Total 371 information technology job vacancies in Legal / Public / Security category in The United States of America

Morgan Hunt are currently working with a Large National Charity in their search for an interim National Information Security Manager to oversee Information Governance & Security arrangements across the organisation.

You will act as a first point of contact for any information security enquiries, as well as ensuring the organisation maintains ISO27001:2013 accreditation.

This will involve coordinating external and conducting internal audits, managing a risk register, coordinating business continuity plans, updating the Information Security Manual, and any other tasks associated with this.

You will a transition to the new ISO27001:2022 standard as soon as possible, as well as coordinate Cyber Essentials certification renewals and Data Security Protection Toolkit submissions on an annual basis. You will also advise on, and support in, the drafting of information security policy documents, guidance, training, and other related documents.

The successful post-holder will have strong experience in an Information Governance/Information Security Manager position within the Public Sector, alongside recognised qualifications.

You will have a good understanding of the ISO27001 series of controls standards, knowledge of Data Security Protection Toolkit requirements and experience conducting audits.

You will have experience utilising quality management systems, strong analytical skills alongside excellent communication skills (written and verbal).

Job Title: National Information Security Manager

Location: Remote (Ad Hoc Travel to Offices)

Annual Salary: £52,500 - £57,000

Job Type: Fixed Term Contract (6 month, potential extension)

Hours: Full-Time (37.5 hours per week)

Key Responsibilities

• Manage re-certification of ISO27001 and Cyber Essentials accreditations, undertaking and coordinating tasks necessary for certification
• Coordinate annual submission of Data Security Protection Toolkit and associated manage tasks
• Alongside Legal Services colleagues, log, monitor and investigate data breaches
• Coordinate annual reviews of internal Data Protection and Information Security eLearning package
• Represent information security interests across a range of meetings, both internal and external (including attending regular Technology Department meetings, and organisational governance groups)
• Advise the organisation on information security impacts of new projects or process changes as well as supporting completion of data protection impact assessments
• Conduct and support internal audits on information security measures at Regional Business Units and operational services

Person Specification

• At least 2 years of full-time work experience in information security management and/or related functions (such as IT audit and IT Risk Management)
• A recognised Information security management qualification/s
• Experience in writing formal letters and reports as well as knowledge of general legal practices
• Good understanding of the ISO27001 series of controls standards
• Experience of governance and national connectivity programs as well as using quality management systems
• Experience of auditing, project development and project management
• Ability to analyse data, cross referencing with other data sources and intelligence in order to offer conclusions
• Experience in policy writing and stakeholder management skills
• Knowledge of the health, social care and third sector

Please contact to find out more information regarding this fantastic opportunity for a National Information Security manager.

Morgan Hunt is a multi-award-winning recruitment business for interim, contract and temporary recruitment and acts as an Employment Agency in relation to permanent vacancies. Morgan Hunt is an equal opportunities employer. Job suitability is assessed on merit in accordance with the individual's skills, qualifications and abilities to perform the relevant duties required in a particular role.

Skills: Linux, Networking, ArcSight, Troubleshooting, Security and/or operations experience

Years of Related Experience: 2-5 years

This specialist role will be responsible for the validation of all Security information and event management (SIEM) activities, promotion of content to production, ongoing routine maintenance of the security tools and infrastructure. This position is primarily responsible for the integration and management of secure, reliable, stable, and dependable solutions that support and ensure the confidentiality, integrity, and availability of the newer complex security systems into the existing security infrastructure.

The successful candidate will have a proven track record in information security derived from an all-round Information Technology background and SOC/SIEM experience and possess a combination of the following skills, and competencies:

• Progressive senior IT experience, ideally holding positions in both IT Infrastructure & Operations as well as Network Security.
• Working knowledge of Linux, networking, ArcSight, troubleshooting, and security strategies.
• Solid understanding of additional security technologies / disciplines such as Palo Alto and Juniper firewalls, intrusion prevention, encryption, threat analysis, and vulnerability assessment.
• Comfortable with managing complex, enterprise-scale logging, including ensuring reporting and alerting is appropriate.
• Exposure to project management techniques.
• Strong analytical, documentation, and communication skills, both oral and written
• Good team working skills and ability to work in a distributed global team environment.
• Strong analytical and problem-solving skills.
• Self-motivated, proactive and with determination to achieve goals.
• Flexible and able to deliver quality results in the required timeframe.
• Familiar and experienced in the software development lifecycle process.
• Influencing skills to drive development standards.

