Cyber Compliance Engineer
You will be responsible for our clients cyber security strategy, developing and managing security compliance, as well as responding to customers' security requirements. The candidate will design, implement, deploy & support security systems and services both internally and across it’s cloud-based product infrastructure.
The ideal candidate will be a security compliance professional with an understanding of modern cloud-based technologies and will be expected to improve organisational security by defining, selecting, deploying, and operating new security platforms.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
• Lead and manage the implementation of ISO 27001 ISMS.
• Manage and deploy security controls and technology.
• Research into the latest and emerging security threats, with a view to continuously reviewing existing and new business processes to ensure IT Security best practice is enforced at all times.
• Work with other areas of the business to deliver security services and ensure customer security is at the forefront of operations.
• Liaise and engage with key internal stakeholders to ensure security requirements are embedded in project flows.
• Management of key security projects ensuring deadlines are met and stakeholder expectations are clear.
• Provide security support to key cloud systems and technologies, such as AWS/Azure.
• Take full responsibility for the identification, definition, documentation, and satisfactory completion of any actions required to close security incidents.
• Assist with compliance and regulatory audits
• Progress tracking and delivery of corrective actions to the committed timelines
DESIRED SKILLS AND ABILITIES:
• A minimum of 2 years industry experience working in Cyber Security or Cyber Compliance or related position.
• Working knowledge of information technology best practices and control frameworks such as NIST CSF, CIS, ISO27001, COBIT, ITIL, ISMS
• Prior compliance audit experience, in particular ISO 27001
• Strong understanding of cybersecurity processes and concepts (e.g. vulnerability management, security governance, software development, incident response, physical security, auditing and logging, micro segmentation, secure access service edges, zero trust architecture, Insider Threat, Vendor Risk Management, PKI, penetration testing) as well as application controls and segregation of duties.
• Documentation skills are essential for the role.