Information Security Project Assurance Lead

Job Type Permanent Full Time
Location Holborn
Area London, United Kingdom
Sector Manager
Salary £60,000 - £65,000 plus bonus and benefits
Start Date ASAP
Telephone 02033271996
Job Ref 10459
Job Views 327
Description

 

Our client, a well known retail organisation within the UK, are looking for an Information Security Project Assurance Lead with management experience to help ensure that IT projects are delivered securely, protecting client and employee data.

 

Duties & Responsibilities

  • Lead a team of Security Analysts engaged in delivering End to End Project Assurance i.e.:

    • Manage internal security assurance for internally developed applications within a DevOps environment

    • Scope penetration testing for both internal and external facing applications with external testing providers

    • Manage external resources to ensure that penetration testing is carried out to a suitable standard on time and within budget

    • Responsible for ensuring that vulnerabilities identified via internal or external security testing are suitably mitigated and any residual risks are documented and formally accepted

    • Conduct Information Security Risk Assessments using the Information Security Risk Management Process

  • Responsible for the information security management discipline, ensuring an effective and coordinated set of processes are developed and maintained across all services, suppliers and customers:

    • Ensures the Information / document / content storage, retention and management policies and procedures are maintained and aligned to industry best practice

    • Ensures the benefits of Information security and concept of risks is understood by all colleagues

    • Pro-actively manages security risk assessments and mitigation plans to address risks within agreed timescales, evaluating business impact

    • Provides advice and guidance associated with the planning, design, implementation and improvement of system security taking account of current best practice, legislation and regulation

  • Ensures all projects consider the security implications throughout the project lifecycles:

    • Security risks are identified early on and catered for in the solution design and that the resulting implementation addresses these risks

    • Authorises implementation of procedures to satisfy new access requirements, or provide effective interfaces between users and service providers

    • Works with the internal Legal team to ensure Data protection regulation is supported by all IT systems and processes

  • Reports effectiveness of information security against industry standards and agreed KPI’s, along with Security Incident Response Plans

  • Ensures the specific technical skills required are provided to manage and maintain security

  • Liaises with industry and national bodies (including regulators and auditors) to ensure the appropriateness of the information security function, e.g. PCI compliance

 

Desired Skills & Experience

  • CISSP or CISM essential; CRISC, CCSP, CEH or equivalent desirable

  • Computer Science degree and/or MSC in Information Security desirable but not essential

  • Working knowledge of different delivery methodologies including Waterfall, Agile and Hybrid. Knowledge and skills to manage Penetration Testing processes and remediation

  • Has a broad knowledge and understanding of IT concepts and architectures including Cloud, BYOD, Mobile Device Management etc.

  • Proactively takes responsibility, owns any issues arising and follows through to resolve them, recognising how individual responsibility impacts team delivery and inspires others to do the same

  • Knowledge of OWASP vulnerabilities, tools and methodologies

  • Demonstrates extensive knowledge of good security practice covering the physical and logical aspects of information products, systems integrity and confidentiality

  • Expert in methods and techniques for risk management, business impact analysis, countermeasures and contingency arrangements relating to the serious disruption of IT services

  • Expert in tools or systems which provides access security control (i.e. prevents unauthorised system access)

  • Strong current knowledge of PCI, DPA and ISO27001

asdf
Apply Later
Sign in
Register
Apply
Later
Similar Jobs
  • Information Security Manager
    Main Responsibilities Be the main interface between the Northern platform business and Information Security. Manage and contribute to Information Security improvement projects and initiatives. Review and maintain existing security policies, standards, pr...
  • Information Security Risk Manager
    Job Purpose Our client, an exciting Financial Services organisation, is looking for an Information Security Risk Manager to be responsible for ensuring that all elements of Information Security Risk are managed, supported and maintained across the business, providing assurance that the risk p...
  • Security Project Manager – Identity & Access Management
     A global security organisation are looking for a Security Project Manager on an initial 6 month contract to lead on multiple IT & Technical projects as part of a major security transformation programme, specifically leading on a major Identity & Access Management Project working wit...
Email Me Jobs Like This
Subscribed to similar jobs notifications

Contact

 logo-white

Via resource Group
Braywick House West
Windsor Road
Maidenhead
SL6 1DN
United Kingdom