Information Security Trainee - Placement

An Exciting Placement opportunity for those keen to expand their commercial experience within Informaton Security.   This would suit Cyber Security learners with knowledge of IT and an understanding of Information Security and Information Security operational controls.

Objective

Accountable to the Business Information Security Manager / Cyber Security Manager for the implementation and operational management of Information Security Operations and associated controls across our Client's company. 

Designs and builds the organization or product cyber security systems and infrastructure. Specialises in ensuring the organization's cyber security systems and infrastructure are in place to protect the organization's applications, product systems and networks against cyber attacks, intrusions, malware and various types of data breaches.

Key Accountabilities & Responsbilities

Information Security Operations

• Responsible for managing global Information Security Operations through an outsourced IT delivery model.

• Lead in detecting and analyzing security incidents including attacks, breaches, and identified vulnerabilities and remediate any security gaps in line with the security incident management procedure.

• As subject matter expert on the team, maintain understanding of current technology, database management, programming practices, and future trends through ongoing education, conference attendance and industry press.

• Conduct research and select relevant information to enable analysis of key themes and trends using primary data sources and business intelligence tools.

• Responsible for ensuring relevant SLAs for Information Security are met or exceeded.

• Provide regular and timely reporting on the Information Security status globally.

• Provide escalation path for Information Security issues, incidents, and enquiries.

• Develop, own, and continuously improve the Incident Response process including the handling of all Information Security incidents in combination with the outsourced delivery partner.

• Collect and act upon diverse threat intelligence to enhance their Information Security protection.

• Champion Information Security throughout the business and serve as a focal point for business enquiries.

• Develop a solid Information Security foundation based on a continuous improvement cycle with equal weighting placed on People, Process, and Technology.

• Responsible for information security operations delivery and baseline compliance of infrastructure (including monitoring, reporting and assurance) through IT service partner.  This includes security controls of servers, desktops, laptops, networks, wireless, security appliances, and email.  Regular service compliance reporting will be monitored with agreed KPI's and KRI's.

• Optimise technical controls to ensure efficient protection of our client's Information assets and infrastructure.

• Accountable for assisting in law enforcement relationships for threat intelligence including that of the United States Department of Homeland Security, Police Scotland, US FBI (Infragard), UK Cyber Emergency response team (UK-CERT) and UK CPNI (Centre for Protection of National Infrastructure).

• Proactive identification and remediation of vulnerabilities across all IT platforms.

Information Security & Risk Management Frameworks

• Contribute to the Information Security Framework for all business units to mitigate risks and ensure compliance.

• Operation of an Information Security Risk Management Framework that is effectively embedded in Risk policies, procedures, and governance processes.

• Provide technical and professional insight  in the development and delivery of our client's Information Security strategies to ensure that they align with business objectives and maximise the effectiveness of available resources.

• Design and implement disaster recovery and contingency plans to protect company data.

Set Policy and Standards

• Contribute to the drafting of policies, procedures, and related guidelines within an area of expertise to meet defined key principles and ensure compliance with external requirements.

• Define working procedures in combination with the IT service partner to optimise Information Security operations and Incident Response.

Working Relationships

Internal: Business information security team, Digital & Information Technology teams

External: Third party suppliers and vendors, regulatory bodies, customers

Level of Influence & Decision Making Authority

• Able to communicate at all business levels and engage

• Enthusiastic and inspiring 

• Ability to hold influence with peers and senior business leaders across the company.  

• Ability to take ownership and endurance to see tasks completed.

• Provides analysis, advice and guidance to a range of technical experts in software activity.

Person Specification

Qualifications:

• Recognised Information Security qualification (e.g. Security+ or CISSP) or equivalent knowledge.  Desirable

• Understanding of Information Security controls (e.g. CCNA Security, Palo Alto ACE, etc)

Knowledge, skills, and experience:

• Familiarity with governance and controls frameworks, such as COBIT, COSO, ITIL, ISO, CEP and NIST   Desirable

• Broad knowledge of IT, Information Security,

• Knowledge of Information Security operational controls.

• understanding of security best practice and relevant international standards.

Personal attributes:

• Strong interpersonal and communication skills, with the ability to communicate with non-technical staff over technical issues

• High levels of integrity and ability to work autonomously in a fast-paced environment and provide leadership to those around them.

• High level of attention to detail

• Excellent team player

• Operates in a structured and well organised manner

• Ability to take ownership and endurance to see tasks completed.

• A strong drive to continuously improve self around professional and personal development.

Please appy with CV, stating your earilest availability.