Manage and report operational information security risk, using IT security tools and processes. Assist customer service and IT teams to manage the outputs of security systems. Act as a trusted expert partner to advise service teams and managers regarding operational service calls, incidents and problems, and provide awareness.
Key Duties and Responsibilities
• Recognises, investigates and reconciles violation reports and logs generated by detection systems in accordance with established procedures and security standards. Examples include but are not limited to responding to and reporting from automated alerting systems, auditing logs, IDS/IDP logs, anti-virus and firewall systems
• Interviews minor offenders and compiles reports and recommendations for management follow-up
• Creates and delivers user documentation and security awareness literature and training
• Assists in the assessment of the potential impact on existing access security mechanisms of specific planned technical changes, in order to help ensure that potential compromise or weakening of existing security controls is minimised. Also assists in the evaluation, testing and implementation of such changes. Ensures that co-ordination and change control are applied to technical specifications and to the technical infrastructure.
• Conducts risk assessments and security control reviews for all types of business applications and computer installations and recommends appropriate action to management
• Creates information security awareness materials and delivers training
• Assists internal and external customers defining their needs for new access rights and privileges
• Provides input to other information security, contingency planning and related activities
• In addition to the duties and responsibilities listed, the job holder is required to perform other duties assigned by the Information Security Manager from time-to-time, as may be reasonably required of them
• Some manual handling may occasionally be required
• May be required to work on other sites and data centres within the Organisation
• Comply with the Quality Management System
• Comply with the Occupational Health, Safety and Environment policies and procedures
• Comply with security in accordance with established policies and procedures of the organisations
• Other duties as requested
Key Requirements
Qualifications
Essential:
• Degree or equivalent qualifications/experience
• Certification as an IS professional (e.g. CISA/CISM/CISSP/SSCP)
• Current driving licence
Desirable:
• A university degree in a numerate subject (e.g. Computer Science, maths, engineering, natural science)
• Security vendors’ certifications for tools
• ITIL v3/ Prince2 foundation level
Skills/Experience/Knowledge
Essential:
• Experienced practitioner in security operations or development roles.
• Sound knowledge of change and configuration management, reliability and safety methods and the use of metrics.
• Practical knowledge of information security and technologies
• A minimum of four years’ experience in an IT environment
Desirable:
• Experience within organisations compliant with or seeking ISO 27001 / PCI-DSS compliance
• Experience of quality management systems e.g. ISO 9001
• Understanding of security within agile and waterfall project methods
• In depth understanding of IT technology infrastructure and service management, in particular Cisco and McAfee security tools
• Experience of Archsight, Qualys, Tripwire, IBM Guardium, Centrify, McAfee, RSA, Microsoft, Cisco, Websense tools
• Understanding of risk management and Infosec forensic tools
• IS professional training (e.g. CISA/CISM/CISSP/SSCP/SANS/CEH etc) or demonstrable experience
Personal Qualities
• Self-motivated
• Able to work on own initiative, unsupervised
• Attention to detail and adherence to procedures
• Strong customer service skills
• Strong communication and written skills
• Ability to learn on the job