Information Security is critical to the ongoing success and reputation of the Specialist Computer Centre (SCC) as a MSSP. As part of SCC continuing successful growth delivering security products and SECaaS, we now have an exciting opportunity for an Information Security Officer to join our SOC Team based out of our Data Centre Services site in Birmingham. Responsible for working with Programme/ Project/ Operations teams, including Security Architects, Solution Designers and Product Owners to provide end to end compliance assurance of SECaaS across the Corporate and Commercial landscape.
What I need to do
- As an information Security Compliance Officer, work on a number of projects unsupervised.
- Provided end to end engagement on a wider range of SECaaS projects ensuring that Compliance is built in, they deliver securely and client and employee data is protected.
- Attend Programme/Project meetings and represent Information Security, giving advice as required.
- Review architectural and design documents including Solution Outline Documents, Detailed Designs, Network Diagrams, Data Flow Diagrams etc.
- Define Compliance Non Functional Requirements for each project and ensure that they are fulfilled prior to going into service.
- Ensure the relevant technology standards are applied to specific projects
- Produce resource estimate for Information Security engagement on projects and record your time on the current resources management tool.
- Manage external resources to ensure that penetration testing is carried out to a suitable standard on time and within budget.
- Scope and manage Penetration Testing including the production of a plan to remediate vulnerabilities identified during any test in a timely manner.
- Liaise with the Information Security Testing Team to ensure Infrastructure Scanning is conducted in support of In-House Development utilising Agile delivery methodologies.
- Provide end to end assurance of IT products across the Corporate and Commercial environments, during BAU throughout a product’s lifespan, protecting client and employee data and ensuring compliance with Information Security policies and standards.
- Review Change Requests in relation to compliance.
- Responsible for ensuring that any vulnerabilities identified are processed in accordance with the latest Information Security Risk Management Process including; Risk analysis, identifying and applying appropriate controls, recording, reviewing and approval.
- Articulate compliance risk in technical and non-technical terminology so that it can be interpreted by SCC, its customers both IT and business individuals alike.
- Carry out PCI impact assessments on projects where appropriate.
- Assess the current technology infrastructure to identify information security and compliance risk areas and recommend controls to address those risks.
- Escalate any issue to the ISM Product Assurance where appropriate.
- Manage current compliance process and procedures and develop new process and procedures that have been identified as required.
How will I succeed
- Products are delivered securely
- Policy, processes and procedures are maintained
- Identified compliance deviations are quantified and managed to resolution
- Review security offences and ensure correct closure and future prevention
- Lead/participate in InfoSec reviews both internal and external to the business
- Champion security and compliance awareness
- Risk assess customer data within the data centre and provide risk mitigation reports for improvements
- Provide regular updates on progress of Information Security Compliance highlighting Risks and issues and areas of improvement
- Own workload, ensuring work is delivered on time, and to the required quality
- Be a self-starter and proactive in driving forward security for the benefit of the business
What I need to know
- High level technical understanding particularly of key security component functionality and procedures
- Sound knowledge and experience of risk management techniques
- Security Incident Management knowledge
- Security Training and Awareness experience
- Working knowledge of Data Protection Act 2018 & GDPR
- Knowledge of security standards with working knowledge of ISO27001/NIST
- Knowledge of PCI DSS and awareness of SOX/ HIPPA
What I need to show
- Relevant 3+ years’ experience in Information Security Compliance
- SC Security Clearance or be willing to undergo the process to gain the clearance
- Experience using service management tools. (Assyst/Service Now)
- Ability to produce and deliver remediation action plans
- Excellent communication, written and presentational skills with the ability to select appropriate format for the intended audience
- Experience of communicating and influencing senior management
- Hold a recognised Information Security qualification (e.g. CISSP, CISM, CGEIT, CRISC or demonstrate strong capabilities in Information Security Compliance)
- Experience using a SIEM tool (Not essential)