Given the nature of S-RM’s business, it is essential that we advocate best practice for Information/ IT Security and are committed to continuous improvement.  

The IT Security Engineer will take the lead on IT security mattersThey will oversee the IT Security layer by identifying and mitigating cyber threats; continuously hardening our core IT systems and train the IT team on the latest cyber threats and ensurthat the business is aligned with industry-recognised security principles

 

MAIN DUTIES AND RESPONSIBILITIES 

Technical

  • Incident response: responsible for the detection, response, isolation and remediation of InfoSec incidents as well as identifying the root cause  
  • Incident prevention: oversee the management, continuous development and configuration of security systems, including (but not limited to) antivirus, firewalls, IDS/ IPS, switches, routers, LAN/ WAN, serversMFA, end points and technical security controls (e.g. identity and access management) 
  • Vulnerability Management: perform regular vulnerability scans and take lead for subsequent patches/ bug fixes/ hardening for global IT estate (on-premise and cloud). 
  • Prioritise and remediate vulnerabilities discovered in annual penetration test 
  • Analyse IT processes & infrastructure to design and optimise Information Security solutions e.g. DLP, Ransomware, Threat Protection, O365, Cloud, Email, SIEM. 
  • Manage data recovery systems 
  • Architectural design: provide subject matter expertise on technical security requirements for all projects  
  • Provide a security escalation path (and coaching) for IT support colleagues 
  • Produce security updates and reports to Head of IT covering all key internal and SaaS platforms 

Information Security 

  • Act as a key liaison point between the IT and Risk & Compliance teams and the business, gaining business support for IT controls and security efforts 
  • Play a key part in ensuring the IT department’s continuous adherence to relevant legislation, including GDPR, as well as implementing/developing supporting policies including breach response and mitigation 
  • Produce reports with recommendations for internal security forums; maintain accurate records and logs of security incidents 
  • Manage all outgoing and incoming client vendor risk assessment requirements and coordinate responses accordingly 
  • Manage all 3rd Party Supplier Risk assessments 
  • Manage internal cyber security training programme 
  • Support, review and develop technical security standards, policies and designs 

The role will be based in our London office 

SKILLS, QUALIFICATIONS & EXPERIENCE 

  • Solid hands-on (3rd line) infrastructure experience and knowledge
  • VMWare/Windows Infrastructure (Windows 2008R2/2012 + Servers, MS Exchange 2010+; Hyper VSphere/ VCentre; ESXi 6.5+); Active Directory 
  • Cloud: Azure, Microsoft 365 (Office suite including SharePoint; Security and Compliance CentreIntune MDM; Exchange; Exchange Online Protection; Advanced Threat Protection, MCASMicrosoft Secure Score); AWS; physical security (access controls); MDM. Desirable: MalwareData/ Forensic Analysis & Encryption 
  • Experience of security incident handling/incident response 
  • Good understanding of Information Security tools, covering areas such as firewalls, Host and Network Intrusion Detection/ Prevention Systems;  AV (Security Suites), web proxies, SIEM, DLP, IAM (Single Sign On (SSO) or federated access management approach); MFA; Advanced Email and Network Fundamentals (DNS; DHCP; VPN; WLAN; WAN; VLAN; WIFI)DKIM, DMARC, SPF 
  • Desirable: CISSP/ CISM (or equivalent) qualified 
  • ITIL qualified 
  • Knowledge of ISO27001/ NIST concepts 
  • Minimum 5 years’ experience (min 2 years in Information Security)

The individual will need to have the following key personal skills and attributes to perform successfully in this role: 

  • Strong analytical and technical skills relevant to information security including data encryption, secure data transmission, secure data consumption and risk analysis 
  • Desktop and server operating systems security 
  • Must be willing to remain hands-on 
  • Highly results and quality driven 
  • Demonstrable ability of documentation 
  • Previous experience of working alongside Governance, Risk and Compliance teams is desirable 

The successful candidate must have permission to work in the United Kingdom by the start of their employment.

Contact

To apply for this role, please email your CV and cover letter to recruitment@s-rminform.com.