Cyber Security Assurance Specialist

Role Title:
Cyber Security Assurance Specialist

Key Role Responsibilities

* Review new business proposals and provide specialist advice on security issues and implications.
* Set policies, standards and guidelines for how the organisation conducts security operations across the business and ensures alignment.
* Develop & establish supplier chain security agreements / contracts / questionnaires and manage completion and disengagement.
* Lead reviews of governance practices with appropriate and sufficient independence from management activity.
* Develop policies, standards, processes, guidelines for ensuring appropriate security standards are in place and are adhered to.
* Ensure architectural security principles are applied during project design to reduce risk. Drives adoption and adherence to policy, standards and guidelines.
* Design, architect and deliver security aspects within projects and provide expert assurance for secure implementation.
* Lead and support product security activities, including technical reviews and assessments of product security architectures and designs across a diverse range of complex infrastructure, data and application systems.
* Ensure timely and robust incident management resolution, including major incident response coordination and management.
* Deputise for the Senior IT Security Manager as and when required.

Education, Qualifications & Training
* Achieved one or more relevant qualification / certification (i.e. CISSP, CISA, CISM

Knowledge & Experience
* Expert knowledge of security data tools, information security controls, security best practice and management strategies.
* Experience of designing control maturity tests and conducting control maturity assessments.
* Experience of overseeing and leading remediation of security assessments, technical testing, and vulnerability analysis including Cyber Essentials, Cyber Essentials Plus, and NIST CSF.
* Experience in incident response and overseeing improvement actions such as development and tuning of security monitoring, alerting, and reporting.
* Technical knowledge and broad hands-on experience of working with security technologies such as the Microsoft XDR stack, vulnerability management tools (Nessus and Rapid 7), EDR platforms, SIEMs (Splunk / Azure Sentinel), Powershell automation etc.
* Previous exposure to enterprise networking and infrastructure technologies

Role Specific Skills & Behaviours
* Ability to work supportively and collaboratively with colleagues across Technology & transformation as well as the wider business.
* Ability to effectively coordinate and manage major incident responses.
* Ability to work under pressure and maintain customer service ethic.
* Ability to be creative.
* Ability to present complex security solutions and situations to those without technical knowledge.
* Ability to formulate effective and appropriate recommendations based on sound technical knowledge.
* Ability to confidently challenge deadlines, priorities and suggest alternative ways of achieving targets.
* Meticulous documentation skills used for service descriptions and in service/asset management tooling and knowledge bases.
* Excellent written and oral communication skills.
* Customer focused - always assessing the impact and urgency for customers as the priority.
* Able to develop the skills and competencies of others.

Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk