Scribd Logo
Upload

Welcome to Scribd!

  • Information Security Engineer JD

    Uploaded by

    Satish Kumar
    6 views3 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views3 pages

    Information Security Engineer JD

    Uploaded by

    Satish Kumar

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    JOB TITLE: Information Security Engineer

    JOB GRADE TBC

    REPORTS TO: Senior Manager – Information and Cyber Security

    DEPARTMENT Information Technology


    JOB PURPOSE AND OVERALL OBJECTIVE

    This role is part of the information security team within the IT department at Equiom. The successful
    candidate will be responsible in supporting the company in all aspects of information security,
    including policies, processes, controls and the execution of remediation activities, including (but not
    limited to); arranging external penetration testing/vulnerability scanning, physical security testing,
    social engineering testing, email phishing and ransomware testing, monitoring of systems, planning,
    reporting, risk mitigation and supporting compliance efforts for various regulations, standards and
    audits. Includes security testing and remediation of newly acquired businesses before and during
    integration.

    MAIN RESPONSIBILITIES AND DUTIES


    This list of duties is not exhaustive and may change from time to time according to business needs.

    ● Develop a thorough understanding of business, systems and processes in order to provide


    tailored Information and Cyber Security solutions and services minimising disruption while
    maximising impact.
    ● Work with trusted third parties to undertake regular and various levels of information and cyber
    security testing.
    ● Monitor and document exceptions to policy presented for approval to confirm risk statement and
    assess action plan to mitigate risk.
    ● Analyse, prioritise and remediate all systems and application vulnerabilities and patching to
    mitigate risk.
    ● Adhere to change management process.

    ● Ensure all implemented solutions are documented and knowledge shared appropriately.

    ● Participate in technology projects to identify Information Security weaknesses in proposed


    systems / applications and assist in development of appropriate solutions based on risk
    assessment.
    ● Support ISO27001 Certification, and ensure information security management system (ISMS) is
    meeting business needs.
    ● Proactively maintain and develop knowledge, skills and experience through external partners,
    industry sources, formalised training and development plan.

    September 2022
    ● Carry out scheduled security risk reviews of platforms and systems to ensure compliance with
    company policies and standards
    REPORTS

    ● None

    EXPERIENCE AND OR QUALIFICATIONS


    ESSENTIAL DESIRABLE

    ● Worked within Information Security, Risk ● Specialist knowledge in Information


    or IT related teams. Security risk assessment and controls
    management or penetration testing.
    ● Worked with a broad range of users -
    technical and non-technical. ● Knowledge of the legal and regulatory
    environment within which Financial
    ● Good knowledge of IT platforms,
    Organisations operate.
    equipment and applications.
    ● Relevant Information Security or technical
    ● Ability to present technical issues in easy
    qualifications (e.g. CISSP, CISSM, SSCP,
    to understand terms. CISA etc.) or willingness to work towards
    ● Demonstrable in-depth IT, Risk and one.
    Information Security knowledge and ● Specialist knowledge in Information
    experience. Security risk assessment and controls
    ● Working knowledge of social engineering, management.
    physical security, email phishing / fraud, ● Any Industry recognised qualifications or
    malware and data loss prevention. certifications would be an advantage.
    ● Solid knowledge / experience in the ● Experienced in ITIL best practices.
    following technologies.
    o Windows Server O/S ● Familiarity with standards such as
    o Windows Workstation O/S ISO27001.
    o Vulnerability scanning systems and
    the concept.
    ● Demonstrated capability for problem
    solving, decision making, sound judgment
    and assertiveness across multiple
    business units / functions.
    ● Excellent oral and written communication
    skills as well as excellent presentation
    skills.
    ● Working to tight deadlines.

    ● Willingness and ability to travel globally.


    PERSONAL ATTRIBUTES

    September 2022

    ● Good customer service / people skills.

    ● Strong organisational mindset,with a structured, methodical and pragmatic approach.

    ● Professional and positive.

    ● Effective communicator.

    ● Ability to cope under pressure.

    ● Excellent time management.

    ● Diligent with attention to detail.

    ● Works well as part of a team / collaborates well and able to work on own initiative.

    ● Self-motivated and self-sufficient.

    ● Desire to learn.

    ● Assertive, adaptable and creative.

    ● Commercially minded.

    ● A can do attitude and willingness to go the extra mile when required.

    ● Availability to travel and work in other offices, in different countries and jurisdictions.

    I confirm I have read and understood the contents of my job description.

    Signature: ________________________________ Date: ________________

    Line manager signature: ____________________________________________

    September 2022

    You might also like