Total 371 information technology job vacancies in Legal / Public / Security category in The United States of America

• 5 Working Days
• 9am - 6pm
• $8000 - $10,000
• CommonWealth

Job Description:

• Conduct gap analysis of existing on-prem data centre and cloud infrastructures, identifying and assessing gaps in the overall security posture.
• Conduct comprehensive risk assessments to identify and mitigate security risks associated with information systems and processes.
• Lead and coordinate system security acceptance testing to ensure that all security requirements are met before systems are deployed.
• Collaborate with development and engineering teams to integrate security-by-design principles into the SDLC.
• Develop and maintain security policies, standards, and guidelines to ensure compliance with industry standards and regulatory requirements.
• Provide expert advice on security architecture and design, ensuring robust protection mechanisms are implemented.
• Manage vulnerability assessments and penetration testing to identify and address security weaknesses.
• Develop and deliver security training and awareness programs for employees and stakeholders.
• Stay current with emerging security threats, technologies, and trends, and provide recommendations for continuous improvement.
• Assist in the development and implementation of incident response plans and participate in security incident investigations as needed.
• Prepare detailed reports and documentation for management, highlighting security risks, mitigation strategies, and compliance status.

Requirements:

• At least 5 years of experience in information security, with a focus on risk assessment, system security acceptance testing, and security-by-design.
• Professional certifications such as CISSP, CISM, or GSEC.
• In-depth knowledge of security frameworks and standards such as ISO 27001, NIST, CIS Controls, and Cybersecurity Act of 2018.
• Strong understanding of risk management methodologies and the ability to perform comprehensive risk assessments.
• Proven experience in system security acceptance testing and validating security controls.
• Expertise in integrating security-by-design principles into the SDLC.
• Familiarity with security tools and technologies such as SIEM, IDS/IPS, Firewalls, Endpoint Protection and Wazuh.
• Strong in technological architectures (infrastructure / application), both in on-premises data centres and cloud infrastructures.
• Ability to work independently and as part of a team in a fast-paced environment.
• Experience with cloud security and working with cloud service providers such as AWS, Azure, or Google Cloud.

Interested applicants can send your resume to Whatsapp 83208165 (Jennifer) and allow our consultant to match with our clients.

We regret to inform that only shortlisted candidates will be notified! All applications will be handled with strict confidentially.

Jennifer Tay Swee Shan

Reg No: R22111564 | EA No: 21C0845

Recruit Now Singapore Pte Ltd

ABOUT THE NATIONAL INSTITUTE OF EDUCATION (NIE)

The National Institute of Education (NIE), Singapore, is Singapore’s national teacher education institute and we are proud to be an integral part of the nation’s education service. We play a key role in the preparation of teachers and in the provision of teacher professional and school leadership development programmes. We are committed to our vision of being An Institute of Distinction: Leading the Future of Education and our mission to Inspire Learning, Transform Teaching and Advance Research.

NIE invites suitable candidates to join the Division of Academic Computing & Information Services (ACIS) as a Senior IT Security Analyst (3-year contract).

Key Responsibilities:

Incident Response Leadership

• Oversee the entire incident response lifecycle from detection to resolution.
• Lead investigations of IT security incidents and ensure thorough root cause analysis and remediation.
• Develop and maintain incident response playbooks and procedures.
• Coordinate with internal, external stakeholders, and vendors during incidents.
• Conduct post-incident reviews and report findings to management.

Monitoring and Detection

• Develop and implement advanced threat detection and monitoring strategies.
• Utilize SIEM, EDR, and other security tools for timely incident detection.
• Perform threat hunting and proactive security assessments.
• Collaborate with IT teams to deploy and optimize security solutions.

AI and Automation

• Integrate AI and automation technologies to enhance security operations.
• Develop automated workflows and scripts for incident response and routine tasks using SOAR.
• Leverage machine learning and AI-driven tools for threat detection and analysis.
• Stay updated with advancements in AI and evaluate their applicability to security operations.
• Apply system design thinking to security solutions.

Threat Statistics and Reporting

• Analyze and compile statistics on threats relevant to the Institute.
• Prepare and present detailed reports on threat statistics to stakeholders.
• Use data visualization tools to communicate threat trends and insights.

Innovation and Continuous Improvement

• Evaluate and integrate new technologies to enhance security operations.
• Foster a culture of continuous improvement within the team.
• Encourage continuous learning and professional development.

Forensics Capability Development

• Enhance the team's digital forensics capabilities.
• Develop forensic investigation procedures and protocols.
• Train team members in forensic tools and methodologies.
• Oversee the collection, preservation, and analysis of digital evidence.
• Collaborate with legal and compliance teams to ensure regulatory alignment.
• Conduct regular drills and simulations for forensic readiness.

Requirements:

• Degree in Information Systems, Computer Science, Cybersecurity, or a related field.
• Professional Certification(s) in incident handling and security analysis preferred.
• GCIH or its equivalent is preferred
• Minimum of 8 years of progressive experience in IT security, with a focus on Incident response
• Minimum of 4 years of experience in a security operations center, with proven leadership capabilities.
• Intermediate knowledge of security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration
• Proven experience in managing incident response and performing threat hunting
• Proven experience in integrating AI and automation in IT Security using Security Orchestration Automated Response (SOAR) technologies.
• Proficiency in Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), traffic and packet analysis, digital forensics, and cloud security.
• Experience in Blue/Purple teaming, firewall, Intrusion Prevention Systems (IPS), Web Application Firewalls (WAF) administration, virtualization, and cloud technologies.
• Experience in monitoring and administering host-based intrusion detection systems.
• Knowledge and experience in Linux/Windows/Database technologies preferred.
• Strong knowledge of industry standards and information security policy frameworks.
• Hands-on experience with scripting and automation tools to enhance security operations.
• Ability to conduct gap analysis of current processes and identify opportunities for improvement.
• Evaluate internal and external environments for threats related to Information Security and act as a subject matter expert to ensure these are properly addressed and controlled.
• Continuously improve event correlation and alerting processes and use cases to detect potential incidents.
• Automate manual processes to enhance security incident response.
• Experience with network security assessment tools.
• Excellent leadership and team management skills, with the ability to inspire and motivate a team.
• Strong communication skills, with the ability to effectively interact with stakeholders at all levels, including University administration.
• Demonstrated ability to drive strategic initiatives and lead a team through change.
• Exceptional problem-solving skills and the ability to think critically under pressure.
• Ability to interview stakeholders to define and document business requirements.
• Provide advice and guidance on response action plans for information risk events and incidents based on incident type and severity.

Other Information

NIE staff can take chartered buses at their own expense from or near their home to the NIE campus. This is subject to the availability of bus routes and seats.

Req ID: R00018131

Job Title: Regional Information Security and Assurance Lead

Directorate: Probation Service

Band: 4

Eligibility to Apply / Technical Requirement:

There will be a requirement for staff within the National Security Division to apply for Enhanced Level 2 or CTC Clearance

Overview of the job

The Regional Information Security and Assurance Officer (RISAL) sits within the Corporate Service function in the Probation Service region and reports directly to the Head of Corporate Services.

They will have line management responsibility for Information Security related Project Officers within the region.

The RISAL is the link between the Probation Service region and the HMPPS Information Security Team.

The geographical base for the RISAL post can be flexible within their regional area and will require travel across the region and some work in London and other locations.

Summary

The RISAL is responsible for ensuring compliance across all Probation Service units within the region with all Information Security Policy Framework requirements and ensuring all quarterly and annual departmental returns are completed and submitted in an accurate and timely manner on behalf of the Regional Probation Director who is the Information Asset Owner.

As the Subject Matter Expert, the RISAL will be required to lead investigations into all security incidents and breaches and report their findings and recommendations in full to the commissioning manager.

The RISAL will chair and manage the Regional Information Assurance Committee and will have a seat on the National Information Management Programme Board chaired by the Business Strategy and Change Lead.

