Compliance and Operations. The skill set required for each is somewhat similar. However, will depend on what the candidate's experience preference and aptitude, aligned to educational and professional qualifications. Bachelor's degree in computer science or related field Certified Information Systems Security Professional (CISSP) or a MSC in Information Security is a must Certified Information Systems Auditor (CISA), or ISO Lead Auditor or Implementer qualification would be desirable for the role Experience in information security or related field Experience with computer network penetration testing and techniques Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts Ability to identify and mitigate network vulnerabilities and explain how to avoid them Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact A general background in working within IT, preferably within an Infrastructure or Application support/management role. Demonstrable experience facilitating IT Control audit activities. With Relevant IT Security or Information Risk Management qualifications (Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA , or ISO Lead Auditor or Implementer qualification, would be advantages for the role and desirable. Experience working with large and extended Operational and Engineering teams Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates
Apr 17, 2024
Full time
My client, an International law firm based in London, are looking for an information security operational analyst to join their growing team. This role would require you to be in the office 3 days per week (2 from home). The hiring manager would also like someone from a legal or Financial Services/Banking background and a CISSP and/or MSC in Information Security is a MUST. Role and Responsibilities (this is a broad but not exhaustive list): Monitor computer networks for security issues Investigate security breaches and other cybersecurity incidents Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs Document security breaches and assess the damage they cause / Policy reviews Work with the security team and the wider IT team and external security partners to perform tests and uncover network vulnerabilities Fix detected vulnerabilities to maintain a high-security standard Stay current on IT security trends and news / Vendor security assessments Develop company-wide best practices for security / Network / Software / WIFI / Cloud / Messaging etc Assist in performing penetration testing / Monitoring and recording Risk and assessment Help colleagues install security software and understand information security best practice. Research security enhancements and make recommendations to management Stay up to date on information technology trends and security standards Qualifications and Experience: About the Information Security Operational Analyst role: The role of the Security Analyst will implement information security related tasks and focused on support and delivery, as advised and requested by the Head of Information Security (CISO). There are two streams of the organisational structure, Policy & Compliance and Operations. The skill set required for each is somewhat similar. However, will depend on what the candidate's experience preference and aptitude, aligned to educational and professional qualifications. Bachelor's degree in computer science or related field Certified Information Systems Security Professional (CISSP) or a MSC in Information Security is a must Certified Information Systems Auditor (CISA), or ISO Lead Auditor or Implementer qualification would be desirable for the role Experience in information security or related field Experience with computer network penetration testing and techniques Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts Ability to identify and mitigate network vulnerabilities and explain how to avoid them Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact A general background in working within IT, preferably within an Infrastructure or Application support/management role. Demonstrable experience facilitating IT Control audit activities. With Relevant IT Security or Information Risk Management qualifications (Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA , or ISO Lead Auditor or Implementer qualification, would be advantages for the role and desirable. Experience working with large and extended Operational and Engineering teams Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates
.A highly regarded and successful Bristol institution is seeking a meticulous Information Security Analyst as part of a wider restructure of their Cyber Security function. In a role offering hybrid working (requirement of only 2 days per week on site), this role suits a Cyber Security professional who is passionate about the development and implementation of controls, and is passionate about their own career development. A short summary of the duties involved includes, and is not limited to: Establish and maintain internal guidelines for information security, ensuring alignment with industry standards and regulations. Conduct regular reviews of policies to ensure compliance and offer support on security matters. Assist with the Information Security Awareness For Everyone (SAFE) initiative. Evaluate internal controls through reviews, produce compliance reports, and develop action plans. Coordinate with auditors for assessments and oversee risk registers. Collaborate with stakeholders to implement security controls for critical systems. Assess and monitor third-party security using established criteria. Schedule routine security assessments. Work with internal teams to implement preventive measures based on incident findings. Maintain accurate compliance records and provide reports to relevant parties. Support the improvement of the Information Security Management System (ISMS) and stay abreast of industry developments. Requirements: Demonstrated expertise in conducting evaluations of IT/Cyber security controls. At least four years of relevant experience in IT, information security, or program management roles, with a focus on Governance, Risk, and Compliance (GRC) initiatives preferred. Diverse analytical skills gained from involvement in various IT and/or business projects. Proficiency in solution management, encompassing requirements analysis, solution proposal, progress monitoring, and benefits assessment. Familiarity with Information security frameworks and adherence to compliance standards such as ISO27001, Cyber Essentials Plus, NIST, SOC2, and PCI-DSS.
Apr 16, 2024
Full time
.A highly regarded and successful Bristol institution is seeking a meticulous Information Security Analyst as part of a wider restructure of their Cyber Security function. In a role offering hybrid working (requirement of only 2 days per week on site), this role suits a Cyber Security professional who is passionate about the development and implementation of controls, and is passionate about their own career development. A short summary of the duties involved includes, and is not limited to: Establish and maintain internal guidelines for information security, ensuring alignment with industry standards and regulations. Conduct regular reviews of policies to ensure compliance and offer support on security matters. Assist with the Information Security Awareness For Everyone (SAFE) initiative. Evaluate internal controls through reviews, produce compliance reports, and develop action plans. Coordinate with auditors for assessments and oversee risk registers. Collaborate with stakeholders to implement security controls for critical systems. Assess and monitor third-party security using established criteria. Schedule routine security assessments. Work with internal teams to implement preventive measures based on incident findings. Maintain accurate compliance records and provide reports to relevant parties. Support the improvement of the Information Security Management System (ISMS) and stay abreast of industry developments. Requirements: Demonstrated expertise in conducting evaluations of IT/Cyber security controls. At least four years of relevant experience in IT, information security, or program management roles, with a focus on Governance, Risk, and Compliance (GRC) initiatives preferred. Diverse analytical skills gained from involvement in various IT and/or business projects. Proficiency in solution management, encompassing requirements analysis, solution proposal, progress monitoring, and benefits assessment. Familiarity with Information security frameworks and adherence to compliance standards such as ISO27001, Cyber Essentials Plus, NIST, SOC2, and PCI-DSS.
IT Security Officer - NCSC, ISO27001, CIPT, CISSP, CISM, CISA Up to 50k depending on skills and experience. Hybrid - will need to be onsite when required. You need to live within commutable distance of Salisbury and due to the clients location, own transport is essential You must be eligible for SC clearance (lived and worked in UK for the last 5 years minimum) What does the company do: Our client provides infrastructure and support services to the armed forces. What You'll Be Doing: With a strong emphasis on Information Security and compliance, this role is fundamental in ensuring our client complies with its ongoing information security obligations, including but not limited to: MOD Accreditation, ISO27001 and Cyber Essentials Plus. This is a new opportunity which will give you scope to make the role your own and advance your career in the longer term. What You'll Need To Know: Minimum of 3 years of hands-on experience of delivering information security best practice Experience of owning and delivering information security initiatives, including awareness programmes, phishing simulations and training. Experience/understanding of National Cyber Security Centre (NCSC) best practices and guidance Experience of leading and conducting audits (especially ISO27001) is essential in this role. Familiar with principles of good data governance, cyber security and data protection. Ability to work across multiple technical projects simultaneously as required, delivering to deadlines Nice To Have: Experience of working in a MoD restricted environment and familiarity with MoD security standards A recognised information security certification (such as CIPT, CISSP, CISM, CISA, Lead Auditor for ISO27001 What You'll Get? to mention a few: 25 days holiday plus bank holidays Holiday purchase to up to 35 days leave in one year 1-2 volunteering days Pension scheme Life assurance x 4 SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
Apr 16, 2024
Full time
IT Security Officer - NCSC, ISO27001, CIPT, CISSP, CISM, CISA Up to 50k depending on skills and experience. Hybrid - will need to be onsite when required. You need to live within commutable distance of Salisbury and due to the clients location, own transport is essential You must be eligible for SC clearance (lived and worked in UK for the last 5 years minimum) What does the company do: Our client provides infrastructure and support services to the armed forces. What You'll Be Doing: With a strong emphasis on Information Security and compliance, this role is fundamental in ensuring our client complies with its ongoing information security obligations, including but not limited to: MOD Accreditation, ISO27001 and Cyber Essentials Plus. This is a new opportunity which will give you scope to make the role your own and advance your career in the longer term. What You'll Need To Know: Minimum of 3 years of hands-on experience of delivering information security best practice Experience of owning and delivering information security initiatives, including awareness programmes, phishing simulations and training. Experience/understanding of National Cyber Security Centre (NCSC) best practices and guidance Experience of leading and conducting audits (especially ISO27001) is essential in this role. Familiar with principles of good data governance, cyber security and data protection. Ability to work across multiple technical projects simultaneously as required, delivering to deadlines Nice To Have: Experience of working in a MoD restricted environment and familiarity with MoD security standards A recognised information security certification (such as CIPT, CISSP, CISM, CISA, Lead Auditor for ISO27001 What You'll Get? to mention a few: 25 days holiday plus bank holidays Holiday purchase to up to 35 days leave in one year 1-2 volunteering days Pension scheme Life assurance x 4 SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
IT Security Officer - NCSC, ISO27001, CIPT, CISSP, CISM, CISA Up to 50k depending on skills and experience. Hybrid - will need to be onsite when required. You need to live within commutable distance of Salisbury and due to the clients location, own transport is essential You must be eligible for SC clearance (lived and worked in UK for the last 5 years minimum) What does the company do: Our client provides infrastructure and support services to the armed forces. What You'll Be Doing: With a strong emphasis on Information Security and compliance, this role is fundamental in ensuring our client complies with its ongoing information security obligations, including but not limited to: MOD Accreditation, ISO27001 and Cyber Essentials Plus. This is a new opportunity which will give you scope to make the role your own and advance your career in the longer term. What You'll Need To Know: Minimum of 3 years of hands-on experience of delivering information security best practice Experience of owning and delivering information security initiatives, including awareness programmes, phishing simulations and training. Experience/understanding of National Cyber Security Centre (NCSC) best practices and guidance Experience of leading and conducting audits (especially ISO27001) is essential in this role. Familiar with principles of good data governance, cyber security and data protection. Ability to work across multiple technical projects simultaneously as required, delivering to deadlines Nice To Have: Experience of working in a MoD restricted environment and familiarity with MoD security standards A recognised information security certification (such as CIPT, CISSP, CISM, CISA, Lead Auditor for ISO27001 What You'll Get - to mention a few: 25 days holiday plus bank holidays Holiday purchase to up to 35 days leave in one year 1-2 volunteering days Pension scheme Life assurance x 4 SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
Apr 16, 2024
Full time
