Birmingham, West Midlands
£46 - £45000.00 per annum
about 2 months ago
In order to help mature the capability within the IT function, an IT Security Engineer is required who can ensure that the IT security environment meets the needs of the business and external regulation (e.g. GDPR, PCI DSS, NIST CFS etc.).
MAIN PURPOSE & GOALS
The key goal of this role is to ensure that the Group maintains an appropriately secure environment (from an IT Security perspective) -
- Ensuring that the Group has appropriate IT Security policies, processes and technologies in place to provide adequate, measurable levels of protection; aligned to regulatory standards (e.g. GDPR, PCI DSS, NIST CFS etc.).
- Maintaining an appropriate focus on identifying, mitigating, resolving and reporting on IT Security related risks as part of the Group's risk management framework.
- Work with the IT Engineer and Business resources in -
- The resolution of any IT Security related incidents.
- The implementation of any IT Security related project activities.
- With direction from the Lead IT Security Engineer, ensure that IT Security activities are progressed as required.
- To assist with the IT security and auditing processes throughout the group, including (but not
limited to) PCI and IT Security audits; producing reports on the findings to the Information Security governance group (to be defined), the Infrastructure & Security Services Manager and the IT Director.
- To support the resolution of any IT Security related incidents, working within the stated Service Level Agreements.
- To deliver any IT Security related project milestones to time, cost and quality.
- To assist with the mitigation and resolution of any risks or issues discovered during the IT Security audit processes.
- Ensure that IT Security is considered at the Initiation and Design stages of any major project.
- To support the IT function's role in any business wide Information Security related processes.
- Working with other business stakeholders in the Information Security governance group (e.g. Head of Legal / CISO etc.) to help increase awareness across the Group on Information Security related matters.