Information Risk and Privacy Manager Information Risk and Privacy Manager …

Resource Solutions
in Edinburgh, Scotland, United Kingdom
Permanent, Full time
Be the first to apply
Negotiable
Resource Solutions
in Edinburgh, Scotland, United Kingdom
Permanent, Full time
Be the first to apply
Negotiable
Work closely with the Security Engineering Manager to : * Support the implementation of the strategic security programme in M&G * Support the development of policy, standards and architecture in relation to IT risks and security * Ensure applicable security policies and standards are being applied * Act as SME for IT security and risk matters and provide security advice and guidance to projects

Expert on infrastructure / platform security and configuration

Work closely with the Security Engineering Manager to :

  • Support the implementation of the strategic security programme in M&G
  • Support the development of policy, standards and architecture in relation to IT risks and security
  • Ensure applicable security policies and standards are being applied
  • Act as SME for IT security and risk matters and provide security advice and guidance to projects
  • Conceive, build, and maintain inventive security controls in order to intercept, prevent and detect internal or external security attacks
  • Support M&G in staying abreast of current and emerging security threats and technology solutions
  • Help develop security awareness and knowledge within the Risk and Security Domain

Act as the subject matter expert for IT infrastructure security in respect of :

  • Prevailing enterprise-wide security policies, standards and architectures
  • Best practice for infrastructure security configuration and secure operational practice
  • Knowledge of the profiles of infrastructure security
  • Security industry trends, technologies and vendors
  • Identify potential areas of risk in IT infrastructure and options for risk removal, reduction or mitigation
  • Consult and inform infrastructure security architecture principles, working with M&G Security Architecture function
  • Consult and inform in the development of Security policies
  • Undertake security assessments for initiated projects and provide security consultancy more generally
  • Research security technologies and environments, present and emerging, and provide assessments of impact to M&G. Work closely with domain experts to ensure discussions with business units around new technology adoption consider security issues

Job Requirements - Knowledge and Skills

  • Deep knowledge of IT security principles and controls (ISO27002, ISF, COBIT)
  • A thorough understanding of signature and signature-less security tools, encryption products, system hardening, industry standard security applications, exploit methods, and common vulnerabilities and exposures is required.
  • Operational knowledge of Windows; Linux; AIX, and other UNIX; and iOS/OSX operating systems is required, including experience with Windows Active Directory and Unix/Linux system administration
  • A working knowledge of networking principles, including TCP/IP, routing, DNS
  • Hands on experience with virtualization technologies (Citrix, Vmware)
  • A working knowledge of PCI and SOX regulations is desired.
  • Good understanding of the financial services industry and associated regulatory requirements.

Wide-ranging security knowledge of technologies and architectures across several of

the following environments:

  • Network (IDS, Proxies etc.)
  • Mobile Security
  • Web
  • Encryption / PKI
  • Data Loss Prevention
  • Desktop (Microsoft)
  • Anti-Virus / Malware
  • Midrange (Unix, Windows)
  • Email
  • Excellent stakeholder relationship management skills
  • Proven supplier management skills and evidence of managing third party security controls
  • Appropriate level of cyber security experience and accreditation (CISSP,SSCP,CISM etc.)

Job Requirements - Attributes

Highly organised, excellent prioritisation and planning skills

  • Strong verbal and written communication skills, with an ability to present to management
  • Actively shares experience and ideas.
  • Good stakeholder management skills. Able to effectively listen, communicate, challenge and influence team members, peer group, suppliers, and senior management.
  • Strong analytical skills. Able to review and assess security and technology issues and interpret in terms of impact to M&G

Additional Information

Requirement to travel within the UK occasionally.

Close
Loading...