IT Security Officer - NCSC, ISO27001, CIPT, CISSP, CISM, CISA Up to 50k depending on skills and experience. Hybrid - will need to be onsite when required. You need to live within commutable distance of Salisbury and due to the clients location, own transport is essential You must be eligible for SC clearance (lived and worked in UK for the last 5 years minimum) What does the company do: Our client provides infrastructure and support services to the armed forces. What You'll Be Doing: With a strong emphasis on Information Security and compliance, this role is fundamental in ensuring our client complies with its ongoing information security obligations, including but not limited to: MOD Accreditation, ISO27001 and Cyber Essentials Plus. This is a new opportunity which will give you scope to make the role your own and advance your career in the longer term. What You'll Need To Know: Minimum of 3 years of hands-on experience of delivering information security best practice Experience of owning and delivering information security initiatives, including awareness programmes, phishing simulations and training. Experience/understanding of National Cyber Security Centre (NCSC) best practices and guidance Experience of leading and conducting audits (especially ISO27001) is essential in this role. Familiar with principles of good data governance, cyber security and data protection. Ability to work across multiple technical projects simultaneously as required, delivering to deadlines Nice To Have: Experience of working in a MoD restricted environment and familiarity with MoD security standards A recognised information security certification (such as CIPT, CISSP, CISM, CISA, Lead Auditor for ISO27001 What You'll Get - to mention a few: 25 days holiday plus bank holidays Holiday purchase to up to 35 days leave in one year 1-2 volunteering days Pension scheme Life assurance x 4 SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
In Technology Group Limited
Manchester, Lancashire
Title: Information Security Manager Salary: £45,000 to £55,000 Location: Stockport Overview Our client provides IT Managed Services and IT infrastructure solutions to customers across the UK, Europe, and APAC regions. Customers include both private corporations and government organisations. Our IT infrastructure solutions primarily focus on the Dell product range, Cisco networking, Citrix, Microsoft, and our own Cloud platform. They operates a security-first culture which we see as a critical capability to our future success. As an Information Security Manager you will be responsible for maintaining, enhancing and operating ISMS(Information Security Management System) and developing and reinforcing our security first culture. Working alongside the director of security you will focus on policy implementation, user training, security awareness and auditing. The role requires excellent documentation, auditing, and risk management skills, you must be organised and thorough in your approach. You will be expected to present new security risks to the board and make sure these are managed throughout their life cycle until they are remediated or mitigated. You will be responsible for maintaining our ISMS audit schedule and making sure these tasks are conducted in a timely manner. This includes coverage of key partners and suppliers to ensure security alignment across the supply chain. What Success Looks Like: Maintain our ISO27001 certification and the ISMS. Help to maintain their Cyber Essentials plus certification. Increase the current ISO27001 scope to include all data centre sites, Cloud, and other developments that come along from time to time. Keep up to date with the latest security threats and help mitigate these. Operate an effective security risk management process that identifies risks ahead of them occurring and puts in place effective risk mitigations where appropriate. Maintain a continuous improvement approach to improve our security capability. Maintain company-wide security awareness amongst our people. Train and develop our peoples understanding of security, our security systems to keep our people understanding of security current. Reduce the number of Security Incidents through risk management and keeping personal knowledge up to date on emerging trends and threats. Key Responsibilities Maintain our information security and compliance framework(ISO27001): Create and implement policies, procedures, and guidelines to establish an effective information security and compliance program aligned with industry standards and regulations. Complete routine IT security reviews and liaise with relevant staff members to help maintain our ISMS IT objectives. Work with relevant teams to ensure our internal KPI's for security related operations are within the accepted targets and SLAs. Support our teams who are supporting our Customers to enhance their security capabilities. Help to complete customer security compliance audits, assessments, and questionnaires in relation to security policies and procedures and the services we supply to these customers. For clarity, this role is not responsible for delivering consultancy to our customers. Ensure regulatory compliance: Stay up to date with relevant laws, regulations, and industry standards (such as GDPR, ISO27001, Cyber Essentials, etc.) and ensure our organisation's compliance. Monitor changes in regulations and update policies and procedures accordingly. Conduct risk assessments: Identify and assess potential security risks and vulnerabilities, both internally and externally, and develop strategies to mitigate and manage them effectively. Perform regular risk assessments and maintain risk registers. Skills & Experience Essential Experience maintaining an ISO27001 information management system Prior experience in assessing and managing information security risks Experience giving presentations to management-level audience Experience of at least 3 years in an information security role Strong ability to convey complex information risk and security issues in a manner that is easily understood and actionable and constructively challenges prevailing thoughts and processes Exceptional knowledge of the Cyber Security Industry and providers A passion for Information Security Desirable ISO27001 Lead Auditor/Implementer experience CISSP/CISM/CRISK/ISSMP/CISMA/ NIST/ Experience of managing Cyber Essentials and Cyber Essentials plus certification requirements Strong evidence of continued personal and professional development Colleague Benefits 25 days paid leave + Bank Holidays Contributory Pension Scheme, tiered contributions rising to 7% with length of service Tailored personal development plans and career journey planning Fully/Partially Funded training Free parking (if office based) Laptop & company mobile phone If you believe you are suitable for this job or know someone who is, please reply to this advertisement with a copy of your CV and all other relevant information. In Technology Group Ltd is acting as an Employment Agency in relation to this vacancy.
Apr 16, 2024
Full time
Title: Information Security Manager Salary: £45,000 to £55,000 Location: Stockport Overview Our client provides IT Managed Services and IT infrastructure solutions to customers across the UK, Europe, and APAC regions. Customers include both private corporations and government organisations. Our IT infrastructure solutions primarily focus on the Dell product range, Cisco networking, Citrix, Microsoft, and our own Cloud platform. They operates a security-first culture which we see as a critical capability to our future success. As an Information Security Manager you will be responsible for maintaining, enhancing and operating ISMS(Information Security Management System) and developing and reinforcing our security first culture. Working alongside the director of security you will focus on policy implementation, user training, security awareness and auditing. The role requires excellent documentation, auditing, and risk management skills, you must be organised and thorough in your approach. You will be expected to present new security risks to the board and make sure these are managed throughout their life cycle until they are remediated or mitigated. You will be responsible for maintaining our ISMS audit schedule and making sure these tasks are conducted in a timely manner. This includes coverage of key partners and suppliers to ensure security alignment across the supply chain. What Success Looks Like: Maintain our ISO27001 certification and the ISMS. Help to maintain their Cyber Essentials plus certification. Increase the current ISO27001 scope to include all data centre sites, Cloud, and other developments that come along from time to time. Keep up to date with the latest security threats and help mitigate these. Operate an effective security risk management process that identifies risks ahead of them occurring and puts in place effective risk mitigations where appropriate. Maintain a continuous improvement approach to improve our security capability. Maintain company-wide security awareness amongst our people. Train and develop our peoples understanding of security, our security systems to keep our people understanding of security current. Reduce the number of Security Incidents through risk management and keeping personal knowledge up to date on emerging trends and threats. Key Responsibilities Maintain our information security and compliance framework(ISO27001): Create and implement policies, procedures, and guidelines to establish an effective information security and compliance program aligned with industry standards and regulations. Complete routine IT security reviews and liaise with relevant staff members to help maintain our ISMS IT objectives. Work with relevant teams to ensure our internal KPI's for security related operations are within the accepted targets and SLAs. Support our teams who are supporting our Customers to enhance their security capabilities. Help to complete customer security compliance audits, assessments, and questionnaires in relation to security policies and procedures and the services we supply to these customers. For clarity, this role is not responsible for delivering consultancy to our customers. Ensure regulatory compliance: Stay up to date with relevant laws, regulations, and industry standards (such as GDPR, ISO27001, Cyber Essentials, etc.) and ensure our organisation's compliance. Monitor changes in regulations and update policies and procedures accordingly. Conduct risk assessments: Identify and assess potential security risks and vulnerabilities, both internally and externally, and develop strategies to mitigate and manage them effectively. Perform regular risk assessments and maintain risk registers. Skills & Experience Essential Experience maintaining an ISO27001 information management system Prior experience in assessing and managing information security risks Experience giving presentations to management-level audience Experience of at least 3 years in an information security role Strong ability to convey complex information risk and security issues in a manner that is easily understood and actionable and constructively challenges prevailing thoughts and processes Exceptional knowledge of the Cyber Security Industry and providers A passion for Information Security Desirable ISO27001 Lead Auditor/Implementer experience CISSP/CISM/CRISK/ISSMP/CISMA/ NIST/ Experience of managing Cyber Essentials and Cyber Essentials plus certification requirements Strong evidence of continued personal and professional development Colleague Benefits 25 days paid leave + Bank Holidays Contributory Pension Scheme, tiered contributions rising to 7% with length of service Tailored personal development plans and career journey planning Fully/Partially Funded training Free parking (if office based) Laptop & company mobile phone If you believe you are suitable for this job or know someone who is, please reply to this advertisement with a copy of your CV and all other relevant information. In Technology Group Ltd is acting as an Employment Agency in relation to this vacancy.
Cyber Security Risk & Assurance Analyst - 45-50k + Bonus Job Accountabilities Effectively leverage the Digital Safety risk framework to identify, analyse and manage cyber risk reflecting in-depth knowledge and experience. Actively engage with numerous functions, from technical IT to business facing functions, to gather a comprehensive range of risk-related information to demonstrate broad organisational understanding. Apply the Digital Safety assurance processes to accurately identify and register risks, demonstrating strategic initiative and proactively. to perceive and register risks. Collaborate with the IT Quality and Risk function to identify significant areas of IT risk in the context of Digital Safety risks, demonstrating strong cross-functional teamwork. Report to senior management via appropriate forums on risk and assurance findings and risk treatment plans. Present and articulate findings at risk forums to facilitate the management of identified risks, showcasing nuanced understanding and strong communication skills. Maintain and update knowledge of the current threat landscape and evaluate its impact on the likelihood of risk events occurring, reflecting a commitment to knowledge development. Provide education, guidance and mentorship to colleagues outside of Risk and Assurance on the use of the risk methodology, fostering a companywide understanding of risk management and reporting. Supporting Risk and Assurance: Tracking, management and reporting of risk, control and deviation remediation activities, Facilitate in the preparation of material for internal or external auditors, Preside over meetings, ensuring key decisions and discussions are minute and action logs are maintained for future reference. Provide strategic support to the Digital Safety Risk and Assurance team to identify and capture gaps and information concerning our data governance framework. Responsible for updating the risk register of information assets with risks associated with each asset. Business skills Has sufficient communication skills for effective dialogue with customers, suppliers and partners. Is able to work in a team. Is able to plan, schedule and monitor own work within short time horizons. Demonstrates a rational and organised approach to work. Understands and uses appropriate methods, tools and applications. Identifies and negotiates own development opportunities. Is fully aware of and complies with essential organisational security practices expected of the individual. Analytical mind-set. Motivation to develop and maintain subject matter expertise. Enthusiastic, pro-active and positive attitude. Ability to work to deadlines, prioritize and multi-task. Ability to manage own workload and meeting schedule. Basic Report writing. Ability to absorb and learn technical information and communicate this in a way that is easy to understand. Cyber Security Risk & Assurance Analyst - 45-50k + Bonus .
Apr 15, 2024
Full time
Cyber Security Risk & Assurance Analyst - 45-50k + Bonus Job Accountabilities Effectively leverage the Digital Safety risk framework to identify, analyse and manage cyber risk reflecting in-depth knowledge and experience. Actively engage with numerous functions, from technical IT to business facing functions, to gather a comprehensive range of risk-related information to demonstrate broad organisational understanding. Apply the Digital Safety assurance processes to accurately identify and register risks, demonstrating strategic initiative and proactively. to perceive and register risks. Collaborate with the IT Quality and Risk function to identify significant areas of IT risk in the context of Digital Safety risks, demonstrating strong cross-functional teamwork. Report to senior management via appropriate forums on risk and assurance findings and risk treatment plans. Present and articulate findings at risk forums to facilitate the management of identified risks, showcasing nuanced understanding and strong communication skills. Maintain and update knowledge of the current threat landscape and evaluate its impact on the likelihood of risk events occurring, reflecting a commitment to knowledge development. Provide education, guidance and mentorship to colleagues outside of Risk and Assurance on the use of the risk methodology, fostering a companywide understanding of risk management and reporting. Supporting Risk and Assurance: Tracking, management and reporting of risk, control and deviation remediation activities, Facilitate in the preparation of material for internal or external auditors, Preside over meetings, ensuring key decisions and discussions are minute and action logs are maintained for future reference. Provide strategic support to the Digital Safety Risk and Assurance team to identify and capture gaps and information concerning our data governance framework. Responsible for updating the risk register of information assets with risks associated with each asset. Business skills Has sufficient communication skills for effective dialogue with customers, suppliers and partners. Is able to work in a team. Is able to plan, schedule and monitor own work within short time horizons. Demonstrates a rational and organised approach to work. Understands and uses appropriate methods, tools and applications. Identifies and negotiates own development opportunities. Is fully aware of and complies with essential organisational security practices expected of the individual. Analytical mind-set. Motivation to develop and maintain subject matter expertise. Enthusiastic, pro-active and positive attitude. Ability to work to deadlines, prioritize and multi-task. Ability to manage own workload and meeting schedule. Basic Report writing. Ability to absorb and learn technical information and communicate this in a way that is easy to understand. Cyber Security Risk & Assurance Analyst - 45-50k + Bonus .
Make nuclear innovation possible: Are you ready to take up a vital role in shaping some of our exciting projects? How about joining our talented team, where everyone has a voice, and together we face our clients' problems head-on. It's a diverse and inclusive work environment where world-class talent knows no distinctions. The world is becoming increasingly data rich and enabled and the requirements for our projects are no different. Immersive techniques, whether visual and or auditory, such as Virtual Reality (VR), Augmented Reality (AR) and Mixed Reality (MR) are advancing and becoming increasingly available as a method of enhancing access to project data. The ever-increasing adoption of Immersive techniques are seeing real project benefits such as de risking delivery, accessing sites virtually, facilitating training and digitally rehearsing activities to name but a few examples and the need for these skills to complement our engineering delivery work is clear and present both now and in the future. Your purpose: As the Head of XR you will be responsible for overseeing the development and execution of our Extended Reality (XR) projects from conception to deployment. This includes Virtual Reality (VR), Augmented Reality (AR), and Mixed Reality (MR) applications. Your strategic vision and expertise in XR technologies will drive the development of cutting-edge solutions that align with our market and customer needs. You will work closely with market account managers, project, and digital teams across our Nuclear and Power EMEA business to develop and implement the strategic vision for XR on projects aligning with our company objectives and getting ahead of market trends. Responsibilities: Recruit, develop and lead an emerging XR team, fostering a culture of innovation, collaboration, and continuous improvement. Oversee the full XR project lifecycle from ideation and development to testing, deployment and post-launch support. Develop and implement standards, methods, and procedures to document business needs, deliverables, qualitative and quantifiable metrics, and information security implications for use cases. Interface with internal project and site engineering teams to understand their technical needs and identify opportunities to develop proof of concepts and implement appropriate XR solutions. Collaborate with cross-functional teams, including marketing and comms, digital and technology solutions, finance, legal and commercial and information security to ensure XR projects meet business goals and user requirements. Stay abreast of the latest XR technologies and industry trends, incorporating best practices and innovations into our projects. Manage budgets, timelines and resources ensuring projects are delivered on time and within scope. Cultivate relationships with technology partners, vendors, and external stakeholders to enhance our capabilities and market position. Requirements: Bachelor's or Master's degree in computer science, Digital Media or related field (Equivalent practical experience will be accepted). Minimum of 5 years of experience in XR development, with at least 2 years in a leadership role. Track record of successfully managing and delivering XR projects. Strong technical proficiency in XR platforms, tools, and programming languages (e.g., Unity, Unreal Engine, C#, C++). Excellent leadership, communication, and team management skills. Creative thinker with a passion for emerging technologies and solving complex problems. Ability to work in a dynamic environment, adapting to the various paces of the industry and sector and changing priorities. Why work for Atkins Réalis ? The UK is the first major economy to legislate for a Net Zero target by 2050. To achieve this, our nuclear and clean energy teams are ensuring a mix of secure and sustainable energies that can meet our industry and lifestyle demands today, and in 30 years' time. We help to power our world through exciting new technologies and intelligent cybersecurity systems on projects that vary greatly in size, scope, and scale. So, you'll be creating the right safe and resilient systems across nuclear power, renewables, decarbonisation development, new builds and energy efficiency. Read more about our Vision for Women. Meeting your needs: When you start with us, you'll enjoy "Total Reward," a package that can be tailored to your lifestyle, career and personal needs. From flexible holidays to life assurance, health & wellbeing benefits, and career planning for the senior stage of your career. Making sure you're supported is important to us. So, if you identify as having a disability, tell us ahead of your interview. And let's talk about any adjustments you might need. New name, new era. We are AtkinsRéalis. It will take some time for all our information to update - you can still refer to our fantastic benefits via the link below: YourReward at SNC-Lavalin () . More about us: AtkinsRéalis is a leading global consultancy with over 100 years of design and engineering expertise. With us, you'll be surrounded by the skills, knowledge and support to help you succeed. Together, we can deliver projects which have a positive, sustainable impact on the world. AtkinsRéalis Latest Projects Articles () Additional Information: This role may require security clearance and offers of employment will be dependent on obtaining the relevant level of clearance. If this is necessary, it will be discussed with you at interview. The vetting process is delivered by United Kingdom Security Vetting (UKSV) and may require candidates to provide proof of residency in the UK of 5 years or longer. If applying to this role please do not make reference to (in conversation) or include in your application or CV, details of any current or previously held security clearance. We are committed to promoting a diverse and inclusive community - a place where we can all be ourselves, thrive and develop. To help embed inclusion for all, from day one, we offer a range of family friendly, inclusive employment policies, flexible working arrangements and employee networks to support staff from different backgrounds. As an Equal Opportunities Employer, we value applications from all backgrounds, cultures and ability.
Apr 14, 2024
Full time
Make nuclear innovation possible: Are you ready to take up a vital role in shaping some of our exciting projects? How about joining our talented team, where everyone has a voice, and together we face our clients' problems head-on. It's a diverse and inclusive work environment where world-class talent knows no distinctions. The world is becoming increasingly data rich and enabled and the requirements for our projects are no different. Immersive techniques, whether visual and or auditory, such as Virtual Reality (VR), Augmented Reality (AR) and Mixed Reality (MR) are advancing and becoming increasingly available as a method of enhancing access to project data. The ever-increasing adoption of Immersive techniques are seeing real project benefits such as de risking delivery, accessing sites virtually, facilitating training and digitally rehearsing activities to name but a few examples and the need for these skills to complement our engineering delivery work is clear and present both now and in the future. Your purpose: As the Head of XR you will be responsible for overseeing the development and execution of our Extended Reality (XR) projects from conception to deployment. This includes Virtual Reality (VR), Augmented Reality (AR), and Mixed Reality (MR) applications. Your strategic vision and expertise in XR technologies will drive the development of cutting-edge solutions that align with our market and customer needs. You will work closely with market account managers, project, and digital teams across our Nuclear and Power EMEA business to develop and implement the strategic vision for XR on projects aligning with our company objectives and getting ahead of market trends. Responsibilities: Recruit, develop and lead an emerging XR team, fostering a culture of innovation, collaboration, and continuous improvement. Oversee the full XR project lifecycle from ideation and development to testing, deployment and post-launch support. Develop and implement standards, methods, and procedures to document business needs, deliverables, qualitative and quantifiable metrics, and information security implications for use cases. Interface with internal project and site engineering teams to understand their technical needs and identify opportunities to develop proof of concepts and implement appropriate XR solutions. Collaborate with cross-functional teams, including marketing and comms, digital and technology solutions, finance, legal and commercial and information security to ensure XR projects meet business goals and user requirements. Stay abreast of the latest XR technologies and industry trends, incorporating best practices and innovations into our projects. Manage budgets, timelines and resources ensuring projects are delivered on time and within scope. Cultivate relationships with technology partners, vendors, and external stakeholders to enhance our capabilities and market position. Requirements: Bachelor's or Master's degree in computer science, Digital Media or related field (Equivalent practical experience will be accepted). Minimum of 5 years of experience in XR development, with at least 2 years in a leadership role. Track record of successfully managing and delivering XR projects. Strong technical proficiency in XR platforms, tools, and programming languages (e.g., Unity, Unreal Engine, C#, C++). Excellent leadership, communication, and team management skills. Creative thinker with a passion for emerging technologies and solving complex problems. Ability to work in a dynamic environment, adapting to the various paces of the industry and sector and changing priorities. Why work for Atkins Réalis ? The UK is the first major economy to legislate for a Net Zero target by 2050. To achieve this, our nuclear and clean energy teams are ensuring a mix of secure and sustainable energies that can meet our industry and lifestyle demands today, and in 30 years' time. We help to power our world through exciting new technologies and intelligent cybersecurity systems on projects that vary greatly in size, scope, and scale. So, you'll be creating the right safe and resilient systems across nuclear power, renewables, decarbonisation development, new builds and energy efficiency. Read more about our Vision for Women. Meeting your needs: When you start with us, you'll enjoy "Total Reward," a package that can be tailored to your lifestyle, career and personal needs. From flexible holidays to life assurance, health & wellbeing benefits, and career planning for the senior stage of your career. Making sure you're supported is important to us. So, if you identify as having a disability, tell us ahead of your interview. And let's talk about any adjustments you might need. New name, new era. We are AtkinsRéalis. It will take some time for all our information to update - you can still refer to our fantastic benefits via the link below: YourReward at SNC-Lavalin () . More about us: AtkinsRéalis is a leading global consultancy with over 100 years of design and engineering expertise. With us, you'll be surrounded by the skills, knowledge and support to help you succeed. Together, we can deliver projects which have a positive, sustainable impact on the world. AtkinsRéalis Latest Projects Articles () Additional Information: This role may require security clearance and offers of employment will be dependent on obtaining the relevant level of clearance. If this is necessary, it will be discussed with you at interview. The vetting process is delivered by United Kingdom Security Vetting (UKSV) and may require candidates to provide proof of residency in the UK of 5 years or longer. If applying to this role please do not make reference to (in conversation) or include in your application or CV, details of any current or previously held security clearance. We are committed to promoting a diverse and inclusive community - a place where we can all be ourselves, thrive and develop. To help embed inclusion for all, from day one, we offer a range of family friendly, inclusive employment policies, flexible working arrangements and employee networks to support staff from different backgrounds. As an Equal Opportunities Employer, we value applications from all backgrounds, cultures and ability.