Key Skills: External Attack Surface Management (EASM) solution & Vulnerability Management

Job Objectives

Ø This Vulnerability Management role will help on the strategic initiative to implement the External Attack Surface Management (EASM) solution.

Ø This role requires an experienced cybersecurity professional with the basic understanding of external threat landscapes, experience in attack surface management, and the ability to implement robust operational models.

Key Responsibilities

Ø Support the implementation of the EASM program across the organization.

Ø Collaborate with cross-functional teams and stakeholders to ensure comprehensive coverage of the bank's external attack surface.

Ø Support defining and establishing the operational model for EASM

Ø Collaborate with internal and external stakeholders to stay ahead of emerging cyber threats and vulnerabilities.

Ø Support the development and maintain incident response plans specifically tailored to address external threats identified through the EASM program.

Ø Coordinate assessing exposure, risk, and the remediation.

Ø Conduct regular drills and exercises to test the effectiveness of the incident response plans.

Ø Collaborate with third-party vendors providing EASM solutions and monitor the service quality.

Ø Develop contextual data sets, reports, and dashboards to provide management, risk, and service insights.

Ø Provide support for all audit and regulatory requests.

Key Requirements

Education:

Ø Diploma/Degree in Engineering/Computer Science/IT/Cyber Security from a recognized education institution

Ø Professional security related qualifications (e.g., CISSP, CISA, CISM, CCSP, etc.) will be favorable although not mandatory

Technical Skills:

Ø 3-5 years of experience in IT with a recent focus on cyber security or related fields

Ø Strong knowledge of network protocols, architecture, and security measures.

Ø Proficiency in configuring and managing firewalls, intrusion detection/ prevention systems, and other network security devices.

Ø Familiarity with vulnerability scanning tools and methodologies.

Ø Familiarity with threat intelligence platforms and analysis tools for proactive defense.

Ø Familiarity with using SIEM solutions to collect, analyze, and correlate security events.

Ø Knowledge of incident response processes and procedures.

Ø Ability to analyze large datasets for patterns and anomalies indicative of security threats.

Soft Skills:

Ø Excellent communication and collaboration skills

Ø Process aware mindset

Ø Strong analytical and problem-solving skills

Ø Effective time management and organizational skills

Ø Team player, including ability to establish and maintain effective working relationships within and across the organization

Senior Information Security Manager ? Baseline
 
We are Fujitsu
We use technology to make happier lives. We are a global leader in technology and business solutions that transform organizations and the world around us. We have a long heritage of bringing innovation and expertise, continuously working to contribute to the growth of society and our customers.
 
About the role
We are looking for an experienced Senior Information Security Manager with Baseline security clearance to manage, coordinate, and deliver the Cyber Resilience Centre (SOC) and associated work activities that hold strategic and operational significance.
 
About you
Responsibilities and Accountabilities:


Strong experience in Information Security, with a good understanding of security operations and strategy.
Strong experience managing teams of security analysts and engineers.
10 years of experience working in Information Security.
Understanding of cloud security operations in environments such as: AWS, Azure, Google etc.

... Click here to view more detail / apply for Senior Information Security Manager ? Baseline

Summary

The Security consultant is a pivotal technical role essential for facilitating Zero Trust deployment initiatives. This role encompasses conducting thorough gap analyses, proficient project management, and delivering technical advisories. Collaboration with cross-functional regional teams across the Asia-Pacific region is integral to this role. The ideal candidate will exhibit a robust understanding of the Zero Trust framework (CISA Zero Trust Maturity Model and Microsoft Zero Trust Model), possess broad security experience, analytical acumen, and demonstrate a proactive approach to project management. This position will report to HQ.

