Collins McNicholas currently have an exciting opportunity for an IT Information Security Lead with one of their clients in the Mid-West Region. This role is a 23-month contract position.
The following are the key requirements for the role:
- Assist in preparing IT security standards and defining the company’s reference architecture. Assist in the development of policies and procedures.
- Provide security input into technical architectures, designs and topologies, including logical access controls and policies, remote access solutions, federation services, application design, network design, wireless networking, cybersecurity architecture, cloud hosted and managed solutions & mobile architecture;
- Perform risk assessments of technical architectures;
- Perform security supply chain risk assessments;
- Deploy Office365 Policies such as Data Loss Protection (DLP), Data Retention, Email Security, encryption data at rest.
- Keeping the wider business up to date and informed of security changes;
- Building and managing relationships with senior stakeholders;
- Assist in delivering the wider information security strategy and governance, risk and compliance programme initiatives.
- Must possess a general understanding of information security risk management, such as ISOIEC 27001:2013, Octave-Allegro, ISOIEC 31000, ISF iRAM2.
- Prior experience with vulnerability & patch management programs and tools, change control and general IT governance processes;
- Must have prior experience in designing solutions and controls for regulated environments and must possess awareness and knowledge of SOX, COBIT, SSAE-16 SOC 1 & 2 , ISOIEC 27001:2013, EU GDPR and/or NIST CSF standards, PCI DSS Compliance;
- Must have hands on experience with common platforms and technologies such as Microsoft, MSSQL, VMware ESX & NSX, Cisco, Palo Alto and technical security baselines (hardening standards) for these platforms;
- Must be experienced with general technical architecture components e.g. network segregation techniques, web servers, application servers, load balancing, HTTP routing, network routing & switching, identity management, authentication, auditing, access control, storage, logging, remote access solutions, etc. Ideally with an implementation background;
- Must possess a good understanding of IT architecture and security architecture methodologies, such as SABSA, TOGAF, ZACHMAN;
- Must be experienced with cybersecurity controls including Firewalls, DDoS, IPS/IDS, Proxy Solutions, Web Application Firewalls, multi-factor authentication, PKI’s, anti-malware protections, anomaly detection, SIEM, etc;
- Plan, analyse, and design security systems including network monitoring, intrusion detection and prevention, identity management, access control, mobile device management, and data protection. Initiate upgrades to security systems as necessitated by technology availability and maturity, security gaps, emerging threats, business risk and needs, and cost effectiveness;
- Must be experienced with mobility solutions including MXM (specifically MDM, MAM), auto-enrolment, and BYOD;
- Must be experienced with cloud solutions including identity management and synchronisation, Federation, ADFS, etc;
- Must be experienced with modern application development methodologies and security techniques and tools which can be deployed;
- Must possess a good understanding of risk management, security architecture, common design flaws/weaknesses, and vulnerability analysis;
- Must have a general understanding of data protection and privacy requirements and regulations, specifically the new General Data Protection Regulation and HIPPA;
- Research emerging threats, vulnerabilities, and security practices/standards to maintain professional relevance and assist during the response to security incidents affecting or potentially affecting the organization.
- Strong professional experience with at least one Static Application Security Testing (SAST) tool (e.g., HP Fortify SCA, Coverity, Veracode, Checkmarx, FindBugs, other), its use, reports results interpretation, developer community support in remediating verified code-associated security vulnerabilities. Product configuration & tuning experience a plus;
- Professional experience as a software application developer in a leading development language (e.g., Java, .NET, C/C++), having performed web-based or mobile application development;
- Professional experience with security policy, its interpretation, reference, and usage when delivering opinions, recommendations, and guidance;
- Possessing a good understanding of software design standards, principles, and practices.
- Possessing a good understanding of modern architectures including Cloud providers (Office365, automation and orchestration, automated testing, etc;
- Experience with the results interpretation of Dynamic Application Security Testing (DAST) reports;
- Experience with software security testing tools (e.g., OWASP Zap, Burp Suite, Qualys, etc).
- Possessing security-centric certifications such as CSSLP, CISSP, Offensive Security OSCP or other certifications such as CISM, CISSP, CISSP-ISSAP, CEH, SABSA, TOGAF;
- Possessing a graduate or postgraduate degree in Computer Science, Engineering, Information Systems, Information Security, Mathematics, or a related technical field is desirable;
For a confidential discussion on the above role please contact Michael O’Leary on 061-512270