The right candidate will have a proven track record in responding to incidents, monitoring information security events, security requirements gathering, contribute to high level secure architecture design, and documentation.

A broad skill set is required across information security, audit, security assessments and testing, network and server infrastructure and experience of common web technologies.

Familiarity with PCI DSS/Data Protection compliance requirements would be an advantage for the role.

Key responsibilities:

• Monitoring security information and fulfil the proactive and reactive technical response
• 24x7 management of mission critical infrastructure including incident, investigation, remediation and change
• Support the operation of hardware and software components in the test and production environments, working with the developers both internally and with 3rd parties as necessary to resolve problems
• Ensure that all pertinent sources of security vulnerabilities are monitored and that relevant issues are prioritised, remediation’s are tested and issues are resolved in a timely manner
• Ensure that the infrastructure components are maintained with up to date and secure versions of firmware and software in accordance with policy
• Perform infrastructure administration duties to the operating system, hardware components and network devices as required
• Provide privacy & security advice and support to all areas of the business
• Assess, perform and co-ordinate security vulnerability scans and penetration tests both internally and by 3rd parties
• Work closely and collaboratively with DevOps, service operations and external suppliers to provide efficient resolution of issues
• Extend and deepen the security monitoring capability across the estate, and help to expose pertinent information directly to service operations
• Drive improvement to application architecture with enterprise architecture and application design teams, and ensure that proactive action is taken to ensure sustainable availability, capacity, security and performance
• Participate in communicating, coordinating and provide privacy and security advice during normal business operations and during information security incidents
• Evaluate technical solutions for specific privacy & security requirements, and be able to recommend robust solutions
• Engage with 3rd parties and other teams to leverage solutions that are available, and be able to determine risks and opportunities
• Produce and maintain high quality policy and process documentation, including material to be used by the operational teams, non-technical staff across all areas of the business
• Work with multiple stakeholders and interested parties to communicate privacy & security plans, and gain input into the design and delivery process
• Be able to deliver high quality processes & technical solutions on a wide range of technologies and business processes in a hands-on manner and in a timely fashion.
• Provide oversight and governance, ensuring that any changes to existing production platforms are captured in the change management system and released at a time appropriate to the risk involved (which may be out of hours)
• Fulfil the requirements for administration such as timesheet submissions