Responsibilities:

• Cross-Functional Collaboration: Collaborate closely with cross-functional teams across the APAC region to ensure seamless integration and alignment of Zero Trust initiatives with broader organizational objectives.
• Documentation: Maintain accurate documentation of Zero Trust deployment processes, procedures, and best practices for reference and future optimization.
• Gap Analysis: Conduct comprehensive gap analyses to identify vulnerabilities and areas for improvement within existing security frameworks in APAC region. Perform APAC’s Information Security Risk Assessment in accordance with the Risk Register Policy and support information security risk assessments for APAC to determine the gaps to reach Zero Trust.
• Overall Security Posture: Support and maintain APAC’s information security strategy and ensure it is aligned with Global security strategy based on Zero Trust
• Project Management: Effectively manage Zero Trust deployment projects, including planning, research, monitoring, and reporting.
• Technical Advisory: Provide expert technical guidance and advisory services to stakeholders, facilitating informed decision-making regarding Zero Trust implementation, although not responsible for implementation, must comprehend the technical aspects of security technology and planning.
• Zero Trust Deployment Support: Lead and support Zero Trust deployment initiatives, ensuring alignment with organizational objectives and security best practices, Possess a strong background in security with a focus on general high-level knowledge.

Additional General Responsibilities:

• Build and develop cross functional relationships within APAC to engender support of security projects.
• Collaborate with APAC’s legal and compliance to ensure APAC is compliant with local information security laws and regulations.
• Collaboratively work with APAC to develop and implement processes that meet Global information policy and standards.
• Coordinate technical input and recommendations from GISS to APAC
• Encourage the development of innovative ideas that solve root causes of identified problems.
• Promote an information security-conscious culture.
• Promote the use of ‘right-sized’ solutions for APAC, including Global Shared Information Security Services, to drive increased standardization and effective use of security resources.
• Support information security activities across APAC (align activities where possible, foster joint plans, etc.).
• Support the efforts of APAC’s Security delivery resources to execute to expectations.
• Work on global initiatives as part of working groups (e.g.: standards refresh, new technology discussion, etc.)

Skills/Qualifications:

• At least 5+ years of experience in the cybersecurity industry.
• Consultation capability in related technology and or related service to customer.
• Consulting experience in Cyber domain.
• Great communication and interpersonal skills
• Proactive approach to problem-solving and project management, with a strong commitment to achieving objectives and deadlines.
• Project management experience.
• Proven experience in security engineering, with a focus on Zero Trust deployment.

Technology Proficiency:

• Azure Active Directory (AAD), identity management and MFA
• Core expertise in Microsoft technologies.
• Data Protection, Microsoft Information Protection (MIP) classifying, labelling, and protecting sensitive data.
• Microsoft Endpoint Manager
• Network Security, Azure Virtual Network and Azure Firewall

Summary

The Security consultant is a pivotal technical role essential for facilitating Zero Trust deployment initiatives. This role encompasses conducting thorough gap analyses, proficient project management, and delivering technical advisories. Collaboration with cross-functional regional teams across the Asia-Pacific region is integral to this role. The ideal candidate will exhibit a robust understanding of the Zero Trust framework (CISA Zero Trust Maturity Model and Microsoft Zero Trust Model), possess broad security experience, analytical acumen, and demonstrate a proactive approach to project management. This position will report to HQ.

Responsibilities:

• Cross-Functional Collaboration: Collaborate closely with cross-functional teams across the APAC region to ensure seamless integration and alignment of Zero Trust initiatives with broader organizational objectives.
• Documentation: Maintain accurate documentation of Zero Trust deployment processes, procedures, and best practices for reference and future optimization.
• Gap Analysis: Conduct comprehensive gap analyses to identify vulnerabilities and areas for improvement within existing security frameworks in APAC region. Perform APAC’s Information Security Risk Assessment in accordance with the Risk Register Policy and support information security risk assessments for APAC to determine the gaps to reach Zero Trust.
• Overall Security Posture: Support and maintain APAC’s information security strategy and ensure it is aligned with Global security strategy based on Zero Trust
• Project Management: Effectively manage Zero Trust deployment projects, including planning, research, monitoring, and reporting.
• Technical Advisory: Provide expert technical guidance and advisory services to stakeholders, facilitating informed decision-making regarding Zero Trust implementation, although not responsible for implementation, must comprehend the technical aspects of security technology and planning.
• Zero Trust Deployment Support: Lead and support Zero Trust deployment initiatives, ensuring alignment with organizational objectives and security best practices, Possess a strong background in security with a focus on general high-level knowledge.

