A global investment management company located in the City of London is looking for an Information Security Manager to join their Security Team on a permanent basis. As a Cloud Security and Risk Lead, you’ll have the opportunity to lead technical resources to ensure that technical security risks are appropriately treated, pragmatism is used in defining cloud security standards and patterns and the right balance is achieved in ensuring the stability whilst migrating Important Business Services onto strategic secure platforms. Throughout the Enterprise Security and Privacy team, you will work closely with technical security subject matter experts to ensure that necessary security controls are implemented to maintain the risk appetite position.
Responsibilities:
Ensure the security of the environments that host business application platforms, as well as networks that connect and access them.
Contribute to the development of architecture blueprints and system designs by conducting research, reviewing, and collaborating.
Aid in the automation of security at every stage of the delivery process by advising and guiding on the continued integration with strategic Enterprise Security capabilities.
Assist in the integration of security requirements into cloud environments by designing and configuring necessary security controls.
Ensure that security is fully integrated into all project and ad-hoc deployments or is clearly managed through risk management .
Implement cutting edge security controls across both on-premise and cloud environments with the goal of leveraging new functionality and informing architectural design.
Ensure the Enterprise Security department and the company have a trusted escalation route for infrastructure security issues.
Requirements:
An extensive background in IT/Cyber Security roles, ideally within regulated environments.
Experience in securing cloud / cloud hybrid services (including IaaS, PaaS and SaaS variances) as well as mobile security models.
An understanding of the regulations and legislation that apply to a pension and investment organisation.
A good understanding of Azure security is essential
An excellent grasp of the security of applications, infrastructure and networks. The ability to perform detailed, demonstrable engineering tasks in the security technologies that must be adopted for safeguarding an enterprise shall include at least two of the following components:
Cyber / Web Security (Firewalls, DoS, Proxies, CDN / WAF, API Gateways etc.)
Threat & Incident Management (SOC, SIEM, SOAR, Threat Intelligence, etc)
Penetration Testing methodologies and toolsets
Data Security (DLP, DRM, etc)
IDAM (FIAM, SSO, etc). Experience of Azure AD would be advantageous
Mobile Security (EMM, MAM, MDM etc)
Cryptography (including HSM, Key Management, and PKI)
Desktop / Server / Virtualisation Security (XDR, vulnerability and patch management, malware protection, configuration management, etc)
Cloud Security (NSGs, CA, AIP, ARM, Key Vaults, etc)
Security Architecture/Design (analysis, design, strong protocol knowledge, communication skills, etc)
Detailed working knowledge of infrastructure security requirements and good understanding of recognised information security management and governance frameworks (ISF (Information Security Forum) SOGP (Standards of Good Practice), NIST 800-53 & CSF, CIS 7.1 and OWASP Top 10)
A recognised information security qualification (CISSP, CISM etc.). The following qualifications, or associated experience, are also desirable:
Microsoft Certified: Azure Security Engineer Associate
Microsoft 365 Certified: Security Administrator Associate
Microsoft Certified: Identity and Access Administrator Associate
Microsoft Certified: Information Protection Administrator Associate
Microsoft Certified: Security Operations Analyst Associate
Certificate Cloud Security Knowledge (CCSK)
Good understanding of Agile Project Management approaches including Scrum and Kanban.
Good understanding of Azure DevOps would be advantageous