Information Security Manager

IT Security Engineer

As the first line of defence in the IT department, the purpose of this role focusses on information security, cybersecurity and data security, including a wide scope of physical security operating systems such as Windows and Linux, network security, firewall and other security devices, application security both development and testing phrases SAST & DAST, terminal security, backup security, third party and supply chain security. We are seeking a skilled IT Security Engineer to identify, investigate, and mitigate potential security risks to protect the information systems and computer networks.

• Design and Implement Security Measures: Develop secure network solutions to defend against advanced cyber threats.
• Maintain the cybersecurity equipment, including firewall, IPS, WAF, WSUS, ATA, AD policy.
• Compile and develop cybersecurity policies and procedures, conduct regular reviews.
• Application Security: Ensure the security of applications by implementing secure coding practices, conducting code reviews, and performing vulnerability assessments.
• Information Security: Protect sensitive information by developing and enforcing security policies and procedures.
• Maintain the SIEM tools, make sure security logs generated from security systems and devices are configured and safeguarded properly.
• Incident Response: Investigate security breaches, conduct forensic investigations, and mount incident responses.
• System Audits: Work with Internal Audit and other departments to execute penetration tests, cybersecurity risk self-assessment, ensure best practice and international baseline standards are in place and in line with local regulation.
• Perform routine audits of systems and software to ensure compliance with established security protocols.
• Training: Educate staff on network and information security procedures.
• Collaboration: Work with the IT team to maintain security configurations and disaster recovery plans.
• Expertise and knowledge of the security framework includes NIST 800, ISO 27001, cybersecurity guidelines from PRA, FCA and ICO, familiar with GDPR regulation.
• Strong knowledge of IT internal control and audit, information security officer is highly recommended.
• Network Security (Routing, Firewall, Switch, Internet Gateway) and Security Products (SIEM, EDR, etc.), familiar with SIEM tools such as Splunk, Solarwinds, ManageEngine, etc.
• Documentation: Document any security breaches and assess their damage.

• Education: Bachelor's degree in Computer Science, Cybersecurity, or a related field. Relevant certifications such as CISSP or CEH are desirable.
• Experience: 3-5 years of experience in information security or a related field.
• Skills: Knowledge of firewall administration, encryption technologies, network protocols, and application security. Excellent communication skills to convey technical concepts to non-technical stakeholders.
• Languages: Due to the organisation having offices in China, Mandarin would be an advantage.

• CISA/CISSP/CCSP
• MCSA-Microsoft Windows Server
• MCSE- Microsoft Certified Solution Expert;
• MCITP-Microsoft Certified IT Professional;
• VMware Certified Professional; CCNA/CCNP

• Experience with security tools and technologies such as intrusion detection systems, SIEM, and vulnerability management tools.
• Familiarity with regulatory requirements and industry standards related to IT security.

If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.

If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career.

#4672461 - James Francis