Information Security Specialist
Newcastle upon Tyne | Job ID: 19003 | £35,000.00 to £45,000.00 per year
JOB DESCRIPTION & PERSON SPECIFICATION
Job Title: Information Security Specialist
Department/Location: IT Support & Services in Newcastle upon Tyne
Responsible to: Operations Director
Hours of work: 40 hours (9-5 Monday to Friday)
The Information Security Specialist will be responsible for supporting the security/cyber department by dealing with queries, offering advice and guidance on industry best practices and assisting with security incident activities.
Principal Duties and Responsibilities:
- Implementing and managing security technologies including; firewalls, anti-malware, IDS/IPS, web filtering, email filtering, SIEM, patch management, MDM and DLP
- Security alert triage and first responder
- Vulnerability scanning service management, issue triage and remediation
- Information Security Services tuning and improvement: “raising the bar” by identifying appropriate controls or functionality in existing technology, working with Service Management teams to drive adoption whilst minimising adverse business impact
- Handle information security queries from other departments
- Work with 3rd party Audit upon request, as well as facilitate independent security audits that have been provisioned
- Support information security incident activities
- Participate within business projects offering security guidance and advice based upon industry best practices
- Identifying and analysing Information Security risks to the business in order to then develop risk management controls and design processes to eliminate or mitigate potential risks.
- Conducting policy and compliance audits, which will include liaising with internal interested parties and external auditors
- Any such duties that may be required.
Key Competence Requirements
- Self-motivated and tenacious in performance of your duties
- Be able to manage, process and implement security policies
- Ability to influence senior stakeholders and work effectively across different groups and divisions
- Willingness to adapt to changes in technology and support the wider team in achieving deliverables, even when outside of core role
Experience and/or Qualifications
- Cloud security experience for both 3rd party and PDR-hosted systems in public/private clouds
- Experience of implementing and maintaining PCI-DSS in at least a level 2 merchant environment (PCI Internal Security Assessor status desirable).
- Relevant qualifications desirable but not essential if equivalent experience can be demonstrated (CISMP, CISSP)
- Previous experience with large, complex IT change projects (Information Security aspects)
- Experience of implementing and maintaining ISO27001 in a multi-site organisation
- Experience of, or willingness to learn, risk assessment and management techniques, process and policy creation/review, compliance audit activities and risk reporting.
- Experience using the following technologies is desirable: LogRhythm, Fortinet Fortigate appliances, Symantec ITMS, PRTG, SNORT, Cyberark Core Privileged Access Management, Cisco ISE, Forescout, Sophos Endpoint security products, Tenable Nessus/IO, SD WAN solutions.