Responsibilities, Activities & Duties

The job holder will be required to carry out the following responsibilities, activities and duties:

• As Subject Matter Expert, the RISAL will be the Lead investigator into information security incidents and data breaches. They will lead investigations into how incidents occur and report their findings to the commissioning officer and will give evidence when required, such as disciplinary hearings. The RISAL is responsible for ensuring all recovery actions, both for individuals and for the Service, following an incident are completed and that lessons are learned and shared to avoid future incidents across the region. They will update local policy and best practice guidance to reflect any lessons learned. The RISAL will also be the Regional Point of Contact for any investigations arising from the Information Commissioners Office ( ICO).

• The RISAL is responsible for adapting and regionalising the National Information Security Policy Frameworks into a robust and embedded local policy to deliver key milestones. Through collaboration and consultation with senior leaders across the region the RISAL will ensure the policy is implemented and embedded. The RISAL will be the driver, on behalf of the Regional Probation Director, for culture change around all aspects of the Information Security Policy Framework and Information Risk, delivering best practice.

• The RISAL will routinely undertake compliance visits across all sites in the region and will be responsible for developing and managing the Regional Risk Register appropriately, managing any emerging risks providing assurance and escalating risk where required to Regional Probation Director or HMPPS Information Security. They will identify and agree any necessary recovery actions with the site lead and monitor progress through to completion.

• Cabinet Office commission completion of an annual information security compliance statement, (Departmental health check), across Government. The RISAL is responsible for ensuring the ongoing departmental health check is completed on behalf of the Regional Probation Director, within a timely manner as stipulated by HMPPS Information Security. The RISAL will be required to understand any areas of deficiency within the Region and implement a robust strategy to improve levels of compliance across the Region.

• Provide technical expertise to ensure the Regional Probation Director and Senior Leadership Team understand their responsibilities as Information Asset Owner and Information Asset Custodians.

• Provide a monthly status report on Security Incidents/Breaches, to the Senior Leadership Team, including trends and risks analysis and demonstrating actions and mitigations the RIASL has completed and any further required recommendations for controls and mitigating actions.

• Provide technical advice and guidance to Heads of Departments to ensure the correct information is gathered to develop accurate Information Sharing Agreements (ISAs) with 3rd party providers and charities. The RISAL will be responsible for approving all ISAs on behalf of the Regional Probation Director.

• The RISAL will have line management responsibility for any Project Officer resource in the region that has been allocated to the information assurance ambitions of the region. They will be responsible for oversight of their work, formal line management of individuals, management of capability and performance, development of individuals, and day to day supervision of project officers.

• Leading on a culture change programme in the Region to ensure a positive Information Management culture is embedded across the Probation Service region making all staff are aware of best practice and their individual responsibility for information security; the RISAL will employ a range of approaches including developing and issuing bulletins to highlight key messages on lessons learned and shared best practice and innovative strategies to maximise impact.

Role overview

We are recruiting a Senior Information Security Governance Manager which is part of the Global Information Security team, with a focus on the Governance, Risk and Compliance aspects of Information Security. Reporting directly into the Head of Information Security and with three direct reports, the role holder will be responsible for the firm's global information security policies and standards and delivering compliance with external security accreditations including ISO27001 and the UK's Cyber Essentials standard and managing the firm's information security policies, standards, and risk management framework.

NB: There is a requirement to work flexible hours 2 days per week to overlap with UK operating hours.

Reports to:

Head of Information Security

Career level:

Senior Manager

Status:

Permanent

Duties and responsibilities

· Manage the information security management system in accordance with the requirements of ISO27001

· Delivering compliance with external security accreditations including ISO 27001 and UK's Cyber Essentials plus standard

· Own and develop the firms Information Security Governance framework

· Manage client information security due diligence questionnaires, as well as bid and tender documents to support business development for clients in APAC and the UK.

