Company : Spot On Connections
Job Location : London, England, GB
Posted on : 2020-11-23
Job Description :
Our Information Security Engineer works across teams to ensure that both security and compliance are maintained at all times, protecting our business and customer data.
They also engage with third parties to perform security assessments and audits.
This role forms part of our Information Security Team, which is responsible for the continuous maintenance and improvement of overall security posture, technology risk management and regulatory compliance ResponsibilitiesAssist in the design and implementation of the company information security frameworkContinuously monitor and analyze security alerts, audit logs and reportsConduct and coordinate penetration testing exercises and vulnerability assessments internally and with external testersPerform regular auditing and investigations to identify potential or confirmed security incidentsReport and follow up on incidents with team members and escalate with management where necessaryRecommend mitigations and counteractions to risks, vulnerabilities and threatsVet new applications and modifications with production owners and developers to identify possible risksDrive, investigate, procure and eventually deploy operating and monitoring tools to enhance information securityDocument and review policies and procedures including change, incident, patch and configuration managementCoordinate, document and participate in the development of the business disaster recovery and business continuity plansAssist with the ongoing maintenance of regulatory requirementsManage the security awareness training programme for employees while continuously providing security knowledge and tips to teams across our companyMonitor the effectiveness of information security processes and controlsEngage in the security community and keep abreast of information security incidentsPerform other security-related duties as necessary RequirementsDegree in Computer Science, Information Systems or other IT related area3+ years experience in a similar roleExperience working with and extensive knowledge of laws and regulations such as PCI DSS, EU Data Protection (GDPR) and the Revised Directive on Payments Services (PSD2) Knowledge of operating system fundamentals (Windows, Linux), security technologies (firewalls, IDS/IPS, etc.
) and associated security risksDeep understanding of common coding security vulnerabilitiesAbility to quickly adapt to changing environment and to work on own initiative with minimal supervisionInformation Security Certifications (such as Security+, Ethical Hacking, CISA, CISM, CRISC) are considered an asset