itContracting are seeking applications for an Information Security Principal, this is a permanent position with our client in North Dublin.
Core Job Responsibilities:
* Own the existing Information Security processes and procedures and own the associated continual improvement program.
* Create, maintain and oversee the implementation of information security processes for both the retail and online business to include antivirus management, encryption, firewalls, ddos and access control management to ensure the availability and security of all systems.
* Develop, establish and maintain procedures and guidelines to promote all aspects of information security
* Be instrumental in the change control and operational readiness sign off for all changes and projects to ensure Information security compliance to protect the business
* Investigate, resolve and report on information security incidents, and exposures to accidental or intentional destruction, disclosure, modification, or interruption of information that cause serious financial and/or information loss.
* Provide a central point of contact on all security issues.
* Provide information security awareness, education and training.
* Approve | Decline configuration guides based on business needs and security controls.
* Ensure that monitoring and logging activities take place within the used systems on systemwide activities, privileged user profiles and accessing specific business sensitive information.
* Ensure that security related events are logged, and audit trails saved to secured logs on another computer whenever possible, and that the security related events are reported.
* Review logs, prescribe corrective measures when needed and report incidents to Senior Management
* Monitor compliance with the organization's information security policies and procedures among employees, contractors, alliances, and other third parties, and referring problems to appropriate department managers.
* Perform information security risk assessments and serving as the internal auditor for information security processes.
* Maintain a register of known risks to information Systems following risk assessment and analysis.
* Monitor internal and external sources of information for evidence of security breaches, invoke incident response as necessary and produce reports post-breach
* Investigate incidents raised by the client's network intrusion detection system. Identifies suspicious network traffic from the client's owned devices and remediates any malware infections found.
* Responsible for monitoring Endpoint Security systems, including Anti-Virus, Disk Encryption and removable media control and encryption. Cross referencing with asset databases such as Active Directory to ensure complete coverage of all the client's owned devices. Performing scans for unprotected endpoints and remediates out of date and unprotected endpoints.
* Manages user provisioning for the client's multi-factor authentication system. Producing reports on system usage and exceptions.
* Works with the Information Security officer to identify, classify and secure critical data assets.
* Performs vulnerability audits, comparing system builds against baselines and produce gap analyses.
* Performs security reviews of systems, networks, devices and cloud services to ensure that they meet the requirements laid out in the Information Security policies and standards.
* Acts as escalation contact for security incidents that are logged through the service desk.
* Own the action plans around risk assessment recommendations.
* Ensure compliance with relevant legislative, contractual and regulatory requirements.
* Serve as an internal information security consultant to systems development and maintenance department.
* Monitor the implementation of security controls in new developments when applicable.
* Ensure the creation and maintenance of a process to control and protect test data.
* Create Security Requirements Definitions for all application development and enhancement activities, in the area of: Applications Application data Cryptographic Controls Logon Banners Security incidents
* Ideally CISSP and CISA Certified.
* Proven experience within the telecommunications industry in an IP & Security operational or engineering role.
* Proven track record in identifying Security risks and developing plans to address.
* Proven experience in devising and influencing Security and Risk strategy and policies.
* Excellent leadership, collaboration, influencing and communications skills.
* Proficiency in building, configuring and assessing secure systems.
* Expertise in security product management: mail/web filtering, endpoint security, user and identity management.
* Experience in incident and problem management in a diverse global organisation across a matrix IT function.
* Skilled in architecture, administration, and management of operating systems, networking, and virtualization software.
* Demonstrable working knowledge of LAN/WAN topologies and protocols, with network devices such as firewalls, switches, routers and network load balancers.
* Experienced in building and maintaining Microsoft Windows systems, Active Directory and ADFS.
* Maintains awareness of security trends and alerts from Internet sources.
* Demonstrates awareness and knowledge of contemporary standards, practices, procedures and methods.
* Eager to research and analyse technical questions and examine them from all sides.
* Enthusiastic and highly adaptable with a willingness to learn and attain new security qualifications.
* Possesses strong analytical and diagnostic skills.
* Demonstrates skills in communication, collaboration, relationship building in a global matrix organisation.
* Proven ability to deliver against tight timelines in a high-pressure organisation.
* Excellent presentation and communications skills to effectively communicate with management and clients.
* Ability to clearly articulate complex concepts both written and verbally.
* Ability to handle critical incidents effectively and under pressure.
* A strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships
* Technical knowledge to include antivirus management, encryption, firewalls, ddos and access control management to ensure the availability and security of systems
* Experience in an ISO role of preference.
* Working with the ISO27001 framework.
* Strong Information Security awareness and understanding of current threats and risks to organisations.
* Proven managerial experience within a similar role is essential.
* Minimum of five years IT experience, three of which should be in network security.
* Bachelor's degree in information systems or equivalent work experience.
* Ideally holds relevant security qualifications: ISC2 SSCP or SANS GSEC/GCIA/GCIH certifications. CISSP/CISA an advantage.