Work closely with the Security Engineering Manager to : * Support the implementation of the strategic security programme in M&G * Support the development of policy, standards and architecture in relation to IT risks and security * Ensure applicable security policies and standards are being applied * Act as SME for IT security and risk matters and provide security advice and guidance to projects
Expert on infrastructure / platform security and configuration
Work closely with the Security Engineering Manager to :
- Support the implementation of the strategic security programme in M&G
- Support the development of policy, standards and architecture in relation to IT risks and security
- Ensure applicable security policies and standards are being applied
- Act as SME for IT security and risk matters and provide security advice and guidance to projects
- Conceive, build, and maintain inventive security controls in order to intercept, prevent and detect internal or external security attacks
- Support M&G in staying abreast of current and emerging security threats and technology solutions
- Help develop security awareness and knowledge within the Risk and Security Domain
Act as the subject matter expert for IT infrastructure security in respect of :
- Prevailing enterprise-wide security policies, standards and architectures
- Best practice for infrastructure security configuration and secure operational practice
- Knowledge of the profiles of infrastructure security
- Security industry trends, technologies and vendors
- Identify potential areas of risk in IT infrastructure and options for risk removal, reduction or mitigation
- Consult and inform infrastructure security architecture principles, working with M&G Security Architecture function
- Consult and inform in the development of Security policies
- Undertake security assessments for initiated projects and provide security consultancy more generally
- Research security technologies and environments, present and emerging, and provide assessments of impact to M&G. Work closely with domain experts to ensure discussions with business units around new technology adoption consider security issues
Job Requirements - Knowledge and Skills
- Deep knowledge of IT security principles and controls (ISO27002, ISF, COBIT)
- A thorough understanding of signature and signature-less security tools, encryption products, system hardening, industry standard security applications, exploit methods, and common vulnerabilities and exposures is required.
- Operational knowledge of Windows; Linux; AIX, and other UNIX; and iOS/OSX operating systems is required, including experience with Windows Active Directory and Unix/Linux system administration
- A working knowledge of networking principles, including TCP/IP, routing, DNS
- Hands on experience with virtualization technologies (Citrix, Vmware)
- A working knowledge of PCI and SOX regulations is desired.
- Good understanding of the financial services industry and associated regulatory requirements.
Wide-ranging security knowledge of technologies and architectures across several of
the following environments:
- Network (IDS, Proxies etc.)
- Mobile Security
- Encryption / PKI
- Data Loss Prevention
- Desktop (Microsoft)
- Anti-Virus / Malware
- Midrange (Unix, Windows)
- Excellent stakeholder relationship management skills
- Proven supplier management skills and evidence of managing third party security controls
- Appropriate level of cyber security experience and accreditation (CISSP,SSCP,CISM etc.)
Job Requirements - Attributes
Highly organised, excellent prioritisation and planning skills
- Strong verbal and written communication skills, with an ability to present to management
- Actively shares experience and ideas.
- Good stakeholder management skills. Able to effectively listen, communicate, challenge and influence team members, peer group, suppliers, and senior management.
- Strong analytical skills. Able to review and assess security and technology issues and interpret in terms of impact to M&G
Requirement to travel within the UK occasionally.