Information Security Specialist

Newcastle upon Tyne | Job ID: 19003 | £35,000.00 to £45,000.00 per year

Role Details

JOB DESCRIPTION & PERSON SPECIFICATION

Job Title: Information Security Specialist

Department/Location: IT Support & Services in Newcastle upon Tyne

Responsible to: Operations Director

Hours of work: 40 hours (9-5 Monday to Friday)

Main Purpose:

The Information Security Specialist will be responsible for supporting the security/cyber department by dealing with queries, offering advice and guidance on industry best practices and assisting with security incident activities.

Principal Duties and Responsibilities:

• Implementing and managing security technologies including; firewalls, anti-malware, IDS/IPS, web filtering, email filtering, SIEM, patch management, MDM and DLP
• Security alert triage and first responder
• Vulnerability scanning service management, issue triage and remediation
• Information Security Services tuning and improvement: “raising the bar” by identifying appropriate controls or functionality in existing technology, working with Service Management teams to drive adoption whilst minimising adverse business impact
• Handle information security queries from other departments
• Work with 3rd party Audit upon request, as well as facilitate independent security audits that have been provisioned
• Support information security incident activities
• Participate within business projects offering security guidance and advice based upon industry best practices
• Identifying and analysing Information Security risks to the business in order to then develop risk management controls and design processes to eliminate or mitigate potential risks.
• Conducting policy and compliance audits, which will include liaising with internal interested parties and external auditors
• Any such duties that may be required.

Key Competence Requirements

• Self-motivated and tenacious in performance of your duties
• Be able to manage, process and implement security policies
• Ability to influence senior stakeholders and work effectively across different groups and divisions
• Willingness to adapt to changes in technology and support the wider team in achieving deliverables, even when outside of core role

Experience and/or Qualifications

Essential:

• Cloud security experience for both 3^rd party and PDR-hosted systems in public/private clouds
• Experience of implementing and maintaining PCI-DSS in at least a level 2 merchant environment (PCI Internal Security Assessor status desirable).
• Relevant qualifications desirable but not essential if equivalent experience can be demonstrated (CISMP, CISSP)

Desirable:

• Previous experience with large, complex IT change projects (Information Security aspects)
• Experience of implementing and maintaining ISO27001 in a multi-site organisation
• Experience of, or willingness to learn, risk assessment and management techniques, process and policy creation/review, compliance audit activities and risk reporting.
• Experience using the following technologies is desirable: LogRhythm, Fortinet Fortigate appliances, Symantec ITMS, PRTG, SNORT, Cyberark Core Privileged Access Management, Cisco ISE, Forescout, Sophos Endpoint security products, Tenable Nessus/IO, SD WAN solutions.