Group IT Cyber Security & Compliance Officer
Benefits– 3% pension contribution, various services such as free eye tests, cycle to work schemes, hybrid working policies, a benefits hub for vouchers etc.
Our client has a great opportunity as a Group IT Cyber Security compliance officer. This role is to create a leading Security Operations Centre across the Business in conjunction with the Cyber Security Partner. The role will involve leading on the cybersecurity, audit, compliance and IT security accountability support to the IT teams and the overall business.
In addition, the candidate will be responsible for implementing cybersecurity best practices.
This role will be working closely with people across the business on a combination of strategic and operational projects to identify and develop defences to support the organisations IT security.
A key part of the role is to continually improve the security environment and work closely with an outsourced SOC partner. The role also requires supporting cybersecurity for a wide area of technical systems and software solutions, as well as reporting on the cybersecurity environment, threats, vulnerabilities, trends and advising and implementing technical solutions and processes to ensure best possible cybersecurity for the company.
- Create, review, and improve the overall Group IT security policies and procedures
- Create, review, develop and rollout technical security designs, standards, and support policies
- Set up new group wide hybrid SOC with a designated partner and improve the security operation process
- Act as high-level security incident escalation point
- Lead security investigations and corresponding remediation tasks
- Taking ownership of the organisation’s security strategic framework and implementation plan, including the creating and maintenance of ISMS
- Set up, define, and own IT security incident management processes
Person Specification & Key Skills
- Experience of working in a heavily regulated and fast-paced
- Competent in cyber security technologies: Firewalls, intrusion detection, assessment tools, encryption, certificate authority, etc.
- Good knowledge and understanding of the Data Protection Act and the General Data Protection Regulation and able to apply knowledge practically
- Solid technical understanding of IT systems from a cybersecurity perspective, including access controls, patch management solutions, anti-virus systems, networking, cloud infrastructure, vulnerability scanning systems, servers, workstations, and applications
- Able to work proactively and independently to identify and report on cybersecurity threats
- Strong analytical skills to analyse security requirements and relate them to appropriate security controls
- Excellent writing and reporting skills, able to deliver reports on cybersecurity threats, patching status, vulnerabilities, etc. Able to present data in a clear and intuitive manner
- Able to work both alone and as a member of the IT team, working alongside the Infrastructure, Service Desk and Development teams to implement cybersecurity best practice in all areas
- Sufficient understanding of development practices and methodology to be able to support delivery of security and privacy in code and design and report on status
- Previous experience in IT system administration, IT development and/or IT security roles
- Good knowledge and competence in the cybersecurity field, including knowledge of various standards such as ISO27001, Cyber Essentials, COBIT, PCI
- Security qualifications such as GCIH, CISSP, SSCP, CISA desirable
- Ability to assess and benchmark security controls in common cloud platforms including Office 365, Google Suite, Azure
- Degree in an IT field desirable.
- Scripting knowledge (PowerShell) desirable
Planet Recruitment acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers. Planet Recruitment is an Equal Opportunities Employer.
By applying for this role your details will be submitted to Planet Recruitment. Our Candidate Privacy Information Statement explains how we will use your information.
Only candidates with the relevant skills and experience will be contacted after application, if you do not hear back from us within 7 days you have unfortunately been unsuccessful in your application.
Please note that no terminology in this advert is intended to discriminate on the grounds of a person’s gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and abilities to perform the duties of the position.