Information Security Officer
Location - Oxfordshire (Remote First)
Rate - £650 per day (Inside IR35)
The Information security officer will work in the security team to help safeguard our businesses infrastructure and data systems.
The Information security officer will combine their knowledge of the security landscape and the tools which are used to monitor and mitigate against cyber threats, to provide insight and assurance of the business's security risks. They will have responsibility of managing Security Operations which includes a small team and ongoing contracts with third parties.
*Responsible for the analysis and reporting on a wide variety of security data to provide situational awareness and trends in behaviours. Data sources include access logs, DNS data, intrusion detection systems and syslogs.
*Responsible for assessments of security issues and making decisions on operational matters
*Responsible for conducting security risk assessments on a wide variety of topics including IT systems and architecture, development processes and IT operations.
*Provide guidance and recommendations on principles of security architecture such as Cloud, access control and end device management
*Deputise for the CISO when required such as responding to audits, legal and compliance requirements, or project sign-off.
*Incident response to vulnerabilities found or active security incidents.
*Identify and research future security initiatives to protect the business and its customers.
*Communication of security issues, describing technical and non-technical findings in a way to suit your audience
*Become an authority and expert on all aspects of Cyber Security
The ideal candidate would have a real interest and enthusiasm of information security. The new role covers broad aspects of security, and the candidate has the opportunity to help shape future security operations. He/she would bring fresh and exciting ideas to the role and have a very inquisitive and analytical mind. He/she would have the ability to work as part of a team as well as being strongly self-motivated.
*Experience leading an operational security team
*Experience of analysing data such as system logs, firewall logs, Intrusion detection systems and access logs. Experience of using a SIEM is desirable but not essential
*Understanding of network protocols and experience in analysis tools such as Wireshark
*An ability to analyse complex data, make informed decisions and communicate effectively to the relevant audience
*Understanding of security processes including vulnerability management, cyber threat monitoring and risk management processes
*Security qualification such as CISMP, CISSP, CISM or degree in a computing-related or other numerate subject such as Computer Science, IT, Physics or Maths. Qualifications can be replaced by good quality experience in the workplace.
*A strong interest and enthusiasm in information security and emerging threats