Additional General Responsibilities:

• Build and develop cross functional relationships within APAC to engender support of security projects.
• Collaborate with APAC’s legal and compliance to ensure APAC is compliant with local information security laws and regulations.
• Collaboratively work with APAC to develop and implement processes that meet Global information policy and standards.
• Coordinate technical input and recommendations from GISS to APAC
• Encourage the development of innovative ideas that solve root causes of identified problems.
• Promote an information security-conscious culture.
• Promote the use of ‘right-sized’ solutions for APAC, including Global Shared Information Security Services, to drive increased standardization and effective use of security resources.
• Support information security activities across APAC (align activities where possible, foster joint plans, etc.).
• Support the efforts of APAC’s Security delivery resources to execute to expectations.
• Work on global initiatives as part of working groups (e.g.: standards refresh, new technology discussion, etc.)

Skills/Qualifications:

• At least 5+ years of experience in the cybersecurity industry.
• Consultation capability in related technology and or related service to customer.
• Consulting experience in Cyber domain.
• Great communication and interpersonal skills
• Proactive approach to problem-solving and project management, with a strong commitment to achieving objectives and deadlines.
• Project management experience.
• Proven experience in security engineering, with a focus on Zero Trust deployment.

Technology Proficiency:

• Azure Active Directory (AAD), identity management and MFA
• Core expertise in Microsoft technologies.
• Data Protection, Microsoft Information Protection (MIP) classifying, labelling, and protecting sensitive data.
• Microsoft Endpoint Manager
• Network Security, Azure Virtual Network and Azure Firewall

The Game Changers:
At AP+ we're changing the game! We're doing big things, and we can't do it alone. We're part of a big ecosystem, and we know teamwork and passion for our purpose is what will make us successful. We value the unique talents, perspectives, of all our employees. This includes people of all gender identities and sexual orientations, First Nations Peoples, people of all abilities and diverse backgrounds, as well as their families. AP+ brings together Australia’s three domestic payment providers, BPAY Group, eftpos and NPP Australia, into one integrated entity. Bringing these businesses together enables AP+ to create a more competitive and coordinated Australian payments organisation that is strategically placed to respond to the impacts of regulatory and technological change today, and into the future.

The Purpose:

At Australian Payments Plus (AP+), we're on a mission to revolutionise the payments industry and ensure the security of payments infrastructure across Australia. As the Chief Information Security Officer (CISO), you will play a critical role in safeguarding AP+ systems and data from cyber threats.

As the CISO, you will provide strategic and operational leadership for AP+'s information security program. You will develop and implement comprehensive security initiatives, policies, and procedures to protect our systems, networks, and data. You will be responsible for identifying and mitigating risks, managing security incidents, and ensuring compliance with relevant regulations and standards.

In addition, you will drive a culture of security awareness and promote best practices across the organisation. You will collaborate with cross-functional teams to integrate security into the development lifecycle and provide guidance on secure coding practices. You will also stay up to date with the latest industry trends and emerging threats to continuously enhance AP+'s security posture.

As the CISO your key responsibilities will be:

• Cyber Security Management
• Identity & Access Management
• Risk Management
• Security Architecture
• Testing, Compliance & Certifications
• Partner & Vendor Management
• People Leadership

In order to be considered for the CISO role you will need to demonstrate:

• Tertiary qualifications in Computer Science, Information Technology, or a related discipline.  And/or equivalent relevant knowledge and experience. 
• Professional security management certification such as CISM, CISSP or equivalent.
• Robust and proven experience leading and growing security functions in innovative, leading edge and fast paced environments.
• 10+ years’ experience in risk management and information security in a technical environment
• Experience leading, directing and developing technical staff in the execution of security program and project initiatives.
• Experience with contract and vendor negotiations and management including managed services.
• Experience with Cloud computing.
• Experience creating, testing and maintaining business continuity management and disaster recovery plans.
• Effective interpretation of security-related data allows CISOs to detect potential security threats.
• In-depth technical knowledge of cybersecurity tools and concepts, such as intrusion detection systems, firewalls, risk identifying tools and SIEM systems
• Strong understanding of information security, risk, privacy, and regulatory compliance
• Extensive knowledge of risk management techniques.
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
• Familiarity with relevant regulations and standards (e.g., PCI-DSS, ISO 27001).

What’s Next:
We know applying for a role can be a nerve-wracking experience, so we endeavor to review applications and plan to schedule screening interviews within the next two weeks. If you are among selected candidates, we’ll be in touch to schedule a phone interview. In any case, we will keep you posted on the status of your application.
We want to remove all barriers to inclusion so if you need advice or support with your application, we’re here to help. Please reach out to recruitment@auspayplus.com.au We also encourage you to let us know your pronouns at any point during the recruitment process.

