- Location: Caerphilly
- Salary: £30,000 - £33,000
Link Financial Outsourcing is one of Europe’s most trusted providers of outsourced loan management and standby servicing solutions and is home to a wide range of financial services working with many of the UK High Street Banks and Credit Card providers. We are one of the leading names in our industry and we are continuing to grow.
We are looking for a forward-thinking individual with a strong work ethic to provide IT infrastructure security assurance to the senior IT team, keeping the organisation’s proprietary and sensitive information secure whilst identifying and correcting flaws and recommending specific measures that can improve the overall security posture of the company.
The successful candidate with be an effective communicator with excellent time management and problem solving abilities to monitor and identify security threats both internally and externally, whilst performing analysis on those threats and having the analytical mindset to keep emerging threats and attacks at bay.
What we’re offering
- Competitive Salary and participation in annual discretionary bonus scheme
- 24 days annual leave per year
- Pension scheme
- On-going career development
- Detailed and supportive training package
- Excellent work life balance
- Regular social events
- Family oriented ethos
All aspects of IT security, including, but not limited to:
- Creation, management and enforcement of policies
- Ensuring compliance mandates are met (ISO27001)
- Process (Monitoring, Alerting, Escalation, Investigation, Logging, Compliance, Reporting)
- Technology (Suitable tools to adapt to (a) Environments (on-prem, cloud, hybrid), (b) Threats (malware, phishing, forensics, insider, etc.), (c) Protection (at perimeter, network, endpoint, application, data levels))
- Performing regular emerging threat analysis and reporting the outcomes to the Group Infrastructure Director and Infrastructure & Security Manager.
- Monthly Reporting of risks and security posture, that enable evaluation of the efficiency of security policies in place
- Monitor the computer networks/systems for security issues using various tools and methodologies.
- Develop company-wide best practices for both physical and digital information and IT security and assist in the communication and promotion of these practices throughout the business.
- Perform Business Impact and Threat risk analysis throughout all stages of new projects and perform security testing/assurance on completing projects.
- Assist with the creation, implementation and enforcement of Corporate IT Security Policies and Procedures.
- Perform regular security testing, vulnerability analysis and fix detected vulnerabilities to maintain a high-security standard across all business areas.
- Participate in Corporate Information Security, Risk Management and Audit activities.
- Participate in the update, maintenance and testing of Disaster Recovery and Business Continuity processes.
- Research of new security technologies/enhancements and make recommendations to the Group Infrastructure Director and the Infrastructure Security Manager.
- Determine the relevant legislative and legal requirements applicable to the business and industry and with regards to information security and ensure compliance from a technology perspective.
- Travel to the various business sites occasionally will be necessary to perform security audits and testing.
- Integrate & Interact with regional and global colleagues, providing innovative ideas
- Evaluate, discuss, listen to and re-think ideas to move forwards in a productive manner
- Communicate & keep people informed
- Identify areas for process improvement, automation, efficiency and scripting wherever possible
- Identify environmental KPIs and provide capabilities to meet & measure
- Participate with audit and RFP processes, including contact and meetings with clients or their appointed auditors
- Verifying the security of third-party software and vendors, collaborating with them to meet security requirements
What we need from you
Technical Knowledge – Essential
- 3 years+ proven experience in an Information Security or IT Security related field
- 3 years+ proven experience with computer network penetration testing and vulnerability analysis techniques.
- 5 years+ experience in a multi-site, multi-networked environment of more than 50 PCs is required.
- Ability to identify and mitigate network vulnerabilities and explain how to avoid them.
- Understanding of patch management and the ability to deploy patches in a timely manner while understanding business impact.
- Experience of Project Delivery security input, covering at least 2 significant IT Projects is required.
- Strong understanding of:
- Legal and applicable regulatory standards in relation to IT and Information Security
- TCP/IP, computer networking, routing and switching – an understanding of the fundamentals: the language, protocol and functioning of the internet
- Firewalls, VPNs & proxies
- Access control methodologies (MAC, DAC. RBAC)
- IT Security tools (SIEM, IDS, IPS, WAF, DLP, Anti-Phishing, NAC, Anti-Malware, Webproxy)
- IP/TCP stack (TCP/UDP flows, DNS, HTTP/HTTPS)
- SSL (Certs, Certificate Authorities, etc.)
- SSH (Private Keys, Public Key, Exploitation)
- Cryptography (Encryption, Hashing, Seed Generation)
Technical knowledge – desirable
- Security certification (CISSP, CRISC, Ethical Hacking, OSCP)
- ISO27001 assessments
- Cloud computing knowledge from a security perspective, inc. O365
- Windows/Linux operating systems
- Programming languages (C, C++, C#, Java, Powershell, etc)
- Penetration testing of applications and infrastructure
- Good communication skills
- Problem Solving
- Good time Management
- Strong organisation & Planning
- Strong work ethic
- Analytical Mind-set
- Customer Service approach
- Positive Attitude
- Teamwork & Collaboration
- Ability to multi-task
- Willingness to learn
- Good interpersonal skills