25 day holiday allowance
Private health care
We are recruiting for an Information Information Security Assurance Team Lead to join a big branded client, based in London.
Would you like to work for a market leading company and become part of a world class digital and technology function? You will be working on a diverse range of projects that delight customers and create value. Its inspiring work in a fascinating business. One that’s moving faster than most.
What you need to do?
- Lead a team of Security Analysts engaged in delivering End to End Project Assurance i.e.:
- Manage internal security assurance for internally developed applications within a DevOps environment
- Scope penetration testing for both internal and external facing applications with external testing providers
- Customer and Colleague feedback
- Recognised as an Information Security SME
- Continuous personal development
- Fulfilling personal objectives
- CISSP or CISM essential; CRISC, CCSP, CEH or equivalent desirable
- Computer Science degree and/or MSC in Information Security desirable but not essential
- Working knowledge of different delivery methodologies including Waterfall, Agile and Hybrid. Knowledge and skills to manage Penetration Testing processes and remediation
- Has a broad knowledge and understanding of IT concepts and architectures including Cloud, BYOD, Mobile Device Management etc.
- Proactively takes responsibility, owns any issues arising and follows through to resolve them, recognising how individual responsibility impacts team delivery and inspires others to do the same
- Knowledge of OWASP vulnerabilities, tools and methodologies
- Demonstrates extensive knowledge of good security practice covering the physical and logical aspects of information products, systems integrity and confidentiality
- Expert in methods and techniques for risk management, business impact analysis, countermeasures and contingency arrangements relating to the serious disruption of IT services
- Expert in tools or systems which provides access security control (i.e. prevents unauthorised system access)
- Strong current knowledge of PCI, DPA and ISO27001
How will you succeed?
- Projects/programmes are delivered securely
- Projects are compliant with the relevant standards and regulations
- Vulnerabilities are remediated and any residual risk is managed appropriately
- Has expert awareness of problem solving procedures used for business-critical IT incidents, and a good awareness of their implications for a retail business
- Strong process management and control skills, with experience in developing policies and processes