· Manage internal and external audits, minimising the impact of audit fieldwork and maximising the relevance and benefit of findings and actions

· Manage information security audit actions to ensure actions identified are managed to completion within the required timescales

· Work across the Legal and Business Services team teams to integrate information security practices and initiatives with firm operational practises

· Regularly review and evaluate policies, processes, procedures and standards to ensure they are effective and drive continuous improvement for information security

· Deliver information security education, training and awareness programmes

· Maintain the Information Security Risk & Control Register, risk treatment plans and information security improvement programmes

· Undertake regular risk and control assessments with risk and control owners

· Ensure changes to information security risks are reported and escalated where required

· Provide regular governance, risk and compliance reporting utilising key risk and key performance indicators and metrics

· Own and manage the third-party risk management framework

· Undertake regular identity and access management reviews and recertifications

· Ensure timely third-party security assessments on new and existing suppliers

· Maintain current expertise in information security governance risk and compliance

· Provide Information Security advice to stakeholders

· Line management, mentoring, and coaching of the team

Experience Required

· Extensive experience working in a multinational law firm

· Detailed knowledge of Singapore, Hong Kong and UK information and cyber security regulatory and legislative requirements

· A proven track record delivering information security in accordance with the requirements of information security standards including ISO27001 and the UK's Cyber Essentials plus standard

· Experience developing and implementing practical information security policies, processes procedures, and standards

· Experience in identify and access governance and user access recertifications

· Demonstrable security risk management knowledge and experience

· Experience in operational risk management frameworks

· Experience in conducting security reviews and/or audits

· Excellent written and verbal communication skills with an emphasis on confidentiality, tact and diplomacy

· Previous experience working in regulated/compliance-oriented environments

· Experience delivering designing and implementing control and delivering compliance with ISAE3402 / SOC2.

· Solid experience in information security governance roles

· Solid experience leading, managing, and mentoring people

Attributes

· Knowledge and experience across cyber security, information security and risk management in the following areas: Access control and management, Threat and Vulnerability Management, Data Loss Prevention, Malware Protection, Incident Management, Information Classification, Education and Awareness, Software Development Lifecyle, Cloud Security

· Knowledge of best practice security standards

· Strong presentation skills with proven ability to successfully interface with and influence at all levels

· Holds at least one of the following, Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA) or ISO27001 lead auditor

· Excellent stakeholder management skills

· Comfortable having difficult conversations

· Strong analytical, investigative and independent problem-solving skills

· Able to work independently and manage own workload

· Well organised / analytical & logical approach, with attention to detail

· Client focussed – able to focus on the ‘big picture’

· Capable of innovative problem-solving and process improvements

· Strong and resilient character – able to overcome resistance

· Self-motivated, energetic and enthusiastic manner

· Flexible and reliable team player

Responsibilities:

· Responsible for assessing the technologies, applications, and overall security controls in Cloud platforms to identify potential risks and vulnerabilities

· Understanding and complying of the Global Information Security policy and relevant cyber security threats to complete security assessments.

· Providing expert technical guidance to support partners and adapting testing methods to emerging cyber security regulations and evolving threats, while developing others on the team.

· Lead and oversee efforts to identify vulnerabilities and misconfigurations in Cloud platforms and workloads.

· Manage daily operations of Cloud security solutions such as Aqua, Wiz, Qualys, CrowdStrike

· Enhance vulnerability identification process for Hybrid Cloud platforms

· Drive Cloud Security solutions in alignment with the Bank’s cloud strategy and in accordance with security best practices

· Leads the analysis, implementation, execution, and improvement of proactive security controls to prevent external threat actors from infiltrating company systems or information.

· Conducts research and provides leadership updates regarding advanced threats to compromise security controls and protocols.

· Monitors new threats and complex attempts to compromise security controls while developing a deep expertise in the early lifecycle for security techniques

Skills and Experience

· Deep understanding of Microsoft Azure and/or AWS native services, tools, and architecture

· Deep understanding of cloud and container security

· Deep working knowledge of cloud threat landscape

· Deep technical experience in infrastructure and security functions

· Experience in DevSecOps and CI/CD pipeline integration through security engineering lifecycles

· Experience writing requirements documentation

· Experience deploying and managing Cloud-based vulnerability management solutions

· Understanding of Threat modeling and cybersecurity frameworks(MITRE ATTCK/D3FEND, OWASP, STRIDE)

· Understanding of vulnerability management and scanning tools

· Well-developed analytic, qualitative, and quantitative reasoning skills with a demonstrated creative problem-solving ability.

iKas International (Asia) Pte Ltd

“Sanderson-iKas” is the brand name for iKas International (Asia) Pte Ltd

EA Licence No: 16S8086 | EA Registration No. R1988468

We regret to inform you that only shortlisted candidates will be notified /contacted.

