Information Security Specialist
Gerrard White is currently recruiting for a Cyber and Information Security Specialist for a market leading and customer centric insurance provider with a number of brands.
Acting as a Cyber Security Specialist you will provide expertise to support the Cyber and Information Security Framework and ensure that all IT Systems used are appropriate secured against Cyber Threats.
This will include providing knowledge and expertise in the application, development and implementation of security controls to maintain the availability, integrity, and confidentiality of all IT systems. Providing guidance, supervision and oversight to outsource providers to ensure they execute their contractual obligations.
Principal accountabilities will include:
- Cyber and Information security/risk/incident analysis to support the front line defence of networks, protecting information from unauthorised access and violations. By analysing and assessing potential security risks, developing plans to deal with such incidents by putting measures in place to mitigate cyber threats
- Preparation of technical reports and risk analysis reports. .
- Planning, coordination and supervision of external penetration testers used to carry out tests on public facing systems
- Contribute to the management, development and oversight of the enterprise wide vulnerability scanning service for business as usual and project activities. Execute computer forensics analysis or investigations as required, coordinating activities with the Fraud team or external partners or organizations.
- Contribute to the design and delivery of an Information Security strategy and framework and map - aligned with overall IT and Business strategy/direction.
- Ensure the delivery of all IT security operational services provided by third party providers.
Suitable applicants will have proven experience within a Cyber and Information Security team with strong business stakeholder management and communication skills.
Previous experience will also include:
- Following and implementing Cyber & Information Security regulatory standards and policies.
- Proven technical experience: investigation, analysis, support roles, various non-IT contributors.
- Experience of vulnerability management, penetration testing and ethical hacking.
- Strong risk assessment skills covering both risk identification and documentation.
- Possible experience in Security Architecture insight or exposure and the development of Security governance aligned to Data and Enterprise Architecture.
- Experienced in creating and following formal governance processes as set out by an IT department for change, risk, issue and operational management.
- A strong security focus, with a good understanding of business priorities and IT drivers and the ability to make strategic decisions.
- Industry Cyber security certifications such as CISSP.
- Architectural understanding of cloud services extending to administration and audit capabilities e.g. Amazon Web Services