The Information Security Team is responsible for providing guidance and leadership in all areas related to Information Security. This includes providing guidance and support to the software development, Infrastructure and wider business teams. As a key hire within the database and application development space, it is anticipated that this person will assist in growing the breadth and depth of the Information Security service offering.
This responsibility is managed by the Information Security team by defining Policy and monitoring the compliance to Policy, managing defined ‘Business as Usual’ processes, regular audits and reviews, undertaking project work.
The role
The candidate, reporting to Head of Production Assurance, will:
• Have a broad range of IT and security experience, gained through working in the financial services/banking sector.
• Needs to be a strong communicator, with an ability to promote information security at all levels of management, and engage with business teams at the design/concept stages to ensure Information Security requirements are adopted early on.
• Have a good technical background with reasonably in-depth understanding of database and application security, encryption, database entitlement solutions etc.
• Having practical hands-on experience of performing source code reviews, database security reviews and/or assisting in the associated remediation work would be highly advantageous.
• Exposure to a variety of database security monitoring and alerting software is ideal
• Require the ability to manage their own IT projects for the deployment of Information Security systems/tools and the on-going programme of work to on-board business groups to utilise these tools for maximum ROI.
• Need to be able to produce management reporting to illustrate the maturity of information security policies and controls through the use of metrics and work with the organisation to continuously improve based on the trends within the reports.
• This position can be based in our London or Dallas offices.
Duties & accountabilities
• Security Operations duties and responsibilities:
Participate and or lead in the definition, management and on-going reviewing of Information Security Policies, with a view of aligning these to ISO 27001, where applicable
Partner with our Risk, Compliance, HR and Legal teams on matters relating to Information Security
As a senior member of the Information Security Team assist, as needed, with Internal Audit, Client Q&A, SSAE16/SOC2 and other audits pertaining to information security
Manage projects to deploy Information Security systems to help control/audit and enforce the Information Security Policies
Help manage and minimise the impact and risk of Security Incidents and Vulnerabilities to our products and company as a whole.
• Product Security duties and responsibilities:
Work with global Development teams to ensure effective security principles and processes are factored in the design, build, implementation and operation of new Products.
Scope, design, plan, coordinate and oversee a programme of application, product and services penetration tests and their resulting remediation
Manage the principles and processes that will ensure effective database security (principally Oracle & MS SQL Server).
Help raise security awareness across the organization by developing, planning and delivering Security Awareness Training that satisfies the evolving needs of the organization.
Support the Sales and Client Relations functions by coordinating the responses to client RFI / RFQs, due diligence and audits in a consistent and timely manner.
Participate in a program of process improvements to ensure that the organisation always maintains a secure environment for its infrastructure, systems, applications and data
Education and experience
• Bachelor's degree in Information Technology or in a related field OR, the equivalent combination of education, training and/or experience. .
• Experience of working as a security consultant with hands-on operations experience, within the finance sector and/or a large consultancy.
• Technical security skills and experience are a must.
• CISSP / GIAC / CEH v8 certified or similar certification.
• Working knowledge of SSAE16/SOC2/ISO27001 knowledge and similar audit/compliance standards experience.
• Consistent track record of delivery to excellent standards.
• Working knowledge of international security standards.
• A solid experience of software development preferable Secure Software Development..
• Experience of security incident management.
• Experience of managing completed source code review and penetration testing programs, including managing the remediation process.
• Knowledge of operating systems (Microsoft / Linux).
• Working knowledge of IT security best practices and configurations as used in desktop, server, and network configurations.
• Experience of monitoring security threats, analyzing vulnerability assessments, and balancing security with business rules/needs.
• Experience of working with other IT professionals to resolve fast-moving vulnerabilities such as spam, virus, spyware and internet filtering.
• Experience of defining and enforcing internet and application use policies.
• Experience of documenting status reports, plans, policies, procedures and presentations.
• Development / programming experience (preferably Java) database and application security.
• Experience of working in security-related IT projects using project management and software tools.
• Experience of ticketing systems(Issue Tracking)
• Ability and willingness to work extended hours or modified schedule for planned or emergency work. Ability and willingness to travel to and work at various Company locations if required.