Security Engineer (Bespoke Solutions)
Key accountabilities and decision ownership:
- Scope products and solutions and carry out technical security assessments of the various components in complex, critical and diversified information systems.
- Review the effectiveness of privacy and security controls, and propose improvements.
- Assess security controls using ISO27001 control framework and map requirements/observation into other security frameworks.
- Work with colleagues, third parties and/or contractors across various assurance activities including privacy assessments, security assessments and remediation.
- Deliver detailed security and privacy assessment reports to record levels of compliance and record findings in central repositories and progress towards compliance.
Undertake ad-hoc security and privacy admin tasks that form part of the role.
Core competencies, knowledge and experience:
- Strong expertise in assessment and implementation of technical security standards, policies and controls to ensure security through the product lifecycle.
- Strong Technical Security background in IT and networks ideally in architectural, consultancy or assurance role
- Broad knowledge of privacy legislation (GDPR)
- Excellent written and oral communication skills
- Excellent stakeholder engagement, interpersonal and communication skills.
- Able to translate technical risk into business context and pitch and articulate security advice to senior stakeholders.
Must have technical / professional qualifications:
- Relevant professional qualifications such as CCNA, CISSP, CISM, CRISC, CISA, NCSC CCP (IISP), ISO27001 Lead Auditor
- Demonstrable assessment / assurance or architectural industry expertise in cybersecurity
- Practical experience and knowledge of applying OWASP, ISO27001:2013, CSA cloud controls framework, NIST or ISF
GDPR qualification or strong working knowledge