Internal Cyber Security Operations Lead/SOC Lead - Global e-Commerce C
Internal Cyber Security Operations Lead - Permanent - London
Our client is a unique and forward thinking global e-Commerce business. They are looking to grow their fast-paced Security Team. As an Internal Cyber Security Operations Lead you will manage and lead the internal security operations team that works together with the outsourced security operations centre to provide day-to-day security support. You will report directly into the Security Manager.
Who are you?
- A hands-on and technical security lead who has direct experience of leading a small security team in a fast-paced growing organization, mitigating critical security risks, and implementation of security technologies.
- Ability to operate within an environment in which much of the end to end accountability sits within the individual infrastructure, operations or software teams (e.g. third parties may be providing Threat & Vulnerability management capability and a managed security provider may be providing a security operations center).
- An individual who can operate effectively within a matrix organization in which some of his/her areas of responsibility or accountability would need to be delivered via influence and relationships rather than all under their control (e.g. the network perimeter security managed by the infrastructure team)
Technical Skills / Experience:
- Proven leadership qualities (Direct/Matrix)
- Proven ability to drive a team to achieve its goals within a fast paced and highly agile environment
- People development across the function
- Bachelor's degree in Information Security, Computer Science, Information Management Systems, Business/Accounting or related field/related experience
- Previous experience as a security manager
- Direct experience working with a Managed Security Services Provider
- Security Incident response experience
- Strong experience managing technology teams
- Strong technical skills relevant to Information Security such as secure coding standards, ethical hacking techniques, network security, SIEM and risk analysis
- Familiarity with Information Security industry standards/best practices and relevant regulations (e.g. PCI DSS, SOX, NIST, ISO, CobiT)
- Analytical and detail-oriented
- Strong understanding of security technologies and best practices
- Senior stakeholder management
- Management of specialist security suppliers and software vendors / 3rd parties
- Strong communication and presentation skills
What will you be doing?
- Apply the information security strategy and ensure that there is quantifiable progress in applying the strategy
- Review and contribute to information security standards and policies
- Monitor and enforce information security standards and technologies for all our clients' systems and infrastructure
- Monitor industry trends, evolving threats, vulnerabilities and control techniques
- Responsible for managing the Internal Security Operations Team; who liaise with both third-party service suppliers and internal teams to ensure all security controls are being monitored and updated.
- Collaborate with the Security Operations Centre; ensuring that all our clients' relevant systems are actively monitored and relevant alerts are being raised and investigated in a timely manner. This may require the use of a specialist third party.
- Responsible for establishing and governing the Security Incident response processes, investigations and security operational processes
- Collaborate with the Technology operations team to ensure information security risks in both ongoing and planned operations are properly considered and all compliance matters are being adhered to as required.
- Collaborate with the Technology infrastructure teams to ensure the appropriate network and infrastructure security measures, technologies and processes are in place.
- Lead and / or advise business units as necessary to investigate security incidents; to pursue associated potential disciplinary and legal actions in collaboration with the People team and Legal as appropriate
- Conduct regular and ongoing monitoring of and reporting on enterprise-wide compliance with information security standards and policies
- Achievement of agreed security standards as agreed by the Security Manager
- Appropriate security governance processes are implemented and adhered to
- Appropriate security policies and practices are implemented and adhered to
- Appropriate security technologies as defined in the strategy are implemented successfully
- Investigate security, payment card information and personal identifiable information incidents and alerts
- Define viable post-incident review actions that reduce or remove the risk of the incident/alert occurring again
Our client is a fast-paced e-Commerce company, expanding globally at a rapid pace. Their award-winning Tech teams sit at the heart of their business. Our client delivers technical innovation and pioneer incredible solutions which are crucial to their continued success.
This role requires a unique blend of entrepreneurship and pragmatism, the ability to adapt fast, and help build in the internal cyber security function. In return, the company offers you the opportunity to be part of a growing fast-paced and ambitious team, strong career progression opportunities, a buzzing work environment, and great salary and bonus.
If this sounds of interest, please apply here or send your CV.