Senior Specialist in Information Security Governance, Risk & Compliance at Cellulant, driving information security, privacy, and compliance standards within BFSI context.
About the role
- Information Assurance Technical Security Specialist providing security advice at Thales UK. Ensuring compliance and security assurance across IS environments for public and private sector.
Responsibilities
- Support Thales UK in ensuring all IS/IT technical security measures are implemented, enhanced and developed where necessary, to ensure successful and timely security assurance via on-going through-life continual assurance and compliance programmes.
- Provide a central PoC for all IS/IT technical security matters and concerns, supporting delivery teams and businesses throughout project lifecycles.
- Conduct security reviews of internal/ externally connected platform related changes ensuring Security risks, impacts and mitigations are managed appropriately.
- Provide security guidance around the secure deployment and usage of Thales adopted public cloud infrastructure and/or SaaS services (e.g., Azure) in compliance with government security guidelines, Thales’s policy and industry accepted “good practices” for security.
- Ensure Thales on-premises and cloud environments comply with government policies, such as Cyber Essentials, DefStan 05-138, UK GDPR, NCSC guidelines and other applicable contractual and regulatory frameworks.
- Creation, Maintenance and Review of all IS/IT technical security documentation, policy and procedures associated with Thales’ IS/IT networks, systems and applications, as per Customer (primarily HMG UK MOD) and Thales Group policy and mandatory requirements.
- Be responsible for the reporting, investigation and analysis of security incidents and potential breaches within classified environments, working with the Thales UK Incident management team to ensure identified issues are resolved quickly.
- Develop security requirements, epics and stories, along with guidance & governance to squads to ensure data protection and data security are included in the scope of new and existing IS/IT Squad activities, initiatives and projects.
- Able to work collaboratively with other team members to ensure proposed solutions provide the required level of security assurance in line with data processing requirements, as well as Thales and customer risk appetites.
- Responsibility for developing and coordinating the implementation of formal and regular technical risk and compliance assessments of Thales’ IS environments, recommending remedial action where required.
- Provide assurance and ensure successful and secure delivery of all Code of Connections (CoCos), associated cryptographic products, key material and required documentation.
- Engage in continuous learning and development both for yourself as well as supporting less experienced Thales UK staff in their development.
Requirements
- Demonstrable experience of applying security principles within an agile delivery framework.
- Evidential experience as subject matter expert in the evaluation and implementation of technical security products and solutions for Public or Private sector organisations.
- Evidential experience in the identification, assessment and management of technical security risks, developing risk mitigation strategies, and tracking residual risk throughout the risk lifecycle.
- Demonstrable experience of managing assurance and/or compliance activities associated with a defined security standard (ISO 27001, Def-Stan 05-138, NIST SP 800-*, NIST CSF).
- Experience developing security assurance frameworks and governance models.
- Experience in performing formal risk assessments and production of security reporting artefacts within both on-premises and cloud-based environments.
- Evidential experience as subject matter expert in the evaluation and implementation of technical security products for MS Office 365, Azure cloud based Public or Private sector organisations.
- Able to effectively communicate highly technical security concepts, implementations, and issues, both verbally and in writing to management, clients and staff at all levels.
- Able to interpret detailed system design documentation, identifying potential security risks and recommend mitigations containing levels of security appropriate to the associated risk levels.
- Able to interpret security standards and derive solution specific security requirements from these and assess solutions against these standards for compliance for both new and changes to existing systems/applications.
- Able to provide analytical advice on the security implications of new and existing systems and for all proposed changes to said systems.
- Ability to provide technical security advice to business areas when required and to provide technical security input to the security risk registers.
- Demonstrable understanding of security across the full stack of information systems, (network, infrastructure and applications) both on-premises and cloud-hosted (MS Azure, Oracle, AWS; PaaS, IaaS and SaaS).
- Ensure compliance with MOD/UK Government security governance frameworks.
- Ensure that the activities embody a compliancy approach such that Security Architecture and Services manage risk, maximising business value with appropriate security.
- In-depth experience of technical security issues and remediation activities across a range of system and application platforms, including cloud-based and on-premises.
- Working knowledge of UK Government and MOD security standards for defence suppliers (such as Def Stan 05-138 v4, DEFCON, NCSC cloud security principles) is required.
- Info. Security Qualification: MSc (InfoSec)/CISSP/CISM or similar certifications.
- This role will require SC Clearance. It would be advantageous if currently held, however, if not currently held, it is a requirement that the successful applicant will undergo, achieve, and maintain SC Clearance.
Benefits
- Performance Related Bonus
- Half day every Friday, usually finishing around 13:00pm
- Hybrid Working
- Pension Scheme
- 28 days annual leave (Plus Bank Holidays)
- Life Cover
- 24/7 Employee Assistance Program and access to mental wellbeing app
- Employee discount shopping schemes on major brands and retailers
- Gym membership discounts
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Cloud Security & Application Security Engineer at Cellulant enhancing security across cloud - native platforms and applications. Working in a hybrid role to support a leading payment service provider in Africa.
IT Audit Consultant joining Baker Tilly to manage technology risks for clients, offering strategic advice and audit support. Engaging with client executives to ensure compliance and operational efficacy.
Senior Health and Safety Advisor overseeing health and safety on construction projects for Aecon. Ensuring compliance with SST legislation and promoting zero accident culture.
Senior Information Security Specialist executing Daikin Europe’s Information Security strategy. Collaborating with leadership to ensure our systems and services remain secure and compliant with regulations.
Experienced Information Security Officer at Daikin responsible for defining Information Security strategy and ensuring compliance with regulatory frameworks. Collaborating with external specialists and mentoring junior team members in EMEA.
Security Specialist ensuring the protection of company and government assets. Conducting daily security functions and providing technical support while maintaining compliance with regulations.
Industrial Security Specialist conducting daily security functions and providing technical support within Booz Allen. Focused on protecting company and government assets while handling classified materials.
Cyber Security Architect at Booz Allen supporting program management of cybersecurity tools suite and Zero Trust Architecture roadmap. Lead technical efforts in modern security practices and team collaboration.
Information System Security Officer ensuring security controls and risk mitigation in Aerospace. Collaborating with teams to assess threat landscapes and guide clients with actionable plans.