Job Description:

• Monitor, maintain and fine-tune existing network & security infrastructure: Endpoint Security, Next Generation Firewall (NGFW), Encryption, email and network proxy gateways, Microsoft 365, DLP etc.
• Monitor, analyze and response to Information Security Incidents by working across teams (e.g.: infrastructure, application, other departments, etc.)
• Prepare and document security hardening standard, security incident response plan & playbook.
• Collaborate with IT, engineering, production and QA team to ensure security practices are integrated into all systems and applications.
• Prepare documentation such as procedures and guidelines for security practices within the internal IT team, engineering and within OT environment.
• Implement, conduct external and internal vulnerability scans, network penetration tests and application security tests as required.
• With minimum supervision, generate reports from security tools, write incident reports, assessment-based findings, outcomes and propositions for further system security enhancement
• Support relevant projects, initiatives or security activities such as but not limited to security awareness programs, security incident response with relevant teams and security software deployments.
• Report on Security KPIs, vulnerabilities, non-compliance and other security exposures, including misuse of information assets and non-compliance.
• Conduct research, perform PoC to evaluate new emerging technologies and maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation, industry best practices, regulations.
• Participate in projects involving IT systems, provide sound technical advice to ensure security principles are adhered to and provide support as needed.
• Other duties as assigned.

Job Requirements:

• At least 3 years’ experience in security operations centre (SOC) and cyber security incident response team (CIRT)
• A proven track record as an Information Security engineer collaborating with teams internationally
• Hands on experience with security technologies such as NGFW, Endpoint Security, DLP, Proxy, Secure Email Gateway, Active Directory, Identity and Access Management (IAM), Microsoft 65, etc.
• Hands on experience with the implementation, configuration, fine tuning, operations, and maintenance of security tools
• General knowledge of industry best practices on security hardening, OWASP, network security, security risk & management frameworks, national cybersecurity standards, ISO27001, etc.
• Team player and able to collaborate across diverse stakeholders to achieve security objectives
• Excellent communication, interpersonal and consultative skills
• Good problem solving and analytical skills and workshop facilitation skills
• Experience in working with high performance teams and understand the dynamics of international teamwork
• Ability to learn and understand new concepts quickly to keep up with new emerging technology
• It would be advantageous for you to have exposure to working directly for companies who have gone through extensive periods of change and / or a full-scale transformation programme in recent years.
• Data driven, with a continuous improvement mind-set acumen.
• Tertiary Education in Computer Science or related fields
• Experience in solutioning, architecting, implementing security solutions
• CISSP, GIAC, CEH or other security certifications would be good

We’re a global engineering, management, and development consultancy. Our purpose is to improve society by considering social outcomes in everything we do, relentlessly focusing on excellence and digital innovation, transforming our clients’ businesses, our communities and employee opportunities.

A fundamental part of this is respecting each person’s differences and striving to meet their needs.

We are proud to be a one of Glassdoor’s top employers to work for in the UK, as well as being recognised as a Top Inclusive Company in the UK.
Mott MacDonald

We’re a global engineering, management, and development consultancy. Our purpose is to improve society by considering social outcomes in everything we do, relentlessly focusing on excellence and digital innovation, transforming our clients’ businesses, our communities and employee opportunities.

A fundamental part of this is respecting each person’s differences and striving to meet their needs.

We are proud to be a one of Glassdoor’s top employers to work for in the UK, as well as being recognised as a Top Inclusive Company in the UK.

Our values: Progress, Respect, Integrity, Drive, Excellence.

About the business unit 

Mott MacDonald’s support services are the driving force behind our organisation enabling us to run efficiently and effectively. The team works collaboratively to offer specialist advice, best practice and technology to all areas of our business specifically designed for our global reach. 

