Candidates: Create an Account or Sign In
Candidates: Create an Account or Sign In
Information Security Lead (Azure)
6 Months
2-3 Days per week on site in London
£Negotiable day rate (Inside IR35)
Purpose of role-
The Information Security Lead is responsible for bridging between the company's wider security organisation and the dynamic, fast-moving demands of product and service teams spanning a particular major engineering domain (e.g. Microsoft Azure). Through a trusted relationship cultivated with the security teams and the Information Security Manager, the role ensures that key organisational policies, standards, guidelines and training are incorporated into the DevSecOps lifecycle and the mindset of engineers in that domain. As well as supporting the teams in their domain, the Information Security Lead is a major contributor to trusted reports and other outputs provided to the business security organisation, such as compliance reports, ad-hoc audits and feedback on security-related trends.
Responsibilities in the role -
1. Communicate security advice, standards, guidelines and training from the wider security organisation into product teams within their domain of responsibility, so that they are understandable and compatible with fast-moving, highly automated product development.
2. Adapt a tailored information security framework so that can be easily incorporated into the DevSecOps lifecycle for product teams in their domain, so that the process of compliance is simplified for those teams.
3. Act as a conduit for security knowledge, threat intelligence and enquiries between the information security team and product teams in their domain, so that those teams receive timely and consistent advice.
4. Oversee compliance with wider organisational security requirements in their domain, so that a single integrated approach which is compatible with DevSecOps practices is used across all their product teams.
5. Compile and present security related reports on the domain for the wider organisation, working with DevSecOps Engineers to automate as needed, so that the department is transparent about its security performance and timely in delivering that information.
6. Provide, in conjunction with Security Architects, expert guidance on risk assessment and mitigation in their domain, so that product teams can make the right choices to protect the company's data.
7. Promote a strong culture of security across teams in their domain, so that DevSecOps Engineers feel empowered and supported to maximise the security elements of their role.
8 Consumer Duty accountabilities: Engage stakeholders and undertake and appropriate testing prior to the implementation of any system or business changes to ensure the impact on internal stakeholders and customers is understood.
Qualifications, knowledge and skills-
* Relevant security-related qualification, e.g. CISSP or Certified Ethical Hacker or relevant experience
Knowledge-
* Well-rounded security knowledge, including familiarity with cloud security, network security and application security best practices
* Up-to-date knowledge of security trends, tools and frameworks applicable to a DevSecOps environment
* Understanding of one or more cybersecurity frameworks e.g. NIST
Experience-
* Proven experience managing information security compliance in a fast-moving technology environment
* Experience with agile methodologies and a DevSecOps culture
* Proven ability to clearly and pragmatically communicate security-related topics to a highly technical audience
* Track record in tailoring security policies and procedures in a way that enables faster delivery whilst remaining true to the spirit of the original policy
* Experience of working within Financial Services, or a similarly regulated industry
Leadership-
* Ability to influence agile teams to adopt new policies, standards or ways of working, even when those may be perceived as unwelcome or burdensome
* Able to communicate persuasively and empathetically to explain the value and importance of security related practices
* Behave transparently, communicating the need and rationale behind security related decisions in a way that encourages buy in from engineers and product owners
Disclaimer:
This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission. Where the role is marked as Outside IR35 in the advertisement this is subject to receipt of a final Status Determination Statement from the end Client and may be subject to change
