Ref: TY43398

<Contract> Security Systems Technical SME - Financial Services (TY43398)

職種 IT/通信/エンジニアリング
雇用形態 Full-time, Temp/Contract/Project
勤務地 ロンドン
給与(年収) £40,000 - 50,000 / Year
A UK financial services company that provides specialist investment banking services, expert insights and innovative solutions in global capital markets seeks someone for their current Security and IT Resilience Controls/ Policies and Procedures SME project.

This is a 1 year contract from Sep 2020 – Mar 2021
The company is organised into two divisions: the Securities Product Group and Derivatives Product Group. They offer services such as customer facilitation, broking and trading in primary and secondary debt and equity securities and an extensive range of over-the-counter derivatives contracts. They also have a corporate advisory group.

Project Background

In a letter dated 27 February 2020 the FCA provided feedback to the company on their Technology Resilience and Cyber Security Review. The company has initiated a TRC project to address the findings raised by the FCA. Whilst the TRC project is aligned to Project Unity it is focused on specific actions to address the FCA findings.

The TRC project has four workstreams, namely:

1. Company-wide Integration
2. Information Security and Cyber
3. IT Governance and Strategy / Change Management
4. Assurance, Risk Management and Quality

The high-level tasks for Workstream 2 have been defined as:

• 1.3 Set up over-arching Cyber Security and Controls Team
• 1.8 Set up superior vulnerability scanning
• 2.1 Review current managed service providing the company with a 24/7 SOC – with the aim to replace this with the company SOC
• 2.2 To implement a framework to enable cover to be provided by its employees. It is intended that this “out of hours” provision will be in place within 6 months
• 2.3 Conduct internal / external Pen test
• 2.4 Perform a CBEST threat led penetration test
A key principle for the TRC Project is to review and benchmark the existing IT controls against those in place and augment or adopt as required. These controls may include policies and procedures, security tools and security


Project Role

• Act as technical lead providing security technical expertise, input and support for the delivery of Worksteam 2 – Information Security and Cyber.
• The role requires strong cross-team, cross organisation and cross-region collaboration. Bank Security Systems are deployed across EMEA and North America. The role requires a strong and broad technical skillset, exemplary communication skills, project management discipline and the capacity to fluidly and efficiently balance the requirements of both the Bank and company

Accountabilities & Responsibilities
• Investigate options for “out of hours” cover by company employees – with a focus on provision of SOC support
• Assist with the review of scope and adequacy of current managed service providing company with a 24x7 SOC including service levels and quality
• Identify, size and cost technical and operational requirements, and target service levels, and effort associated with the transfer and onboarding of security services for company from current MSP into SOC (West)
• Act as technical lead for the identification, assessment and sizing of opportunities for alignment of security control toolsets / solutions between Company and affiliates. Support the subsequent implementation of selected solutions.
• Assess performance and suitability of scanning tools deployed including a comparison review of functionality for reporting and tracking remediations versus the in-house tool
• Review company vulnerability scanning and penetration testing regime and recommend enhancements if required.
• Scope and manage internal / external penetration test (s) as required.

Ideal candidate

• Knowledge of Networking, Network Security and advanced Security methods.
• Knowledge and experience for the administration of Identity Management systems.
• Experience managing Network Security controls such as Firewalls, SIEM, NAC, IDS/IPS and Layer 7 filtering.
• The ability to operate with both RedHat Linux and Windows operating systems.
• Stakeholder engagement and influencing skills.
• Excellent inter-personal communication skills, able to liaise with all levels of the business across all regions including key stakeholders and senior management.
• Experience of creating and delivering presentations and concise writing skills to produce clear documentation (policy, reports).
• Project Management skills
• Security Product Assessment and Implementation
• Outsourcing, and Vendor Management

Qualifications
• CISM / CISSP preferred
• Firewall & other specific security systems as appropriate
更新日: 60 days ago
Ref: TY43398