Overview of role

The Group Information Security Team is responsible for group information security strategy, risk management, assurance and capability development to support a number of regional information security teams.

The Information Security Policy Author will support the Group Information Security Manager in delivering these global functions, with a particular focus on Information Security Policies.

The role will report directly to the Group Information Security Manager (GISM) and provides an opportunity to obtain policy development and strategic information security and programme implementation experience at the enterprise level.

To write, maintain and help communicate information security policies and procedures, ensuring data management policy alignment across the business and with emerging information security standards and frameworks adopted by the business. Provide solutions and updates of policy development and implementation, including training to assist staff understanding and compliance.

Key duties and responsibilities include


- Write policies and procedures: Draft and support to publication, a range of documents covering a broad range of information security policy and procedure. Assist IT managers in the technical writing of internal policies and procedures.
- Relationship Management: Collaborate with internal stakeholders to gain an understanding of their department requirements and company-wide procedures and operations relating to information security governance, data quality and data protection that need to be aligned. Identify and action opportunities for policy improvement to ensure information security governance meets the needs of the business whilst continuing to protect it.
- Policy Management: Working with an existing document management team and document architecture, review, edit and revise existing and new guidelines, policies and manuals as necessary.
- Policy Communication and Implementation: Support communication and implementation of published information security policies and proactively identify any barriers to application or compliance.
- Self-Management: Manage self in line with the people management policies, procedures, processes and practices to ensure adherence and to maximise own contribution to business performance.

Candidate Specification

Essential


- At least three years of experience of writing information security policies and procedures.
- Excellent knowledge of information security standards and frameworks
- Excellent communication and collaborative working skills to identify business challenges and to bring about business process change.
- Proactive self-starter, self-directed and driven to excellence in all aspects of role
- Decision making skills; creative and persistent problem solver
- Good working knowledge of Microsoft product suite.


Desirable


- Professional security management certification such as CISSP, CISM, CISA, CRISC
- Experience of working in a global organization.


Personal Attributes


- Passionate about technology and learning.
- Ability to balance demands and priorities and think clearly under pressure.
- Attention to detail and a focus on quality.
- Excellent conflict resolution, communication, and collaboration skills.
- Logical and analytical approach to solving problems.



Equality, diversity, and inclusion
We put equality, diversity, and inclusion at the heart of our business, seeking to promote fair employment procedures and practices to ensure equal opportunities for all. We encourage individual expression in our workplace and are committed to creating an inclusive environment where everyone feels they can contribute.

Accessibility
We want you to perform your best at every stage in the recruitment process. If you are disabled or need any support to enable you to apply or attend an interview, please contact us at reasonable.adjustments@mottmac.com and we will talk to you about how we can support you.

Agile working
Happy to talk Flexible Working and how we can support your responsibilities beyond the workplace.

We offer some fantastic benefits including:

Health and wellbeing

- Private medical insurance for all UK colleagues.
- Health cash plan to support you with every day health costs and treatments.
- Access to Peppy, providing free support from menopause experts for all UK colleagues.
- A variety of wellbeing support is available through our comprehensive wellbeing program, including access for you and your family.
- Ability to flex your salary to opt into a wide range of health benefits, many of which can be extended to your family too.

Financial wellbeing

- We match employee pension contributions between 4.5% and 7%.
- Life assurance equal up to 4 x your basic salary, with an option to increase the level of cover to 6 x your salary.
- Our income protection scheme provides a financial benefit, as well as absence and return to work support due to long-term illness or injury.
- Flexible benefits, including increased life assurance cover, critical illness insurance, payroll saving and will writing.
- As an independently owned business we share the financial success of the business with all our colleagues in various ways including annual bonus schemes.

Lifestyle

- A minimum of 33-35 days holiday each year, inclusive of public holidays and dependent on level, with the ability to buy or sell leave through our flexible benefits programme.
- Holiday entitlement increased to a minimum of 35 days after 5 years’ service.
- Variety of employee saving schemes and discounts from high-street retailers.