AP+ are not partnering with Recruitment agencies for this role.

Business Function

Group Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.

Group Infrastructure & Cloud (GIC) provides a platform/product for all applications to use public cloud. This product enables applications to use Public cloud services through predefined templates that are highly secure and architected against best practices and standards.

Responsibilities

The Cloud Specialist role would need to be experienced in understanding how infrastructure components are used for application development to produce highly resilient and scalable architectures. The candidate would be responsible solutioning application requirements from new onboarding new applications to public cloud as well as defining requirements for new features in the DBS Cloud Product for consuming AWS Services. Working with Evovle, they would be responsible for solution business outcomes using Outcome and work with the developers on setting clear solutions and requirements.

The candidate should be highly analytical and technology savvy with strong problem-solving skills. The ability to pay close attention to detail, develop creative solutions for complex and abstract problems and concentrate for long periods is a must. They will need to be able to speak with developers who programme the code with the Product and provide them. this role requires hands on programming skills for building infra as code.

The candidate must possess strong oral and written communication skills as well as interpersonal and multi-tasking skills.

Requirements

• Experience with application development and SDLC
• Experience with DevOps tooling and pipelines
• Experience with infrastructure services in on-premise data centers, compute, storage, database, network
• Experience of DevOps tooling and building infrastructure through code, must be able to write code to provisioning Cloud Services
• Understanding of application development and integration within one or more IaaS/ PaaS platforms such as Amazon Web Services
• Programming skills and able to read code in python (Preferable)
• 3+ years working knowledge with infrastructure services
• 2+ years working in AWS
• AWS Solutions Architect Professional Certification (Preferable)
• 2+ Solution architecture/design for application
• Familiar with public cloud APIs such as AWS, Google Cloud
• Good understanding on how applications work with infrastructure components
• Strong understanding and hands on experience on designing applications in AWS
• Experience on working on on-premise infrastructure technologies such as Network, Compute, Database and Storage

Apply now

We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements.

Your background

• Previous information technology/security audit/assessment experience preferred.
• Ability to leverage attention to detail and analytical skills.
• Ability to multi-task and work both independently as well as part of an assessment team
• Ability to plan, execute and document assessment and remediation activities following established processes and procedures.
• Must be comfortable in delivering messages across a wide spectrum of individuals having varying degrees of technical understanding.
• Minimally, CISSP and/or CISA certifications are required as well as five to eight years of experience in information security or business continuity.
• Technical skills include the domains of information security and business continuity including:
  Information Security Controls (Cloud Security, Infrastructure Security, Access Management, Physical Security, Application Security, etc.),
  IT Compliance, SOX Compliance
  Change Management
  Enterprise Risk Management
  Solid grasp of NIST, PCI, ISO, SDLC, COBIT, and ITIL standards.
• Must be able to travel up to 25% of the time.
• Experience in Cloud technologies, OSINT and threat modeling will be advantageous.

What you can expect

The Third Party Cyber Security Assessor will conduct information security and business continuity assessments of third parties providing services to Bank of America. The assessor will examine a third party's program to determine if they meet the Bank’s requirements, identifying control gaps that may expose the Bank to risks and subsequently work with the third party on all remediation activities.

To succeed in this role, you should be highly independent, motivated and possess strong, hands-on, technical knowledge of a wide range of information security and business continuity controls and the processes used for evaluating their design and effectiveness and possess strong written and verbal communication skills including ability to communicate clearly and concisely to various levels, up to and including executive level management, and explain the need for key controls to technical and non-technical resources.

There will be opportunities to be involved in projects to improve processes & transform the assessment program. This will enable you to leverage and grow your leadership skills as you'll be expose to various internal stakeholders and industry partners.

What you will do

• Manage and execute assessments of third parties providing services to Bank of America.
• Evaluate design and effectiveness of controls implemented by third parties providing services to Bank of America
• Drive remediation of issues identified through the assessments and any subsequent risk conversations with the third parties and other internal stakeholders.
• Interface with external third parties and internal line of business stakeholders to provide consultation on information security topics and build strong working relationships with these parties.
• Partner with regional and global GIS teammates to collaborate on opportunities and to identify, analyze, and resolve complex problems or security gaps.
• Contribute to the development and transformation of the Third Party Cyber Assurance program.
• Conduct cyber risk assessment in support of technology initiatives to help identify IT related risk and determine appropriate controls to mitigate risks.
• Monitor, track, and manage risk mitigations and exceptions and ensure adequate monitoring capability is incorporated into solutions.

