Senior Information Security Officer: Cloud Security - London, United Kingdom - Careers In Group

Careers In Group
Careers In Group
Verified Company
London, United Kingdom

2 weeks ago

Tom O´Connor

Posted by:

Tom O´Connor

beBee Recruiter
Description
Are you an experienced Senior Security Operations analyst/officer, who has worked extensively in a Microsoft security focussed environment?

Are you now looking to further your skills by developing a cloud security specialism?


If so, this is fantastic opportunity to join and further develop a best of breed Info Sec function within an exemplar organisation - a public sector body that holds the government to account.


The Senior Information Security Officer:
Cloud Security will be responsible for the following:

Cloud Security Assurance

  • Using your knowledge of Microsoft's Azure and Defender capabilities discover, validate and drive treatment of security threats, risks, vulnerabilities, and configuration gaps that may exist across the organisation's cloud services.
  • Define, refine, and deliver cloud security controls, empowering the organisation in its
  • Develop and maintain a schedule for the ongoing assessment of cloud security
- controls, seeking opportunities to leverage automation to enable a continuous
- assurance culture.

  • Support the ongoing assurance of suppliers and cloud service provider (CSPs), advising on cloud specific regulatory risks or regulatory requirements relating to cloud
- assurance.

  • Advise on and support the implementation of effective and pragmatic security controls
  • Alongside the Senior SecOps Officer, deliver a protect, detect, and respond role, investigating and responding to alerts and supporting the usual activities of a SecOps function.
  • Support the implementation and use of Microsoft Sentinel within the SecOps function.
  • Risk Management
  • Proactively identify, evaluate, and assess threats and risks that may impact the organisation's ability to deliver on its vision and strategy.

Management Systems

  • Support the ongoing retention of the organisation's information security certifications.
  • Lead on the development of standards ensuring that appropriate monitoring, prevent,
  • CASB, DLP and compliance controls are applied.
  • Support the wider business in the delivery of secure, strategic business changes and
- technical projects.

  • Deliver and maintain documentation and procedures to ensure effective, ongoing
- management of the ISMS.

  • Evangelise information security, as an SME

Continuous Improvement

  • Maintain awareness of security industry best practice to drive continuous improvement within the organisation.
  • Identify, develop, implement, and continuously improve appropriate and proportionate cloud security controls in response to an evolving threat landscape.
  • Provide technical expertise in support of internal security designs, projects, and activities.
  • Work in collaboration with the wider Information Security and Digital Services teams in the continuous improvement of cloud controls, policies, and standards; as part of our ISO27001 certified Information Security.

Stakeholder Engagement

  • Collaborate with and build relationships with key stakeholder groups, such as Information Security and Digital Services.
  • Build strong relationships with stakeholder groups outside of the team to establish a strong understanding of the organisation and its needs.

Key skills/competencies required:


Essential

  • Demonstrable, technical background working in an information security or cyber security role within a fast paced and dynamic environment.
  • Demonstrable handson experience contributing to the delivery of and continuous improvement of cloud security controls.
  • Demonstrable experience working with cloud security technologies across IaaS, PaaS, SaaS, or hybrid cloud environments.
  • Must hold, or be able to achieve within six months, a relevant industry certification, such as CISSP, CCSP, CISM, CISA or similar.
  • Strong background in the identification, evaluation and assessment of cloud security threats and risks; and providing recommendations on appropriate and proportionate mitigations.
  • SC Security Clearance, or able to achieve SC clearance
  • Strong experience with two or more of the following toolsets:
  • Identity & Access Management platforms (such as Azure Active Directory)
  • Threat Protection tools (such as Defender ATP, Office 365 ATP, and Cloud App Security)
  • Security Incident & Event Management (SIEM) platforms (such as Azure Sentinel)
  • Compliance and Privacy (Microsoft Purview)

Benefits
Flexible, hybrid working: 2 days a week in London office

30% employer pension contribution

Take your bank holidays whenever you want

Support in training and career development


Nationality Requirements:

  • UK nationals
- nationals of Commonwealth countries who have the right to work in the UK
- nationals from the EU, EEA or Switzerland with (or eligible for) status under the European Union Settlement Scheme (EUSS)
More jobs from Careers In Group
See all jobs of Careers In Group