Enhanced family and carers leave

- Enhanced family leave policies, including 26 weeks paid maternity and adoption leave, and two weeks paid paternity/partner leave.
- Our shared parental leave matches maternity leave meaning we pay up to 24 weeks at full pay.
- Up to five additional days leave are provided for those with significant caring responsibilities, two of which are paid.

Learning and development

- Primary annual professional institution subscription.
- A broad range of opportunities to enhance both technical and soft skills through mentoring, formal training, and self-development options.

Networks, communities, and social outcomes

- Join a wide range of groups including our Advanced Employee Networks which support our LGBTQ+, gender, race and ethnicity, disability, and parents/carers communities.
- Make a difference within our communities through our social outcomes.

Apply now, or for more information about our application process, click here.

Proud member of the Disability Confident employer scheme

Senior Manager - Information Security
Experience: 12+ years
Location: Chennai

Candidate Profile:

Should have in-depth understanding of ISO 27001:2013, ISO 27001:2022, GDPR, DPDP Act, and other equivalent standards and Information Security Management System (ISMS) implementation for the organization.

Should be well versed with firewalls, proxies, SIEM, antivirus, and IDPS concepts. Should have decent understanding of Application Security.

Should know Cloud Security best practices and assessment (crypto specifics HSM & Vaults).

Should have strong understanding of NIS2, MITRE ATT&CK Framework, OWASP Standards, etc.

Should be able to:

- Formulate new and evolve existing policies with respect to changing technologies and business dynamics

- Understand business needs and risks assessment, in order to ensure appropriate security controls

- Perform effective ISMS audits on IT Projects, internal systems and third-party audits, w.r.t., ISO 27001:2022, NIS2, MITRE ATT&CK Framework, OWASP Standards as required in order to maintain compliance and certifications

- Coordinate the information security compliance initiatives across the organization

- Work with organizational Functions/Delivery accounts to ensure employees are aware of information security issues, are trained in information and data security best practices, and are practicing safe/secure data collection, data transfers and storage, and use of social media, mobile devices, and apps, among others

- Work with Support functions in managing and improvising the information security management system, by monitoring internal systems to ensure that appropriate controls are maintained

- Track, report and escalate violations of information security policy

- Investigate Information Security incidents and data breaches, and implement additional controls as and when necessary

- Building awareness and competences in the area of Information Security and Data Protection for new and existing employees

- Strong understanding of privacy regulations such as GDPR, Draft India Data Protection Bill and privacy frameworks

- Should have experience in at least 3 end to end privacy assessment & implementation projects (GDPR, DPDP, other country specific regulations)

- Interview client stakeholders and develop project artifacts such as Privacy Impact analysis, data flow diagrams & identify gaps

-  Experience in implementation and use of privacy enhancing technologies and design of data privacy framework.

Job Purpose

A Red Team operator is a member of the Information Security Assurance group driving security improvement through continuous assessment of our threat landscape. The Red Team is a globally dispersed “testing” team.

Team Duties

• Red Team Core (70%): primarily, as a Red Team operator, you will work closely with team members to deliver sophisticated engagements focusing on high priority, global security objectives. This will take the form of engagements that deliver chained exploits and a full kill-chain of specific recommendations, to demonstrate and explain security gaps in the context of other vulnerabilities. These engagements may include working with externally contracted red teams and exploring Artificial Intelligence based applications such as Large Language Models (LLMs).
• Threat Automation and Detection development (15%): you will be developing and recreating atomic red team tests (“TTPs”) not developed as part of Red Team Core duties. These will be used to improve our Blue Team detection and response capabilities.
• Infrastructure support and development (15%): you will run, support and maintain our red team-owned tools and infrastructure alongside other team members.

Responsibilities
Seniority is determined by experience and demonstration of exceptional competencies including:

• Documenting and effectively publishing technology guidance and repeatable processes
• Mentoring peers in groups and individually
• Improving processes and incorporating advanced methodologies into engagements
• Taking initiative to learn business goals, liaise with other departments, and identify ways to increase productivity in other ICE groups and offices

Knowledge and Experience

• University degree in Mathematics, Computer Science, Engineering, or related discipline
• 4 years or more direct penetration testing and red teaming experience.
• Scripting - python, bash, Go etc, software engineering, and system administration
• Offensive Security Certified Expert (OSCE) or CREST CCT qualification
• Artificial Intelligence background is a plus

Schedule

This role offers work from home flexibility of one day per week.