About Bank of America

Our purpose as a firm is to make financial lives better, through the power of every connection. Across the world, we partner with leading corporate and institutional investors through our offices in more than 35 countries. In the U.S. alone, we serve almost all of the Fortune 500 companies and approximately 67 million consumer and small-business clients. We provide a full suite of financial products and services, from banking and investments to asset and risk management. We cover a broad range of asset classes, making us a global leader in corporate and investment banking, sales and trading.

Connecting Asia Pacific to the world

Our Asia Pacific team is spread across 19 cities in 12 markets. We are focused on connecting Asia to the world and the world to Asia, using our global expertise to ensure success is shared between us, our clients and our communities. Our regional footprint covers 12 currencies, more than a dozen languages and five time zones, placing us firmly among the region’s leading financial services companies.

• Minimum 8 years of experienc ein Azure Cloud
• Good hands-on experience in Azure Synapse environment able to develop code / build pipelines.
• Require Data Modeling expert, with detailed understanding and prior experience of EDW tables, Database scheme and EDW data dictionary.
• Study, analyze and understand business requirements in context to Azure Synapse Analytics
• Design and map data to shift raw data into target storage.
• Spot key performance indicators with apt objectives
• Analyze pervious and present data for better decision making.
• Hand on experience on configuring and defining advance threat management, antispam, antiphishing and impersonation with EOP
• Incident, change and problem management with high quality and provide service improvement plans
• Hands on experience on OneDrive, and other office 365 suites to configure and administer according the requirements
• Configure and control, external sharing and access with right RBAC of the office 365 suite
• Good knowledge on AD Connect, ADFS, AD and Azure AD and tools associated with administration of O365

The main duties and responsibilities are detailed in the job description attached in the advert. The post holder will lead the Cyber Security team to deliver the Cyber and IG elements of the Digital Strategy. To ensure robust policies and processes are in place and monitored. Lead and support the wider governance agenda in digital including achieving the Data Security Protection Toolkit, managing Digital Change Control, Incident Management, Risk Management, Audit and action planning.

**PREVIOUS APPLICANTS NEED NOT APPLY**

The role will be based in Digital Services at the Liverpool Innovation Park.

Liverpool University Hospitals NHS Foundation Trust has embarked on a journey to provide great care for our patients.

We are a front line digitisation trail blazer on the national EPR programme. Together we will underpin the care that our hospitals provide with a robust digital infrastructure, comprehensive suite of digital solutions and a wealth of digital intelligence.

Our team is on a mission that positions our organisation as the leader for digital health excellence in Liverpool, the North West and nationally. Using our strong academic ties, we will help create a digital blueprint for others to follow.

Our digital strategy clearly sets out our great ambition, which delivers a progressive and cohesive portfolio of digital solutions to front-line staff over the next five years. We have recently commenced our Care Record Liverpool programme, CaRL. We will modernise how we support our patients and staff inside and outside of our hospitals.

The post holder is responsible for leading:-
the management, development and leadership of the Cyber Security team of the Trust

Responsible for the development, implementation and monitoring of cyber security policy in the Trust
To oversee, and ensure assurance can be provided regarding, the robust protection of Trust and patient data, as well as the protection of infrastructure and assets from malicious activity and actors.
To work collaboratively with NHS England and 3rd party suppliers, including senior managers within Digital Services, in the planning and delivery of the CS and IG agenda across the Trust and act on behalf of the CIO, as required.

Ensuring compliance with the Data Protection and Security Toolkit and other regulatory guidelines.

Providing leadership and a clear vision for implementation of CS as part of the cyber and wider Digital strategy ensuring that effective systems and processes are in place to support the deployment of systems and the modernisation of health services.

To ensure the implementation of the Cyber strategy underpins and aligns with the Aug 2023 Trust’s digital strategy and wider Trust strategy and vision and to be an expert and specialist source of advice and guidance.

Liverpool University Hospitals NHS Foundation Trust was created on 1 October 2019 following the merger of two adult acute Trusts, Aintree University Hospital NHS Foundation Trust and the Royal Liverpool and Broadgreen University Hospitals NHS Trust.

