A prestigious college located in the Borough of Bromley is seeking a Group IT Security Engineer to be part of their team on a permanent basis with flexible working.
ABOUT THE COMPANY
The organisation is one college with sites across South East London (Bromley, Bexley and Greenwich). Advancing education and skills across the region, they have a very bright future - which you can be part of. They are committed to delivering the highest quality skills development in London and the South East and work with over 500 employers to ensure the education and training they provide is exactly what the industry needs. Their community of students and tutors is diverse, friendly and caring. Their students are inspired to develop their strengths and achieve outstanding results with their support at every step.
ABOUT THE ROLE
This role will be reporting to the IT Services Manager and will play a critical role in identifying vulnerabilities, implementing security controls, monitoring system activity, and responding to security incidents across the Group. This role will be responsible for security testing of the organisation’s infrastructure, whether it be managing penetration tests, scanning for vulnerabilities across the entire estate or carrying out physical hardware checks. Provide regular summary and progress reports to the IT Director/IT Services Manager covering security and compliance related incidents, root cause/single point of failure analysis and appropriate recommendations. Additionally, this role will work closely with other members of the IT Services department to develop and deliver infrastructure/security improvements.
Key Responsibilities:
Design, implement, and maintain effective security systems, policies, and procedures to protect company resources.
Conduct regular security assessments and vulnerability scans to identify and address potential risks and weaknesses in their IT infrastructure.
Develop and implement effective security controls, policies, and procedures to protect their systems, networks, and data from unauthorized access, breaches, and cyber threats.
Monitor security systems, networks, and logs to detect and respond to security incidents, threats, and vulnerabilities in a timely manner.
Investigate security incidents, conduct forensic analysis, and provide recommendations for remediation and prevention.
Collaborate with IT teams to integrate security into the development and implementation of new systems, applications, and infrastructure.
Stay informed about the latest security technologies, trends, and threats, and provide recommendations for enhancing their security posture.
Conduct security awareness training and education programs for employees to promote a culture of security awareness and compliance.
Manage relationships with external vendors and partners to ensure the security of third-party systems and data.
Act as the main point of contact within IT Services for all cyber security operational matters, including incidents raised through service desk, senior management, service providers and threat intelligence tools.
Proactively provide security recommendations to the IT Director/IT Managers in order to minimise the threat of malicious attack.
Plan, direct and coordinate security activities to safeguard company assets, employees and guests on company property.
Plan and manage annual penetration tests across the entire estate to ensure the posture of the network, infrastructure and services remains robust.
Actively participate in disaster recovery and business continuity rehearsals.
General:
The particular duties and responsibilities may vary from time to time without changing the general character of the duties or the level of responsibility entailed. All Group employees are required to undertake the following general duties:
Carrying out such other duties as may be reasonably requested by the line manager, or any more senior manager
Compliance with health and safety policies and procedures and risk assessments
Sharing in the Group’s commitment to safeguarding and promoting the welfare of children, young people and vulnerable adults
Awareness of the Group’s Equality and Diversity Policy and targets, and actively promoting equality of opportunity
Ensuring adherence with Risk Management Policy
To work in accordance with the Data Protection Act and to ensure that all new systems are reported to the Data Protection Controller.
PERSON SPECIFICATION
Qualifications
Essential:
A degree or equivalent professional qualification
Desirable:
Accreditation in at least one of the following CISSP, CISM, CCNA or CCSP
Ethical Hacker accreditation
Lead Auditor accreditation
Knowledge and Experience
Essential:
At least 3 years’ experience working in a security/compliance role.
Ability to keep up-to-date with current security trends and emerging threats
Wide ranging exposure and management of Intrusion detection systems
Experience in information security roles with exposure to various technologies including (but not limited to) vulnerability management, firewalls, cloud-based solutions, switches and VMWare.
Deep experience of preventing/containing malware e.g. viruses, Trojan horses, ransomware, spyware, adware and other malicious programs.
Desirable:
Working knowledge of ISO27001 and PCI-DSS
Vast experience of carrying out full penetration tests
Skills and Competencies
Essential:
Excellent communication, presentation and report writing skills
Demonstrable experience of improving cyber security operational capability
Adept at explaining very complex technical issues and threats to non-technical managers.
Having the skills and experience to work effectively across multiple sites and with a blend of suppliers.
Acts as a liaison to all departments on security measures, procedures and their security needs.
Evidence of designing, developing and implementing compliance testing criteria and tools.
Other qualities
Essential:
Relies on experience and judgment to plan work schedule.
Deft at knowing which approach to use on a case-by-case basis
The ability to analyse, solve problems and implement technical solutions which are fit for purpose.
In order to support operational requirements, demonstrates a flexibility to work at multiple sites.
Strong written and verbal communication skills.
The College is committed to safeguarding and promoting the welfare of children and young people and expects all staff and volunteers to share this commitment
BENEFITS
Pension
Relocation
Flexible working
Annual leave of25 days rising to 30 daysin addition to bank and public holidays and a Christmas closure period
Learning and Development: Excellent Continuous Professional Development which includes access to in- house college courses
Death in service insurance
Free annual eye tests for eligible staff
Free staff car parking on main campus sites
Health and Wellbeing: Employee Assistance Programme
Travel season ticket loans
Cycle To Work Scheme / Bike loan scheme
Reward and recognition
Additional discounts