IT Auditor - AD Level (12 FTC) AW/41423 London (Hybrid) This prestigious merchant bank has an immediate requirement for an experienced IT Auditor to join them on a 12-month fixed-term contract basis. You will be expected to work on agreed audits of IT throughout the business, covering all aspects of IT, including infrastructure, cyber security, projects, cloud solutions and applications, reviewing and where necessary, recommending appropriate changes to policies, procedures and controls. This role is based in London whereby the client operates on a hybrid working basis. For more information contact Andrew Whyte.
Apr 13, 2024
Full time
IT Auditor - AD Level (12 FTC) AW/41423 London (Hybrid) This prestigious merchant bank has an immediate requirement for an experienced IT Auditor to join them on a 12-month fixed-term contract basis. You will be expected to work on agreed audits of IT throughout the business, covering all aspects of IT, including infrastructure, cyber security, projects, cloud solutions and applications, reviewing and where necessary, recommending appropriate changes to policies, procedures and controls. This role is based in London whereby the client operates on a hybrid working basis. For more information contact Andrew Whyte.
Location Client Site in Barrow-in-Furness The job on offer Are you passionate about cybersecurity? Are you an excellent communicator with demonstrable experience of security analysts activities within organisations? Would you relish putting these skills into practice by taking on a role within Capgemini to protect our clients from cyber threats? As the Senior Security Analyst, you will be the lead Security Analyst within the a client account IT Security Operations Team. You will be joining a fantastic team of more than 400 UK based security professionals that deliver world-class security services day in and day out. Your role • Manage escalated Security Incidents from a people and process perspective • Identify and prioritise Security Incidents, Security Tickets and Security Service Requests • Bring incidents to successful conclusions with thorough remediation plans • Prioritising and differentiating between potential intrusion activity and false alarms • Conduct vulnerability analysis and create impact assessments • Assess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement • Work closely together with technical architects to produce design specifications according to information security policies, while fulfilling business needs Your profile • A good knowledge of Cyber Security and Information Assurance - an ability to demonstrate understanding of governance, compliance and risk from different perspectives i.e. across people, processes and technology • Someone who is an advocate for security good practice, with the ability to influence others • Hold, or be working towards, ISO27001 Lead Auditor • A working knowledge of ISO27001 required, and desirable to have knowledge of ISO33052, ISO33072 and METSec • Current NPPV3/SC clearance or the ability to be cleared to that level • Have been resident in the United Kingdom for at least five (5) years • Experience in the public sector preferred but not required • Due to the security classification of the work you will be involved in, you must be a UK national and must hold or be eligible to hold a SC security clearance. Why Capgemini is unique We aim to build an environment where employees can enjoy a positive work-life balance. Through our New Normal campaign, we are looking to embed hybrid working in all that we do and make flexible working arrangements the day-to-day reality for our people. All UK employees are eligible to request flexible working arrangements. We work with a range of clients all with a unique set of business, technological and societal ambitions. Working for Capgemini you get to be at the forefront of designing future experiences, which truly impact our clients and wider society for the better. We realise a Total Reward package should be move than just compensation. At Capgemini we offer range of core and flexible benefits and have a Peer Recognition Portal called Applaud Get the future you want Growing clients' businesses while building a more sustainable, more inclusive future is a tough ask. But when you join Capgemini, you join a thriving company and become part of a diverse collective of free-thinkers, entrepreneurs and industry experts. A powerful source of energy that drives us all to find new ways technology can help us reimagine what's possible. It's why, together, we seek out opportunities that will transform the world's leading businesses. And it's how you'll gain the experiences and connections you need to shape your future. By learning from each other every day, sharing knowledge and always pushing yourself to do better, you'll build the skills you want. And you'll use them to help our clients leverage technology to grow their business and give innovation that human touch the world needs. So, it might not always be easy, but making the world a better place rarely is. Capgemini. Get The Future You Want. About Capgemini Capgemini is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided everyday by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of over 340,000 team members in more than 50 countries. With its strong 55-year heritage and deep industry expertise, Capgemini is trusted by its clients to address the entire breadth of their business needs, from strategy and design to operations, fueled by the fast evolving and innovative world of cloud, data, AI, connectivity, software, digital engineering and platforms. The Group reported in 2021 global revenues of €18 billion. Get the Future You Want
Sep 24, 2022
Full time
Location Client Site in Barrow-in-Furness The job on offer Are you passionate about cybersecurity? Are you an excellent communicator with demonstrable experience of security analysts activities within organisations? Would you relish putting these skills into practice by taking on a role within Capgemini to protect our clients from cyber threats? As the Senior Security Analyst, you will be the lead Security Analyst within the a client account IT Security Operations Team. You will be joining a fantastic team of more than 400 UK based security professionals that deliver world-class security services day in and day out. Your role • Manage escalated Security Incidents from a people and process perspective • Identify and prioritise Security Incidents, Security Tickets and Security Service Requests • Bring incidents to successful conclusions with thorough remediation plans • Prioritising and differentiating between potential intrusion activity and false alarms • Conduct vulnerability analysis and create impact assessments • Assess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement • Work closely together with technical architects to produce design specifications according to information security policies, while fulfilling business needs Your profile • A good knowledge of Cyber Security and Information Assurance - an ability to demonstrate understanding of governance, compliance and risk from different perspectives i.e. across people, processes and technology • Someone who is an advocate for security good practice, with the ability to influence others • Hold, or be working towards, ISO27001 Lead Auditor • A working knowledge of ISO27001 required, and desirable to have knowledge of ISO33052, ISO33072 and METSec • Current NPPV3/SC clearance or the ability to be cleared to that level • Have been resident in the United Kingdom for at least five (5) years • Experience in the public sector preferred but not required • Due to the security classification of the work you will be involved in, you must be a UK national and must hold or be eligible to hold a SC security clearance. Why Capgemini is unique We aim to build an environment where employees can enjoy a positive work-life balance. Through our New Normal campaign, we are looking to embed hybrid working in all that we do and make flexible working arrangements the day-to-day reality for our people. All UK employees are eligible to request flexible working arrangements. We work with a range of clients all with a unique set of business, technological and societal ambitions. Working for Capgemini you get to be at the forefront of designing future experiences, which truly impact our clients and wider society for the better. We realise a Total Reward package should be move than just compensation. At Capgemini we offer range of core and flexible benefits and have a Peer Recognition Portal called Applaud Get the future you want Growing clients' businesses while building a more sustainable, more inclusive future is a tough ask. But when you join Capgemini, you join a thriving company and become part of a diverse collective of free-thinkers, entrepreneurs and industry experts. A powerful source of energy that drives us all to find new ways technology can help us reimagine what's possible. It's why, together, we seek out opportunities that will transform the world's leading businesses. And it's how you'll gain the experiences and connections you need to shape your future. By learning from each other every day, sharing knowledge and always pushing yourself to do better, you'll build the skills you want. And you'll use them to help our clients leverage technology to grow their business and give innovation that human touch the world needs. So, it might not always be easy, but making the world a better place rarely is. Capgemini. Get The Future You Want. About Capgemini Capgemini is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided everyday by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of over 340,000 team members in more than 50 countries. With its strong 55-year heritage and deep industry expertise, Capgemini is trusted by its clients to address the entire breadth of their business needs, from strategy and design to operations, fueled by the fast evolving and innovative world of cloud, data, AI, connectivity, software, digital engineering and platforms. The Group reported in 2021 global revenues of €18 billion. Get the Future You Want
Global Data Protection Officer Location: Cambridge, UK / Macclesfield, UK / Gothenburg, SWE Competitive salary and benefits package The Global Data Protection Officer functions at an advanced level of complexity spanning data processing activities across the enterprise. The role reports to the Head of Operations and Innovation for Global Compliance and has a dotted-line into the Deputy Chief Compliance Officer to ensure direct access to both Senior Management and the Audit Committee of the Board of Directors with respect to data privacy matters. The GDPO serves as the Data Protection Officer for AZ in jurisdictions in which a DPO is a central role to privacy governance, including, but not limited to the EU, UK, Brazil, etc. The GDPO will be the central point of contact for data subjects and supervisory authorities. In addition to EU/UK data protection officer responsibilities, this role is also responsible for global horizon scanning and providing advice and oversight based upon strong subject matter expertise and guidance across the elements of an effective compliance program with respect to data privacy. The GDPO works closely with the rest of the Data Privacy Office and broader compliance organisation to enhance privacy risk management and compliance while embedding and fostering a privacy mindset across AZ. Typical Accountabilities Company representative for data subjects and supervisory authorities: Point of contact for supervisory authorities related to AZ data processing activities and data subjects Maintain required licenses, registrations and other local regulatory requirements to enable compliant processing and transfer of personal data within the AZ Group and among AZ partners/vendors (e.g., Binding Corporate Rules) Oversight of responses to subject access requests Consult with members of the Global Privacy Office when required on data protection impact assessments and serve as contact to authorities as required on data protection impact assessments and other privacy impact assessments Reporting of significant and/or serious breaches (whether requiring external notice or otherwise), including advice on remediation measure, related oversight and trend analysis All Deputy Data Privacy Officers will have a dotted-line to the GDPO to ensure he/she is able to effectively communicate with data subjects and cooperate with supervisory authorities as needed Partner with the Global Assurance team within Global Compliance, Internal Audit and independent auditing resources (where necessary) to monitor compliance with applicable data protection and privacy laws and broader data privacy requirements and provide assurance on effectiveness of our global compliance program with respect to data privacy risk Advisor (in consultation with Global Privacy Officer Leadership, legal, outside counsel and local resources as necessary) for members of the Privacy Office and other Global Compliance personnel in their support of the business and evolution of the global privacy program with respect to: Company policy and implementation Data protection impact assessments Ongoing monitoring and enhancing risk assurance capabilities Evolving expectations of supervisory authorities Remediation and continuous improvement activities Unique, novel or high risk business activities or projects as needed As the leader of AZ Privacy Risk and Assurance function, manage horizon scanning for key jurisdictions globally related to regulatory developments, proposed legislations, expectations of supervisory authorities and best practices (in consultation with legal, external counsel and local resources as needed) Collaborating with the members of the Privacy Office, Data Privacy Forums/DDPOs and broader Global Compliance committee, as well as key stakeholders from IT, HR, and the business, to fulfil his/her responsibilities and to foster a global privacy mindset across AZ. Education, Qualifications, Skills and Experience Essential: Legal degree or qualifications with extensive experience in privacy law and/or Data Privacy Programs. In-depth knowledge of GDPR, EU/EEA local data protection legislation, UK Privacy Act and UK GDPR, familiarity with US, China and other local data privacy regulations Significant experience and knowledge of privacy program elements and best practices/tools Substantial experience working in a multi-national and multi-regional organization in a highly regulated sector Familiarity with data processing operations in the Global Bio- pharmaceutical sector Significant experience in pharmaceuticals or a related industry; corporate governance, health care regulations, laws and standards Excellent analytical, written and oral communications skills Strong collaborative, partnering, and interpersonal skills, ability to influence across different levels and sectors of the organisation Strong experience speaking to and working with senior leaders, including Board members and executive team members Demonstrated ability to work independently High ethical standards, trustworthy, operating with absolute discretion Demonstrated ability to remain independent and objective while collaborating effectively with stakeholders Desirable In-depth knowledge of US federal and state privacy regulations and China privacy/cyber-security regulations IAPP certifications (e.g., CIPP/US, CIPT, CIPM) CIPP certification High degree of digital literacy, familiarity with use of AI, machine learning and automation in across different business applications (e.g., marketing, business services and processes, research and drug development activities) Familiarity with computer security frameworks and technologies Experience interacting with regulatory authorities, auditors, inspectors, and other third external assurance stakeholders Why AstraZeneca? At AstraZeneca we're dedicated to being a Great Place to Work. Where you are empowered to push the boundaries of science and unleash your entrepreneurial spirit. There's no better place to make a difference to medicine, patients and society. An inclusive culture that champions diversity and collaboration, and always committed to lifelong learning, growth and development. We're on an exciting journey to pioneer the future of healthcare. So, what's next? Are you already imagining yourself joining our team? Good, because we can't wait to hear from you! Where can I find out more? Our Social Media, Follow AstraZeneca on LinkedIn Follow AstraZeneca on Facebook Follow AstraZeneca on Instagram r Job open date: 09/09/2022 Job closing date: 30/09/2022
Sep 23, 2022
Full time
Global Data Protection Officer Location: Cambridge, UK / Macclesfield, UK / Gothenburg, SWE Competitive salary and benefits package The Global Data Protection Officer functions at an advanced level of complexity spanning data processing activities across the enterprise. The role reports to the Head of Operations and Innovation for Global Compliance and has a dotted-line into the Deputy Chief Compliance Officer to ensure direct access to both Senior Management and the Audit Committee of the Board of Directors with respect to data privacy matters. The GDPO serves as the Data Protection Officer for AZ in jurisdictions in which a DPO is a central role to privacy governance, including, but not limited to the EU, UK, Brazil, etc. The GDPO will be the central point of contact for data subjects and supervisory authorities. In addition to EU/UK data protection officer responsibilities, this role is also responsible for global horizon scanning and providing advice and oversight based upon strong subject matter expertise and guidance across the elements of an effective compliance program with respect to data privacy. The GDPO works closely with the rest of the Data Privacy Office and broader compliance organisation to enhance privacy risk management and compliance while embedding and fostering a privacy mindset across AZ. Typical Accountabilities Company representative for data subjects and supervisory authorities: Point of contact for supervisory authorities related to AZ data processing activities and data subjects Maintain required licenses, registrations and other local regulatory requirements to enable compliant processing and transfer of personal data within the AZ Group and among AZ partners/vendors (e.g., Binding Corporate Rules) Oversight of responses to subject access requests Consult with members of the Global Privacy Office when required on data protection impact assessments and serve as contact to authorities as required on data protection impact assessments and other privacy impact assessments Reporting of significant and/or serious breaches (whether requiring external notice or otherwise), including advice on remediation measure, related oversight and trend analysis All Deputy Data Privacy Officers will have a dotted-line to the GDPO to ensure he/she is able to effectively communicate with data subjects and cooperate with supervisory authorities as needed Partner with the Global Assurance team within Global Compliance, Internal Audit and independent auditing resources (where necessary) to monitor compliance with applicable data protection and privacy laws and broader data privacy requirements and provide assurance on effectiveness of our global compliance program with respect to data privacy risk Advisor (in consultation with Global Privacy Officer Leadership, legal, outside counsel and local resources as necessary) for members of the Privacy Office and other Global Compliance personnel in their support of the business and evolution of the global privacy program with respect to: Company policy and implementation Data protection impact assessments Ongoing monitoring and enhancing risk assurance capabilities Evolving expectations of supervisory authorities Remediation and continuous improvement activities Unique, novel or high risk business activities or projects as needed As the leader of AZ Privacy Risk and Assurance function, manage horizon scanning for key jurisdictions globally related to regulatory developments, proposed legislations, expectations of supervisory authorities and best practices (in consultation with legal, external counsel and local resources as needed) Collaborating with the members of the Privacy Office, Data Privacy Forums/DDPOs and broader Global Compliance committee, as well as key stakeholders from IT, HR, and the business, to fulfil his/her responsibilities and to foster a global privacy mindset across AZ. Education, Qualifications, Skills and Experience Essential: Legal degree or qualifications with extensive experience in privacy law and/or Data Privacy Programs. In-depth knowledge of GDPR, EU/EEA local data protection legislation, UK Privacy Act and UK GDPR, familiarity with US, China and other local data privacy regulations Significant experience and knowledge of privacy program elements and best practices/tools Substantial experience working in a multi-national and multi-regional organization in a highly regulated sector Familiarity with data processing operations in the Global Bio- pharmaceutical sector Significant experience in pharmaceuticals or a related industry; corporate governance, health care regulations, laws and standards Excellent analytical, written and oral communications skills Strong collaborative, partnering, and interpersonal skills, ability to influence across different levels and sectors of the organisation Strong experience speaking to and working with senior leaders, including Board members and executive team members Demonstrated ability to work independently High ethical standards, trustworthy, operating with absolute discretion Demonstrated ability to remain independent and objective while collaborating effectively with stakeholders Desirable In-depth knowledge of US federal and state privacy regulations and China privacy/cyber-security regulations IAPP certifications (e.g., CIPP/US, CIPT, CIPM) CIPP certification High degree of digital literacy, familiarity with use of AI, machine learning and automation in across different business applications (e.g., marketing, business services and processes, research and drug development activities) Familiarity with computer security frameworks and technologies Experience interacting with regulatory authorities, auditors, inspectors, and other third external assurance stakeholders Why AstraZeneca? At AstraZeneca we're dedicated to being a Great Place to Work. Where you are empowered to push the boundaries of science and unleash your entrepreneurial spirit. There's no better place to make a difference to medicine, patients and society. An inclusive culture that champions diversity and collaboration, and always committed to lifelong learning, growth and development. We're on an exciting journey to pioneer the future of healthcare. So, what's next? Are you already imagining yourself joining our team? Good, because we can't wait to hear from you! Where can I find out more? Our Social Media, Follow AstraZeneca on LinkedIn Follow AstraZeneca on Facebook Follow AstraZeneca on Instagram r Job open date: 09/09/2022 Job closing date: 30/09/2022
Are you an experience Cyber security professional looking for a new opportunity? The Corporate Security team is growing as Sopra Steria grows and this new role has been created in recognition of the pivotal role effective InfoSec risk management has in prioritising Cyber Security activities and the associated threat mitigations Working with the UK CISO, this is an exciting opportunity for an enthusiastic and motivated individual who is eager to improve Cyber security in a large matrix organisation using infosec risk management best practises in order to improve the visibility of infosec risk, identifying risk owners, helping them accurately assess their appetite for risk, resulting in pragmatic, proportionate and practical security decisions being made. We can offer great career progression opportunities, ability to be based anywhere across the UK, benefits which you can flex to meet your needs and training and development opportunities. You will be technically astute and must also be willing to generalise outside of your key responsibilities to help the small but growing team in a variety of crucial security subject areas, including incident management, personnel vetting, insider threat and policy and governance. What you'll be doing: Implement and maintain a consistently applied information security risk management framework (RMF) that helps communicate the risk position to senior stakeholders, working closely with our business Sectors to ensure its full deployment Collaborate with each business Sector to make sure that the RMF is effectively deployed to give visibility to risks and associated appetite, mitigations and mitigation efficiency Educate the business on effective information risk management and the internal and regulatory obligations they have Provide to the Sectors, the UK CISO and other stakeholders regular reporting on the risk position Integrate the activity with our overall Enterprise Risk framework, ensuring infosec risk is optimally communicated into the audit and risk committee Secondary Responsibilities: Assess performance against UK and Group policy and the Sopra Steria Delivery Rule Book Collaborate with our enterprise audit team to provide evidence of mandated activities in our ISO27001 ISMS Assist the UK CISO drive security standards and approaches throughout the businesses Sectors and Joint Ventures, as well as areas where the UK holds business responsibility Review the company's position against current and emerging guidance from the UK's National Cyber Security Centre in relation to Cyber / Information Risk Assist in the management of major security incidents Deputise for the UK CISO as and when needed Work closely with Sopra Steria colleagues in France, Norway, Singapore, India and other key locations, establishing relationships with contacts in each company entity Work with UK Communications and others to ensure the deployment of effective and measurable security culture / behavioural change of Cyber security for all UK employees Review, develop and maintain UK Security policy, guidelines and processes to ensure they accurately reflect and support efficient processes What you'll bring: Prior role in Information Security Risk management OR Supply Chain Security with a willingness to adapt to a multi-disciplined role Previous roles held in operational IT Experience with externally recognised information security risk management framework, such as COBIT, ISO27005, or the NIST RMF Experience in leading or working within an ISO27001 ISMS framework Attained one or more information security qualification and/or certifications (E.g., ISO27001 Lead Auditor) Experience working with Governmental departments, Regulatory authorities or within a regulated industry Strong collaborator and communicator at all levels It would be great if you had: Fluent in French Holding the CISSP certification Prior work in a Security Operations Centre and/or Cyber Defensive role Has led, or been closely involved in the response and mitigation efforts of at least one major cyber security incident If you are interested in this role but not sure if your skills and experience are exactly what we're looking for, please do apply, we'd love to hear from you! Employment Type: Full-time Location: Hemel Hempstead (Once a week negotiable and London Once a month) Security Clearance Level: SC Internal Recruiter: Marion Salary: Up to £50,000 Benefits: £5,400 car allowance, 25 days annual leave with the option to buy additional days, private medical, life assurance, pension, and generous flexible benefits fund Although this role is advertised as full-time, we support many ways of working and can offer a range of flexible working arrangements. So, if you're interested and need to work flexibly, we encourage you to apply and talk to us about what might be possible. Loved reading about this job and want to know more about us? We are a purpose driven digital transformation provider, creating innovative digital solutions to help clients drive their digital transformation projects and secure tangible and sustainable benefits. We harness the power of innovation to drive positive change in both business and society, delivering sustainable growth and services which make life better, from effective frontline citizen services, to digitising financial services, utilities, and delivering smarter roads. We place people at the heart of everything we do and are committed to working with our customers, partners and suppliers to shape a better world and add real and lasting social value to the communities in which we work. Together we are building a better future by delivering real and lasting value. We are just at the start of what we can achieve together. Come and join us! We embrace difference as a source of creativity, innovation and competitive advantage and are striving to become a more diverse organisation. We welcome applications from people with a diverse variety of backgrounds and identities. We are committed to equality of opportunity for all and do not discriminate on the basis of race, religion, colour, gender, age, disability, sexual orientation or marital status. We have partnered with Vercida , the UK's largest diversity and inclusion focused careers site, where all our vacancies are available in an accessible format. If you require any adjustments to the recruitment process, to enable you to perform to the best of your ability, please let us know when completing your application. We participate in the Disability Confident scheme and are committed to offering an interview to any candidate with a disability, who meets the minimum criteria for the role. If you believe this could apply to you, please let us know when completing your application.
Sep 22, 2022
Full time
Are you an experience Cyber security professional looking for a new opportunity? The Corporate Security team is growing as Sopra Steria grows and this new role has been created in recognition of the pivotal role effective InfoSec risk management has in prioritising Cyber Security activities and the associated threat mitigations Working with the UK CISO, this is an exciting opportunity for an enthusiastic and motivated individual who is eager to improve Cyber security in a large matrix organisation using infosec risk management best practises in order to improve the visibility of infosec risk, identifying risk owners, helping them accurately assess their appetite for risk, resulting in pragmatic, proportionate and practical security decisions being made. We can offer great career progression opportunities, ability to be based anywhere across the UK, benefits which you can flex to meet your needs and training and development opportunities. You will be technically astute and must also be willing to generalise outside of your key responsibilities to help the small but growing team in a variety of crucial security subject areas, including incident management, personnel vetting, insider threat and policy and governance. What you'll be doing: Implement and maintain a consistently applied information security risk management framework (RMF) that helps communicate the risk position to senior stakeholders, working closely with our business Sectors to ensure its full deployment Collaborate with each business Sector to make sure that the RMF is effectively deployed to give visibility to risks and associated appetite, mitigations and mitigation efficiency Educate the business on effective information risk management and the internal and regulatory obligations they have Provide to the Sectors, the UK CISO and other stakeholders regular reporting on the risk position Integrate the activity with our overall Enterprise Risk framework, ensuring infosec risk is optimally communicated into the audit and risk committee Secondary Responsibilities: Assess performance against UK and Group policy and the Sopra Steria Delivery Rule Book Collaborate with our enterprise audit team to provide evidence of mandated activities in our ISO27001 ISMS Assist the UK CISO drive security standards and approaches throughout the businesses Sectors and Joint Ventures, as well as areas where the UK holds business responsibility Review the company's position against current and emerging guidance from the UK's National Cyber Security Centre in relation to Cyber / Information Risk Assist in the management of major security incidents Deputise for the UK CISO as and when needed Work closely with Sopra Steria colleagues in France, Norway, Singapore, India and other key locations, establishing relationships with contacts in each company entity Work with UK Communications and others to ensure the deployment of effective and measurable security culture / behavioural change of Cyber security for all UK employees Review, develop and maintain UK Security policy, guidelines and processes to ensure they accurately reflect and support efficient processes What you'll bring: Prior role in Information Security Risk management OR Supply Chain Security with a willingness to adapt to a multi-disciplined role Previous roles held in operational IT Experience with externally recognised information security risk management framework, such as COBIT, ISO27005, or the NIST RMF Experience in leading or working within an ISO27001 ISMS framework Attained one or more information security qualification and/or certifications (E.g., ISO27001 Lead Auditor) Experience working with Governmental departments, Regulatory authorities or within a regulated industry Strong collaborator and communicator at all levels It would be great if you had: Fluent in French Holding the CISSP certification Prior work in a Security Operations Centre and/or Cyber Defensive role Has led, or been closely involved in the response and mitigation efforts of at least one major cyber security incident If you are interested in this role but not sure if your skills and experience are exactly what we're looking for, please do apply, we'd love to hear from you! Employment Type: Full-time Location: Hemel Hempstead (Once a week negotiable and London Once a month) Security Clearance Level: SC Internal Recruiter: Marion Salary: Up to £50,000 Benefits: £5,400 car allowance, 25 days annual leave with the option to buy additional days, private medical, life assurance, pension, and generous flexible benefits fund Although this role is advertised as full-time, we support many ways of working and can offer a range of flexible working arrangements. So, if you're interested and need to work flexibly, we encourage you to apply and talk to us about what might be possible. Loved reading about this job and want to know more about us? We are a purpose driven digital transformation provider, creating innovative digital solutions to help clients drive their digital transformation projects and secure tangible and sustainable benefits. We harness the power of innovation to drive positive change in both business and society, delivering sustainable growth and services which make life better, from effective frontline citizen services, to digitising financial services, utilities, and delivering smarter roads. We place people at the heart of everything we do and are committed to working with our customers, partners and suppliers to shape a better world and add real and lasting social value to the communities in which we work. Together we are building a better future by delivering real and lasting value. We are just at the start of what we can achieve together. Come and join us! We embrace difference as a source of creativity, innovation and competitive advantage and are striving to become a more diverse organisation. We welcome applications from people with a diverse variety of backgrounds and identities. We are committed to equality of opportunity for all and do not discriminate on the basis of race, religion, colour, gender, age, disability, sexual orientation or marital status. We have partnered with Vercida , the UK's largest diversity and inclusion focused careers site, where all our vacancies are available in an accessible format. If you require any adjustments to the recruitment process, to enable you to perform to the best of your ability, please let us know when completing your application. We participate in the Disability Confident scheme and are committed to offering an interview to any candidate with a disability, who meets the minimum criteria for the role. If you believe this could apply to you, please let us know when completing your application.
Senior Information Security Analyst (ISO27001/GRC) The successful candidate will report to the Information Security Manager and will work with the business and the wider information security team to ensure the appropriate controls, policies and procedures are in place to protect the information of the organisation in-line with internal information security principles (ie ISO27001 and CE+) as well as regulatory legislation. Responsibilities: - Develop and implement information security policies, standards and documentation ensuring compliance with all applicable legal or regulatory legislation - Work as an Information Security Auditor to define, maintain and implement an audit framework and schedule in compliance with security polices and standards - Maintain certification to ISO27001 and Cyber Essentials Plus against a backdrop of evolving regulations, technology and processes - Maintain the cyber incident management process and develop the appropriate document repositories, policy documents, operational schedules and processes Required Skills/Experience: - Experience of operating in a similar role within the framework of and adhering to requirements of ISO27001 and Cyber Essentials Plus or similar standards - Experience in preparing documentation and guidance for others - Experience of aligning technology solutions with best practice and IT security policies and guidelines - Experience in related supplier management, with vendors and resellers - Knowledge of Azure, encryption key management and cloud-based services such as M365 Senior Information Security Analyst (ISO27001/GRC) In accordance with the Employment Agencies and Employment Businesses Regulations 2003, this position is advertised based upon DGH Recruitment Limited having first sought approval of its client to find candidates for this position. DGH Recruitment Limited acts as both an Employment Agency and Employment Business
Feb 03, 2022
Full time
Senior Information Security Analyst (ISO27001/GRC) The successful candidate will report to the Information Security Manager and will work with the business and the wider information security team to ensure the appropriate controls, policies and procedures are in place to protect the information of the organisation in-line with internal information security principles (ie ISO27001 and CE+) as well as regulatory legislation. Responsibilities: - Develop and implement information security policies, standards and documentation ensuring compliance with all applicable legal or regulatory legislation - Work as an Information Security Auditor to define, maintain and implement an audit framework and schedule in compliance with security polices and standards - Maintain certification to ISO27001 and Cyber Essentials Plus against a backdrop of evolving regulations, technology and processes - Maintain the cyber incident management process and develop the appropriate document repositories, policy documents, operational schedules and processes Required Skills/Experience: - Experience of operating in a similar role within the framework of and adhering to requirements of ISO27001 and Cyber Essentials Plus or similar standards - Experience in preparing documentation and guidance for others - Experience of aligning technology solutions with best practice and IT security policies and guidelines - Experience in related supplier management, with vendors and resellers - Knowledge of Azure, encryption key management and cloud-based services such as M365 Senior Information Security Analyst (ISO27001/GRC) In accordance with the Employment Agencies and Employment Businesses Regulations 2003, this position is advertised based upon DGH Recruitment Limited having first sought approval of its client to find candidates for this position. DGH Recruitment Limited acts as both an Employment Agency and Employment Business
Start your Jacobs career with a company that inspires and empowers you to deliver your best work so you can evolve, grow, and succeed - today and into tomorrow. Our Energy, Security and Technology business are invested in you and your success. Everything we do - whether Aerospace, Defence, Intelligence, Information Technology, Cybersecurity, Nuclear, Automotive, or Telecommunications - is more than just a project. It is our challenge as human beings, too. That is why we bring a thoughtful and collaborative approach to every one of our partnerships. It is our promise to challenge the status quo as we redefine how to solve the world's greatest challenges and transform big ideas into intelligent solutions for a more connected, sustainable world. Work life balance and flexibility is a key business strategy focus for Jacobs therefore we are considering flexible working hours, patterns, and locations to suit you and our business requirements. About the opportunity: The role of the IMS Engineer is to plan and facilitate external certification audits performed by HPCs appointed 3rd Party Certification Body. The IMS Engineer is the primary contact for the certification body for the HPC certification programme. The IMS Engineer supports the IMS & Audit Manager in maintaining the HPC integrated management system (IMS), ensuring that IMS complies with Regulations, International Standards and internal policies in the areas of Nuclear Safety, Quality, Environment, Health and Safety and Security. The IMS Engineer undertakes assigned internal management system audits and supports the IMS & Audit Manager in maintaining the IMS in the area of management review. Principal Accountabilities The post holder is accountable to the IMS & Audit Manager and does not have any direct nuclear safety responsibilities which could have a significant impact on nuclear safety. Responsibilities include: Liaise with the appointed 3rd party certification body and be the primary contact for HPC; Develop the certification audit plans through consultation with internal stakeholders; Facilitate and expedite the closure of certification audit findings; Act as the audit guide for certification body auditors; Manage and prepare 'Management Review' paper for the annual Project Management Review meeting. Monitor and report on action close out; Develop and facilitate external certification audits and follow-up and report on the implementation of the audit findings raised; Liaise with relevant heads of function to ensure certification requirements are addressed and implemented; Monitor and report progress findings from EDF Energy audits and EDF SA audits; Participate in the Management Systems Governance Group (MSGG) Meetings; Provide IMS guidance and support across the HPC organisation; Participate in internal management systems audits as required; Maintaining the Quality Execution Plan (QEP) in line with evolutions of the IMS; Produce compliance reports and trend analysis on QEP deployment; Promote a nuclear safety culture in all activities and responsibilities undertaken Here's What You'll Need : Essential Experience of Quality, Health & Safety, Environmental or Security auditing; Experience in the application of ISO9001, ISO14001, ISO45001 & ISO27001 standards in an engineering or industrial context; Knowledge of certification auditing and working with certification providers; Understanding and practical experience of quality arrangements required in UK regulated environment; Self-starter with strong organisational skills; Excellent presentation, communication and IT skills; Desirable ONC/HNC or Degree in an appropriate subject or equivalent. Large-scale infrastructure project experience; Previous experience within a nuclear / highly regulated industry will be highly valued; Experience of working within an audit capacity; Lead Auditor qualification. Why Jacobs? We clear the way for inventive thinking so you have the support, means and space to deliver the boldest solutions for the extraordinary and every day. Jacobs. A world where you can. Our Culture: We're invested in you and your success. Our values stand on a foundation of safety, integrity, inclusion and diversity. We put people at the heart of our business and we truly believe that by supporting one another through our culture of caring, we all succeed. We value positive mental health and a sense of belonging for all employees. We aim to make inclusion and diversity core attributes of our identity, embedded in all our employment and business practices in all locations. We know that if we are inclusive, we're more connected, and if we are diverse, we're more creative. Jacobs partners with VERCIDA to help us attract and retain diverse talent. For greater online accessibility please visit to view and access our roles. As a Disability Confident employer, we will interview all disabled applicants who meet the minimum criteria for a vacancy. We welcome applications from candidates who are seeking flexible working and from those who may not meet all the listed requirements for a role. If you have any queries regarding the application process, please contact Successful candidates will be asked to complete a Baseline Personnel Security Standard Pre-Employment check and will be required to undergo various checks including: Identity, Right to Work; Employment/Education History and Criminal Record. If you are unable to meet this and any associated criteria, then your employment may be delayed or rejected.
Feb 01, 2022
Full time
Start your Jacobs career with a company that inspires and empowers you to deliver your best work so you can evolve, grow, and succeed - today and into tomorrow. Our Energy, Security and Technology business are invested in you and your success. Everything we do - whether Aerospace, Defence, Intelligence, Information Technology, Cybersecurity, Nuclear, Automotive, or Telecommunications - is more than just a project. It is our challenge as human beings, too. That is why we bring a thoughtful and collaborative approach to every one of our partnerships. It is our promise to challenge the status quo as we redefine how to solve the world's greatest challenges and transform big ideas into intelligent solutions for a more connected, sustainable world. Work life balance and flexibility is a key business strategy focus for Jacobs therefore we are considering flexible working hours, patterns, and locations to suit you and our business requirements. About the opportunity: The role of the IMS Engineer is to plan and facilitate external certification audits performed by HPCs appointed 3rd Party Certification Body. The IMS Engineer is the primary contact for the certification body for the HPC certification programme. The IMS Engineer supports the IMS & Audit Manager in maintaining the HPC integrated management system (IMS), ensuring that IMS complies with Regulations, International Standards and internal policies in the areas of Nuclear Safety, Quality, Environment, Health and Safety and Security. The IMS Engineer undertakes assigned internal management system audits and supports the IMS & Audit Manager in maintaining the IMS in the area of management review. Principal Accountabilities The post holder is accountable to the IMS & Audit Manager and does not have any direct nuclear safety responsibilities which could have a significant impact on nuclear safety. Responsibilities include: Liaise with the appointed 3rd party certification body and be the primary contact for HPC; Develop the certification audit plans through consultation with internal stakeholders; Facilitate and expedite the closure of certification audit findings; Act as the audit guide for certification body auditors; Manage and prepare 'Management Review' paper for the annual Project Management Review meeting. Monitor and report on action close out; Develop and facilitate external certification audits and follow-up and report on the implementation of the audit findings raised; Liaise with relevant heads of function to ensure certification requirements are addressed and implemented; Monitor and report progress findings from EDF Energy audits and EDF SA audits; Participate in the Management Systems Governance Group (MSGG) Meetings; Provide IMS guidance and support across the HPC organisation; Participate in internal management systems audits as required; Maintaining the Quality Execution Plan (QEP) in line with evolutions of the IMS; Produce compliance reports and trend analysis on QEP deployment; Promote a nuclear safety culture in all activities and responsibilities undertaken Here's What You'll Need : Essential Experience of Quality, Health & Safety, Environmental or Security auditing; Experience in the application of ISO9001, ISO14001, ISO45001 & ISO27001 standards in an engineering or industrial context; Knowledge of certification auditing and working with certification providers; Understanding and practical experience of quality arrangements required in UK regulated environment; Self-starter with strong organisational skills; Excellent presentation, communication and IT skills; Desirable ONC/HNC or Degree in an appropriate subject or equivalent. Large-scale infrastructure project experience; Previous experience within a nuclear / highly regulated industry will be highly valued; Experience of working within an audit capacity; Lead Auditor qualification. Why Jacobs? We clear the way for inventive thinking so you have the support, means and space to deliver the boldest solutions for the extraordinary and every day. Jacobs. A world where you can. Our Culture: We're invested in you and your success. Our values stand on a foundation of safety, integrity, inclusion and diversity. We put people at the heart of our business and we truly believe that by supporting one another through our culture of caring, we all succeed. We value positive mental health and a sense of belonging for all employees. We aim to make inclusion and diversity core attributes of our identity, embedded in all our employment and business practices in all locations. We know that if we are inclusive, we're more connected, and if we are diverse, we're more creative. Jacobs partners with VERCIDA to help us attract and retain diverse talent. For greater online accessibility please visit to view and access our roles. As a Disability Confident employer, we will interview all disabled applicants who meet the minimum criteria for a vacancy. We welcome applications from candidates who are seeking flexible working and from those who may not meet all the listed requirements for a role. If you have any queries regarding the application process, please contact Successful candidates will be asked to complete a Baseline Personnel Security Standard Pre-Employment check and will be required to undergo various checks including: Identity, Right to Work; Employment/Education History and Criminal Record. If you are unable to meet this and any associated criteria, then your employment may be delayed or rejected.
My client, a Top Tier International firm, is recruiting for a Security Analyst to join their firm in Finsbury, London. This role will report to the IT Security Manager. This role will work with the business and the wider information security team to ensure the appropriate controls, policies and procedures are in place to protect the information of the firm in-line with internal information security principles (i.e. ISO27001 and CE+) as well as regulatory legislation. Duties • Deputise for the IT Security Manager as required; • In conjunction with the Information Security Manager, develop and implement information security policies, standards and documentation ensuring compliance with all applicable legal or regulatory legislation; • Work as an Information Security Auditor to define, maintain and implement an audit framework and schedule in compliance with Stephenson Harwood's security polices and standards; • Maintain certification to ISO27001 and Cyber Essentials Plus against a backdrop of a growing firm and evolving regulations, technology and processes; • Maintain the cyber incident management process and develop the appropriate document repositories, policy documents, operational schedules and processes; • Ensure published policies are regularly reviewed and amended appropriately; • Be actively involved in in firm-wide projects and liaison with third party suppliers to ensure that IT and information security principles are adhered to, from inception to retirement; • Complete client data requests and reporting relating to IT, information and cyber security; • Drive and support an exceptions and waivers process ensuring exceptions are appropriately reviewed and action taken where relevant; • Promote the firm's security policy, to ensure appropriate measures are taken to secure the firm's information and minimising security incidents; • Drive and manage processes for reporting KPI's and other metrics in relation to risk, threats, vulnerabilities, compliance and performance; • Conduct post-incident investigations and provide advice to address issues and/or amend procedures to enhance the Firm's information security protection; • Assist with all security certifications to ensure compliance to applicable standards and regulations; • Assist with the management and chairing of governance groups including the documentation and completion of actions; • Maintain and manage the information security risk register, in conjunction with Risk and Compliance. Attributes/Skills Required • Solid experience in a legal or other professional services firm is preferred - ideally a partnership structure; • Knowledge of Azure, encryption key management and cloud-based services such as M365 is essential; • Experience of operating in a similar role within the framework of and adhering to requirements of ISO27001 and Cyber Essentials Plus or similar standards; • Experience in preparing documentation and guidance for others is essential; • Experience in related supplier management, with vendors and resellers; • Experience of aligning technology solutions with best practice and IT security policies and guidelines Should you have any questions or wish to apply please do not hesitate to contact Clear Legal and Financial Recruitment. Please Note: Due to the number of applications we receive we may be unable to respond to every application directly. If you have not heard from us within 3 working days, please assume your application has been unsuccessful.
Jan 09, 2022
Full time
My client, a Top Tier International firm, is recruiting for a Security Analyst to join their firm in Finsbury, London. This role will report to the IT Security Manager. This role will work with the business and the wider information security team to ensure the appropriate controls, policies and procedures are in place to protect the information of the firm in-line with internal information security principles (i.e. ISO27001 and CE+) as well as regulatory legislation. Duties • Deputise for the IT Security Manager as required; • In conjunction with the Information Security Manager, develop and implement information security policies, standards and documentation ensuring compliance with all applicable legal or regulatory legislation; • Work as an Information Security Auditor to define, maintain and implement an audit framework and schedule in compliance with Stephenson Harwood's security polices and standards; • Maintain certification to ISO27001 and Cyber Essentials Plus against a backdrop of a growing firm and evolving regulations, technology and processes; • Maintain the cyber incident management process and develop the appropriate document repositories, policy documents, operational schedules and processes; • Ensure published policies are regularly reviewed and amended appropriately; • Be actively involved in in firm-wide projects and liaison with third party suppliers to ensure that IT and information security principles are adhered to, from inception to retirement; • Complete client data requests and reporting relating to IT, information and cyber security; • Drive and support an exceptions and waivers process ensuring exceptions are appropriately reviewed and action taken where relevant; • Promote the firm's security policy, to ensure appropriate measures are taken to secure the firm's information and minimising security incidents; • Drive and manage processes for reporting KPI's and other metrics in relation to risk, threats, vulnerabilities, compliance and performance; • Conduct post-incident investigations and provide advice to address issues and/or amend procedures to enhance the Firm's information security protection; • Assist with all security certifications to ensure compliance to applicable standards and regulations; • Assist with the management and chairing of governance groups including the documentation and completion of actions; • Maintain and manage the information security risk register, in conjunction with Risk and Compliance. Attributes/Skills Required • Solid experience in a legal or other professional services firm is preferred - ideally a partnership structure; • Knowledge of Azure, encryption key management and cloud-based services such as M365 is essential; • Experience of operating in a similar role within the framework of and adhering to requirements of ISO27001 and Cyber Essentials Plus or similar standards; • Experience in preparing documentation and guidance for others is essential; • Experience in related supplier management, with vendors and resellers; • Experience of aligning technology solutions with best practice and IT security policies and guidelines Should you have any questions or wish to apply please do not hesitate to contact Clear Legal and Financial Recruitment. Please Note: Due to the number of applications we receive we may be unable to respond to every application directly. If you have not heard from us within 3 working days, please assume your application has been unsuccessful.
To manage IT and Information Security operations and security compliance for the four operating companies in the business. To assess and manage the information security environment of the business and serve as a communication liaison between the information security team, staff and other Group managers in the business as well as external IT/Security providers. Responsibilities • Management and Team Liaison • ISMS Manager for company ISO27001 certification • Annual Pre-Audit Responsibilities • Group Information Security Manager • Manager of IT roadmap planning, projects and implementation • Procurement/Client compliance • Training and awareness • Security trends Reports to: COO but has a close working relationship with the Head of Compliance Experience Required • ISO 27001 maintenance / implementation experience. • A good understanding of IT / Computer Systems / Cloud / Networks / Windows AD environments (previous work experience in IT preferred). o An interest in and knowledge of cyber security • Experience working in a similar role or working internally to manage/develop internal information security frameworks • Line management skills - experience of managing/coaching/developing staff Desired • Educated to degree level or equivalent (IT / Cyber Security related preferred) o Knowledge of the legal and statutory obligations for SMEs regarding information security • Relevant certification such as ISO Lead Auditor, CISM, CISSP
Nov 04, 2021
Full time
To manage IT and Information Security operations and security compliance for the four operating companies in the business. To assess and manage the information security environment of the business and serve as a communication liaison between the information security team, staff and other Group managers in the business as well as external IT/Security providers. Responsibilities • Management and Team Liaison • ISMS Manager for company ISO27001 certification • Annual Pre-Audit Responsibilities • Group Information Security Manager • Manager of IT roadmap planning, projects and implementation • Procurement/Client compliance • Training and awareness • Security trends Reports to: COO but has a close working relationship with the Head of Compliance Experience Required • ISO 27001 maintenance / implementation experience. • A good understanding of IT / Computer Systems / Cloud / Networks / Windows AD environments (previous work experience in IT preferred). o An interest in and knowledge of cyber security • Experience working in a similar role or working internally to manage/develop internal information security frameworks • Line management skills - experience of managing/coaching/developing staff Desired • Educated to degree level or equivalent (IT / Cyber Security related preferred) o Knowledge of the legal and statutory obligations for SMEs regarding information security • Relevant certification such as ISO Lead Auditor, CISM, CISSP
SAP Security Analyst Salary- circa £45,000 depending upon skills and experience? Location: Lincoln / Huntingdon Permanent - full time (37 hours per week) Anglian water uses SAP as its core central ERP system. It holds critical data relating to finance, assets, customers and business processes. It is the heart of our IT business landscape and underpins the business operations. Protecting this data from fraud, cyber-attack and misuse is a top priority for the business. The availability and integrity of information is vital to our water operations, as well as our customer and support services.? What will you be doing?? The purpose of this role is to ensure that the risk of fraud and misuse of data held in SAP is minimised and is managed appropriately through the design, build and provisioning of appropriate access that fully meets the needs of our customers. You will work with outsourced IT specialists, project teams and AW business managers to?analyse & understand the risks associated?with their area of the business then design and develop SAP Security authorisation concepts based on SAP best practice and business policies. Review project/change documents. Analyse & understand the risks associated with application security exposures and provide solutions to eliminate or reduce these exposures.?Ensure projects deliver solutions that will fit into the business-as-usual process without adding more risk? Liaise with?internal/external?auditors?to provide necessary information during audits.? This role would also be expected to work on the continuous improvement of SAP security support processes. Key responsibilities include:? Perform a review all access requests to identify risks and feed back to the training team scheduler or requestors when these requests will give users risks that are not currently controlled Ensure correct approvals are provided before access is provisioned and ensure these are kept as evidence for internal and external auditors on the User Provisioning Process. Provide expert advice to SAP training team, business managers and projects around SAP Security user provisioning processes to ensure that security risks are reduced. Provisioning SAP access for business users after completion of training Provide least risk access to our 3rd party partners to ensure risks are kept to a minimum, working with them to provide the correct access for projects and system refreshes etc Administrator for all the SAP systems in Anglian Water's landscape, ensuring that the correct access is provided according to the system and the data contained in each Responsible for the CUA (Central User Administrator) system, this system enables efficient account creation and password resets to all the connected SAP systems . What do you need? Experience in a similar role is preferred Experience of ECC 6, SAP Gateway, Fiori, S4 Hana, Portals, CUA, GRC SAP ADM900 - SAP System Security Fundamentals SAP ADM920 - SAP Identity Management SAP ADM940 - AS ABAP - Authorisation Concept SAPEPE - Fundamentals' (Portal) WCHGRC Overview SAP GRC Ideally would have experience of the following technology:? Service Now?or other on-line service desk systems? Microsoft applications?Excel, Word?or?Access databases? With the above experience in line with our Company Behaviours, we'll need you to 'Build Trust' with those you will work with, 'Do the Right Thing'. What benefits do we offer?? Being a successful water company doesn't come easy! Our people are important to us and we want to make sure that we reward and recognise?all of?the great work that they do. Some of our benefits include:? Bonus scheme? Private health care? Competitive pension scheme? 26 days annual leave rising with length of service? Flexible benefits to support your wellbeing? Flexible working (dependent on your role)? Plus?lots more!? We are passionate and committed to the learning and development of our people making sure they have the right skills and knowledge to be successful and to help achieve their potential. We also take Health and Safety very seriously in everything that we do.? If you are offered a job with us, you'll be subject to the relevant/standard employment checks, including: your right to work in the UK, reference, driving licence and identity check. Depending on your role, you may also be subject to further pre-employment checks.? Working Location The challenges of the pandemic have allowed us to accelerate our AMP7 plans to adopt a more agile workforce. We recognise that work has become a thing we do, rather than a place we go so we're open to remote working as part of the team so don't feel this is a barrier to applying. That said, we'd like you to be comfortable in travelling into our main campus sites at either Lincoln or Huntingdon on occasion.? Closing date: 27/10/2021
Nov 04, 2021
Full time
SAP Security Analyst Salary- circa £45,000 depending upon skills and experience? Location: Lincoln / Huntingdon Permanent - full time (37 hours per week) Anglian water uses SAP as its core central ERP system. It holds critical data relating to finance, assets, customers and business processes. It is the heart of our IT business landscape and underpins the business operations. Protecting this data from fraud, cyber-attack and misuse is a top priority for the business. The availability and integrity of information is vital to our water operations, as well as our customer and support services.? What will you be doing?? The purpose of this role is to ensure that the risk of fraud and misuse of data held in SAP is minimised and is managed appropriately through the design, build and provisioning of appropriate access that fully meets the needs of our customers. You will work with outsourced IT specialists, project teams and AW business managers to?analyse & understand the risks associated?with their area of the business then design and develop SAP Security authorisation concepts based on SAP best practice and business policies. Review project/change documents. Analyse & understand the risks associated with application security exposures and provide solutions to eliminate or reduce these exposures.?Ensure projects deliver solutions that will fit into the business-as-usual process without adding more risk? Liaise with?internal/external?auditors?to provide necessary information during audits.? This role would also be expected to work on the continuous improvement of SAP security support processes. Key responsibilities include:? Perform a review all access requests to identify risks and feed back to the training team scheduler or requestors when these requests will give users risks that are not currently controlled Ensure correct approvals are provided before access is provisioned and ensure these are kept as evidence for internal and external auditors on the User Provisioning Process. Provide expert advice to SAP training team, business managers and projects around SAP Security user provisioning processes to ensure that security risks are reduced. Provisioning SAP access for business users after completion of training Provide least risk access to our 3rd party partners to ensure risks are kept to a minimum, working with them to provide the correct access for projects and system refreshes etc Administrator for all the SAP systems in Anglian Water's landscape, ensuring that the correct access is provided according to the system and the data contained in each Responsible for the CUA (Central User Administrator) system, this system enables efficient account creation and password resets to all the connected SAP systems . What do you need? Experience in a similar role is preferred Experience of ECC 6, SAP Gateway, Fiori, S4 Hana, Portals, CUA, GRC SAP ADM900 - SAP System Security Fundamentals SAP ADM920 - SAP Identity Management SAP ADM940 - AS ABAP - Authorisation Concept SAPEPE - Fundamentals' (Portal) WCHGRC Overview SAP GRC Ideally would have experience of the following technology:? Service Now?or other on-line service desk systems? Microsoft applications?Excel, Word?or?Access databases? With the above experience in line with our Company Behaviours, we'll need you to 'Build Trust' with those you will work with, 'Do the Right Thing'. What benefits do we offer?? Being a successful water company doesn't come easy! Our people are important to us and we want to make sure that we reward and recognise?all of?the great work that they do. Some of our benefits include:? Bonus scheme? Private health care? Competitive pension scheme? 26 days annual leave rising with length of service? Flexible benefits to support your wellbeing? Flexible working (dependent on your role)? Plus?lots more!? We are passionate and committed to the learning and development of our people making sure they have the right skills and knowledge to be successful and to help achieve their potential. We also take Health and Safety very seriously in everything that we do.? If you are offered a job with us, you'll be subject to the relevant/standard employment checks, including: your right to work in the UK, reference, driving licence and identity check. Depending on your role, you may also be subject to further pre-employment checks.? Working Location The challenges of the pandemic have allowed us to accelerate our AMP7 plans to adopt a more agile workforce. We recognise that work has become a thing we do, rather than a place we go so we're open to remote working as part of the team so don't feel this is a barrier to applying. That said, we'd like you to be comfortable in travelling into our main campus sites at either Lincoln or Huntingdon on occasion.? Closing date: 27/10/2021
To manage IT and Information Security operations and security compliance for the four operating companies in the business. To assess and manage the information security environment of the business and serve as a communication liaison between the information security team, staff and other Group managers in the business as well as external IT/Security providers. Responsibilities • Management and Team Liaison • ISMS Manager for company ISO27001 certification • Annual Pre-Audit Responsibilities • Group Information Security Manager • Manager of IT roadmap planning, projects and implementation • Procurement/Client compliance • Training and awareness • Security trends Reports to: COO but has a close working relationship with the Head of Compliance Experience Required • ISO 27001 maintenance / implementation experience. • A good understanding of IT / Computer Systems / Cloud / Networks / Windows AD environments (previous work experience in IT preferred). o An interest in and knowledge of cyber security • Experience working in a similar role or working internally to manage/develop internal information security frameworks • Line management skills - experience of managing/coaching/developing staff Desired • Educated to degree level or equivalent (IT / Cyber Security related preferred) o Knowledge of the legal and statutory obligations for SMEs regarding information security • Relevant certification such as ISO Lead Auditor, CISM, CISSP
Oct 07, 2021
Full time
To manage IT and Information Security operations and security compliance for the four operating companies in the business. To assess and manage the information security environment of the business and serve as a communication liaison between the information security team, staff and other Group managers in the business as well as external IT/Security providers. Responsibilities • Management and Team Liaison • ISMS Manager for company ISO27001 certification • Annual Pre-Audit Responsibilities • Group Information Security Manager • Manager of IT roadmap planning, projects and implementation • Procurement/Client compliance • Training and awareness • Security trends Reports to: COO but has a close working relationship with the Head of Compliance Experience Required • ISO 27001 maintenance / implementation experience. • A good understanding of IT / Computer Systems / Cloud / Networks / Windows AD environments (previous work experience in IT preferred). o An interest in and knowledge of cyber security • Experience working in a similar role or working internally to manage/develop internal information security frameworks • Line management skills - experience of managing/coaching/developing staff Desired • Educated to degree level or equivalent (IT / Cyber Security related preferred) o Knowledge of the legal and statutory obligations for SMEs regarding information security • Relevant certification such as ISO Lead Auditor, CISM, CISSP