The merger provides an opportunity to reconfigure services in a way that provides the best healthcare services to the city and improves the quality of care and health outcomes that patients experience.

The Trust runs Aintree University Hospital, Broadgreen Hospital, Liverpool University Dental Hospital and the Royal Liverpool University Hospital.

It serves a core population of around 630,000 people across Merseyside as well as providing a range of highly specialist services to a catchment area of more than two million people in the North West region and beyond.

To hear more about our achievements click here https://www.liverpoolft.nhs.uk/media/13089/1606-annual-report-booklet_final.pdf

Follow us on Social Media:

Facebook – Liverpool University Hospitals Careers

Instagram - @LUHFTcareers

Twitter - @LUHFTcareers

The main duties and responsibilities are detailed in the job description attached in the advert.

The post holder will lead the Cyber Security team to deliver the Cyber and IG elements of the Digital Strategy.

To ensure robust policies and processes are in place and monitored.

Lead and support the wider governance agenda in digital including achieving the Data Security Protection Toolkit, managing Digital Change Control, Incident Management, Risk Management, Audit and action planning.




This advert closes on Tuesday 7 May 2024

Contract Duration: 12 months
Working Hour: Normal Office Hour
Working Location: AMK
Remarks: SINGAPOREAN Only

Requirements
• 5+ years IT security experience required.
• CISSP certification is a Must, CISM, Security+, IT security tools certifications (Imperva, Carbon Black) is a plus
• Experience with Networks, Servers (Windows and UNIX), Database.
• Experience in IT security auditing, security assessments.
• Understand protocols, traffic flows, ability to analyse logs from various sources.
• Knowledge of Active Directory, Endpoint protection solutions, Early Detection and Response solution, Database Activities Monitoring tools, SIEM etc.
• Excellent written and verbal communication, presentation skills.
• Proficiency in Microsoft Excel.
• Flexible, team player, “get-it-done” personality.
• Ability to organize and plan work independently.
• Ability to work in a rapidly changing environment.
• Ability to multi-task and context-switch effectively between different activities and teams

Responsibilities
• Review and development of security framework, information security policies, processes / procedures and guidelines on an ongoing basis.
• Establish compliance with these policies / procedures through ongoing security reviews and audits, not limited to log analysis and security assessment of customer ICT systems
• Conduct security risk management exercise
• Conduct table-top exercises
• Conduct vulnerability assessment, coordinate penetration tests activities
• Conduct information security awareness training
• Responsible for the development and management of customer’s security incident response plan.
• Lead and support customer in the matters of security incident resolution and response.
• Be the point-of-contact/customer liaison to assist and advise customer for ICT security related matters
• Project managed the activities and deliverables during the implementation phase.

Interested candidates, please click "APPLY" to begin your job search journey and submit your CV directly through the official PERSOLKELLY job application platform - GO Mobile.

We regret to inform you that only shortlisted candidates will be notified.

This is in partnership with Employment and Employability Institute Pte Ltd (“e2i”). e2i is the empowering network for workers and employers seeking employment and employability solutions. e2i serves as a bridge between workers and employers, connecting with workers to offer job security through job-matching, career guidance, and skills upgrading services, and partnering with employers to address their manpower needs through recruitment, training, and job redesign solutions. e2i is a tripartite initiative of the National Trades Union Congress set up to support nationwide manpower and skills upgrading initiatives. By applying for this role, you consent to e2i’s PDPA.

By sending us your personal data and curriculum vitae (CV), you are deemed to consent to PERSOLKELLY Singapore Pte Ltd and its affiliates to collect, use, and disclose your personal data for the purposes set out in the Privacy Policy available at https://www.persolkelly.com.sg/policies. You acknowledge that you have read, understood, and agree with the Privacy Policy.

