I am a Job Seeker looking for work

Overview

Our leading Douglas-based Finance Sector Client is expanding its Finance Team as they progress an ambitious transformation programme. As they evolve the technology organisation, they require an experienced Security Engineer.

Note - this role is based on the Isle of Man, so requires candidates to either be based on the island currently or be open to relocation.

Reporting to the Head of IT Security, the Security Engineer will assist with the translation of the company's Information Security policies and standards into practical operational procedures. You will work as part of the IT Security Team in areas including the design, implementation and maintenance of robust security measures across network and cloud environments, ensuring protection against potential threats, adherence to industry standards, and proactive incident response. This will include providing security consultancy services to the Change Team.

In this role you will

• Ensure continual alignment of Information Security Policies with industry standards, regulatory requirements, and evolving cyber threats
• Develop and communicate an effective strategy for the implementation of Information Security Policies across all departments and systems within the organisation
• Establish mechanisms to regularly monitor and, measure compliance with Information Security Policies, addressing non-compliance issues
• Maintain updated documentation, providing easy access to policies, guidelines, and procedures for all staff members
• Establish a robust mechanism to ensure alignment with relevant Information Security Frameworks (e.g., ISO 27000 series, NIST, etc.), mapping organisational policies and practices to the framework's requirements
• Conduct periodic internal assessments to evaluate adherence to Information Security Frameworks and compliance standards, driving continuous improvement and implement corrective actions based on assessment findings
• Stay updated with industry trends, best practices, regulatory standards and amendments in Information Security Frameworks
• Develop strategic plans outlining security objectives and domain roadmaps for network and Cloud environments aligned with organisational goals
• Develop and implement security focused Architecture Building Blocks (ABBs) and Solution Building Blocks (SBBs) in collaboration with the Architecture team
• Ensure adherence to industry best practices, regulatory standards, and internal security policies across network and Cloud environments
• Develop and implement incident response plans specific to network and Cloud security incidents, outlining clear protocols for detection, containment, and recovery
• Identify and establish partnerships with external security entities, including vendors, consultants, industry groups, or security forums
• Regularly assess the performance and alignment of external security partners with organisational security objectives
• Establish channels for continuous intelligence gathering from external partners regarding emerging threats, vulnerabilities, and best practices
• Foster an environment of knowledge sharing and cooperation to leverage expertise from external entities
• Develop a comprehensive framework for assessing the security posture of Material IT Suppliers, outlining assessment criteria, methodologies, and evaluation metrics
• Working with the Head of IT Service, establish mechanisms to verify and validate the compliance of material IT suppliers with agreed-upon security standards, contractual obligations, and regulatory requirements
• Conduct thorough assessments to identify security risks associated with material IT suppliers, considering factors like data handling, access controls, and compliance
• Implement tools or systems for continuous monitoring of security practices and performance of material IT suppliers
• Develop a standardised framework for conducting comprehensive risk assessments across the organisation's systems, applications, and infrastructure
• Conduct periodic risk assessments to identify, analyse, and prioritise potential risks and threats to the organisation's assets and operations
• Develop and implement risk mitigation strategies based on the findings from risk assessments, vulnerability testing, and penetration testing reports
• Organise and oversee regular vulnerability assessments and penetration testing activities to identify weaknesses and potential entry points for cyber threats
• Develop and maintain incident response plans aligned with identified risks and potential threats

The ideal candidate for the role of Security Engineer will have:

• Hold a degree in Computer Science, Information Security, or related field (or equivalent experience)
• Advanced certifications (or working towards such a certification) such as CISSP, CISM, or equivalent are preferred
• 5+ years in network and / or Cloud security roles, demonstrating progressive responsibility
• Proven experience in designing and implementing security solutions in network and Cloud environments
• Extensive experience in IT security, with a focus on Security Operations, Access Management, and Policy Development
• Strong knowledge of security frameworks, such as NIST and ISO27000 series
• Up-to-date knowledge of emerging security threats, trends, and technologies
• Expertise in network security protocols, cloud security solutions (Azure/AWS/GCP), firewalls, intrusion detection systems, VPNs
• Proficient in vulnerability assessment tools, incident response frameworks, and risk management methodologies
• Analytical mindset and problem-solving abilities to assess security risks and propose appropriate mitigation strategies
• A basic understanding for compliance and risk management