Cyber Security Specialist - London, United Kingdom - Careers In Group

Careers In Group

Verified Company

London, United Kingdom

2 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

An exciting opportunity has arisen for a Cyber Security Specialist to join the London Borough of Tower Hamlets.

You will be responsible for aligning the council's cyber security strategy with the NCSC principles and leading on the various legal, regulatory and statutory security compliance mandates.

You will research, interpret, disseminate and implement best practice in cyber defence and network security including ISO27001, NCSC (the National Centre for Cyber Security) guidance and Public Services Network instructions.

You will verify and audit compliance with Council policy, relevant codes of practice and appropriate legislation including the Data Protection Act in all matters relating to network security

You will be responsible for providing expert domain support for incidents and investigations into breaches of Council policy, relevant codes of practice and appropriate legislation, liaising with the relevant authorities and monitoring our platforms forinformation risk issues.

As the Cyber Security Specialist you will be responsible for:

To research, review, investigate, develop and implement new technologies to maintain and enhance the technical security of the Council's network
To engage with suppliers, advisers and regulators to review, upgrade and enhance the security of the Council's network; ensuring compliance with mandatory codes of connection.
To advise the ICT Architect, Business Architects, Solutions Architects and the Technical Design Authority on security architecture, network security, reviewing the network security implications of technical designs and implementations.
To implement and maintain the daily operation and implementation of cyber security across the Council's networks.
To monitor, verify and audit compliance with best practice in network security including ISO27001, NCSC guidance and Public Services Network instructions on the Council's network.
To ensure the technical protection and security of data and technology assets.
Define and write the policy for 3rd party connections standards to the council systems. Review and augment the policy regularly.
To use and be responsible for the security event management systems, intrusion prevention systems, vulnerability scanning tools and end point security systems.
To demonstrate compliance to the internal audit and external regulators, leading on relevant audits and technical aspects LBTH JD and PS Template May 2021 of the Council's PSN compliance, NHS Information Governance Toolkit and Payment Card Industry submissions.
To work closely with programme and project managers advising on projects that have technical security risks.
To provide expert domain knowledge for dealing with security incidents, trigger investigations and provide reports to the Head of Information Security.
To have an exceptional level of discretion and confidentiality to undertake investigations involving cases of highly sensitive, confidential material which may be damaging to the reputation of the council, citizens or employees.
To support and encourage staff to be creative, flexible and committed to providing solutions to the needs of the business and to relate to their customers in a clear, friendly and prompt manner.
To occasionally supervise apprentices, trainees, staff undertaking job shadowing, secondments and other forms of work experience.

Key skills, behaviours, and experience

Knowledge:

Technologies used to protect and secure data within a corporate environment including a SIEM
Technologies used for vulnerability management, particularly the Nessus software
Ability to work in a high pressure environment and make sound decisions in emergency situations while empathising with customers and responding sympathetically to circumstances
Ability to understand, assimilate, create and maintain effective documentation detailing precise, complex technical and operational information to a variety of audiences
Knowledge of and proven ability to work to standards including ITIL, Prince 2, ISO 27001, and other legal and regulatory frameworks relevant to the role
Good knowledge of legislative and regulatory compliances an organization must meet such as Public Services Network (PSN), Payment Card Industry (PCI
DSS), General Data Protection Regulation (GDPR), etc.
Considerable knowledge of major technology trends and technology stacks/areas critical to the Council, clear proficiency in discussing and conversing about technology in logical and intelligible terms with both business and key technology stakeholders.

Qualifications and experience

Significant experience in the operation at least two security vendor's software, hardware or services or holding a relevant and current professional ICT security qualification.
Extensive experience of working as part of a multidisciplinary ICT team in a large ITIL aligned organisation in a regulated industry.
Knowledgeable and experienced in the risk management process. Able to produce risk assessments, reports, escalate and take actions to remediate risk. Track Cyber security risks on a risk register and record corrective and preventive actions.
Substantial experience in communicating effectively through writing and orally for diverse audiences.
To work with internal and external auditors and to devise plans to address compliance issues detected by audits or vulnerability scans and communicating them and taking action to address deficiencies
Review technical proposals for new systems or changes to ensure they are compliant with security policy and do not expose the organization to an elevated level of risk.
To improve the cyber security framework based on changes in business requirements, legal or regulatory compliance, technology, processes, people, threats and incidentsStrong problem solving and decision making skills; ability to craft innovative and positivesolutions to complex and wide r