Gelangre Reyanelle Gelario | REG No : R1870995

PERSOLKELLY SINGAPORE PTE LTD | EA License No : 01C4394

• Leading regional financial institution
• Focus in Information Security Compliance, Policy & Control
• Open to IT professionals with passion in InfoSec Control and Risk Management

Reporting to Head of Information Security & IT GRC, here are your responsibilities:

• Collaborate with the cybersecurity team to develop and execute the annual information security action plan.
• Establish and maintain an efficient incident reporting and tracking system, overseeing corrective and improvement measures.
• Monitor and provide guidance on the effectiveness of information security workflows and controls.
• Lead information security projects and automation initiatives in Asia.
• Manage outsourcing matters across BUs in Asia and oversee outsourcing requirements
• Conduct annual on-site reviews of BUs in Asia.
• Support compliance efforts under Singapore’s PDPA, including policy communication, query management, and liaison with regulatory authorities.
• Report to the Board and management on adherence to laws, regulations, and information security policies.
• Review and update regional information security and outsourcing policies to ensure compliance.
• Develop training materials to enhance information security awareness.
• Design, develop, and maintain automated compliance and information security workflow management systems.
• Manage regional reporting tools and consolidate results.
• Prepare reports and documents for internal committee meetings.
• Collaborate with the Compliance team on various compliance-related initiatives.

Requirements:

• Bachelor's degree in computer science or related disciplines
• Preferred certifications: CISM and/or CISSP.
• 3+ years of experience in information security or IT risk management
• Strong understanding of information security risks, controls, processes, and trends.
• Experience in project management.
• Familiarity with regional information security regulations and the insurance sector.
• Understanding of Asian cultural and business dynamics.

If you are interested in the above job or related information security opportunities, please kindly send your updated CV to Shannagh.Wu@ethosbc.com

Reg No.R23112660
BeathChapman Pte Ltd
Licence no. 16S8112

Business Function

Group Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.

Responsibilities

• Administration and management (technical operations) of firewall infrastructure
• Evaluate and upgrade firewall hardware and/or firmware
• Coordinate with vendor, deploy, configure and manage Firewall devices according to system engineering design
• Coordinate with information security governance team to align IT infrastructure with established standards
• Ensures system compliance with all established information security policies
• Perform period health check and tuning of firewall devices
• Performs technical assessment of any non-well defined or complex firewall change requests prior to implementation
• Performs regular review of firewall rulebases and recommend necessary optimization actions
• Assists Level 1 Support Engineers during problem determination and resolution whenever necessary.
• Planning and recommending overall improvements in firewall management
• Device Access management
• Advanced troubleshooting production problems with RCA and fault diagnosis
• Performance and historical trend analysis
• Implements changes to firewall infrastructure hardware in order to correct errors or enhance functionality
• Develops processes for improving operational efficiencies, as well as identifies/implements automation tools for existing manual processes.
• Prepares technical reports, memoranda, and instructional manuals as documentation of network design and operational requirements.
• Management of network daily activities; incident and problem management
• Responsible to work with respective team members on the review of network architecture and design
• Responsible to work with the respective server and application team's members
• Responsible to work with the respective network vendor's teams for the trouble-shooting, identification and resolution of network problems
• Responsible for network devices, as well as appliances, vulnerability review and assessment.
• Responsible for network devices, as well as appliances, change implementation review and assessment
• Responsible to conduct pre / post implementation plan review
• Responsible to conduct and train Level 1 engineers, i.e. to empower and equipped the L1 engineers with the knowledge to run and maintain Data center network
• Coordinate with information security governance team to align IT infrastructure with established standards
• Change requests prior to implementation
• Advanced troubleshooting production problems with RCA and fault diagnosis
• Design and monitor operations metrics on a monthly basis to keep track of key operation metrics
• Ready to work in shifts including public holidays
• Ready to be on call for 24x7 support during shifts

Requirement

• Experience: Minimum 8 years firewall operations and/or management role
• Certification : CCSA, CCSE, JNCIA-FWV, JNCIA-SEC, JNCIS-SEC (Preferred but not mandatory CISSP, CISM, ITIL Foundation)
• Checkpoint Firewalls, Juniper Netscreen / SRX Firewalls, VPN Technologies, DNS, NTP, 2 Factor Authentication technologies.
• Ability to work independently or as a team player.
• Experience in highly complex data center network design and support
• Experience with Cisco and Arista products specially DCI technology
• Experience with Cisco and Arista Software Define network (ACI, DNAC, etc)
• Strong hands on experiences on Fabric Patch, OTV, VPC+, Vxlan, Mlag, MP-BGP
• Knowledge and experience in employing and using various networking trace tools, i.e. Sniffer, Wireshark, riverbed net profiler, NetBrain, Gigamon and etc.
• Pro-active, dynamic and with good analytical/conceptual thinking.
• Certifications such as CCIE or above level in networking is an advantage
• Python or Linux shell scripting skill is a plus

Apply Now

We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements.