Information Security Engineer – iso 27001, GDPR, Risk, Digital

Information Security Engineer – London or Cambridge – £75,000 – iso 27001 or iso27001 and Security, GDPR, risk, Information

My client is an innovator in messaging and communications, enabling the world’s largest brands -to understand and connect more closely with today’s connected consumers

Responsibilities

Providing leadership in the information security space, helping ensure ISO and GDPR certification, establishing, maintaining, and enforcing our security policies. Working closely with our business and technology teams to ensure awareness and adherence to the policies and procedures established.

To ensure that the security solutions being designed and delivered are aligned with the enterprise security architecture, supporting the transition of the security architecture from its current to its planned future state.

To lead and provide strategic oversight to ensure and assure the beneficial and cost-effective security change across key accounts, through the evaluation of business strategies and requirements providing advice, guidance and assurance.

Key account abilities

• Provide security advice and guidance to business and delivery teams ensuring solutions are consistent with the enterprise security road-map whilst balancing business values and security risk.
• Recommend changes to IT systems in order to bring them into compliance with security policy, standards, blueprints and road-maps.
• Influence stakeholders to adopt architecturally sound approaches to the management of risk.
• Advise on the translation of business requirements into secure IT solutions and migration road-maps.
• Preparation and documentation of standard security operating procedures and protocols
• Recommend technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Advise on alternate solutions and counter measures to mitigate identified information risks.
• Provide assurance that identified solutions or countermeasures mitigate identified information risks.
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
• Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
• Keeps users and business informed by preparing performance reports; communicating system status, owning security incidents when they arise.

Knowledge/Experience/Technical Skills Required

Essential:

• Proven experience in the design, implementation and operation of scaled IT security services and capabilities, ideally within a large government organisation or complex large scale multi supplier organisation.
• Excellent communication skills, with ability to articulate complex technical issues into business focused terms and communicate to Stakeholders.
• Knowledge of GDPR, it business implications and the merits of various technical approaches
• Expertise in IT security risk in a business context
• Exposure to web application security and penetration testing.
• Strong technical aptitude and exposure to ISO 27001 or similar based security polices and standards.
• Exposure to securing the software development life-cycle and to project management disciplines.
• Excellent organisational and technical documentation skills.
• Strong understanding of Information Security including threats, attacks, and vulnerability management.
• Deep understanding of secure development practices, with practical experience of cyber security, privacy protection, cloud security, identity management, situations awareness, protective monitoring, security operations, risk management and reporting.
• Deep understanding of information security architectures, methodologies and frameworks, with practical experience of using industry standard enterprise architecture frameworks such as The Open Group Architecture Framework (TOGAF).

This is a perm position based in London, please contact skelly@welovesalt.com for more information