Intercontinental Exchange, Inc. is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin or ancestry, age, disability or veteran status, or other protected status.

About Us

Established in 1988, Rest is one of Australia’s largest profit-to-member superannuation funds.

We support nearly two million members, with around $75 billion of funds under management and are recognised as a responsible investment leader*. We believe when members understand and engage with their super, they’re more likely to get a better retirement outcome.

Everything we do at Rest is underpinned by our values and behaviours, we want to Be Daring, Keep it Simple, Take Action and Have Grit. To put it simply we want our people to thrive and love the work they do.

About the Job

The Information Security Cloud Analyst is responsible for safeguarding Rest’s cloud-based systems encompassing a broad range of activities including evaluating and mitigating risks, formulating cloud-specific security strategies, continuously watching for cyber threats, ensuring regulatory compliance, and responding to security incidents.

Additionally, the Information Security Cloud Analyst will create secure cloud designs and guardrails, educate employees on best practices, assess third-party vendors for security risks, maintain cloud security policies, and manage various cloud security technologies.

Key Responsibilities

• Design, deliver & monitor security controls in cloud platforms, with primary focus on AWS.
• Provide strategic security and risk guidance for cloud security and related projects, including the evaluation and recommendation of technical controls and platform architectural designs.
• Operate, enhance and evolve cloud-native and third-party SaaS cloud security tooling to assure security posture of the cloud platform meets internal and regulatory compliance requirements.
• Prioritise & ensure remediation of vulnerabilities identified through cloud security standards, policies & tools.
• Produce technical solutions and standard operating procedures for Security Operating Centre (SOC) to triage and respond efficiently to security events.
• Deliver knowledge transfer sessions across the business to uplift Cloud Security awareness to technical and non-technical stakeholders.
• Advise workload owners, developers & business partners to improve cloud security posture across cloud infrastructure, application & software delivery.
• Follow strict information security processes, plans and protocols in managing the life cycle of issues and incidents, which may include collaborating with internal stakeholders, vendors or third parties.
• Support the uplift of cyber incident management capabilities collaborating with information security governance, risk & operations
• Promote and reinforce security standards, policies and procedures ensuring ongoing compliance and, where gaps exist, develop plans for remediation.
• Participate in audits as required, collating, and providing information including closing out of audit issues.

• Single point of contact to consult on enquiries on information security and data protection topics based on company policies and national laws
• Create Information Security and Data Protection reports for Department Heads to review, and comply with company central directives
• Implement regular checks of IT access rights
• Create ISP training/awareness material in order to host and conduct training/awareness sessions for all supported associates
• Conduct audits regarding Information security and data protection in the supported departments
• Work towards regulation compliance for personal data information use in cooperation with the head of department
• Perform ISP risk analysis and identify mitigation measures
• Provide regular up-to-date relevant ISP awareness via mail, Teams, department meetings etc..

Do you want to work at an agency where each day reveals new opportunities to work on some of the biggest issues facing consumers and businesses and have opportunities to pursue new and exciting pathways?
Do you want to work at a place where smart and dedicated people from all walks of life collaborate to work on meaningful matters?
Do you want to kickstart your career with the ACCC in a supportive and dynamic environment?

Then this is the place for you! At the ACCC, were proud of the impact we can make together. We understand the responsibilities and challenges that come with a fast moving and ever-changing environment. Our high performing culture is built on a foundation of care, support and inclusion. Its why were driven by connection and collaboration, sharing our skills, knowledge and support with each other freely and frequently.

... Click here to view more detail / apply for Public Information Officers/Senior Public Information Officers, APS3/APS4 -(EA2024/187)

Lico Resources, the specialist executive search firm, is partnering with a leading financial institution in searching for an Information Technology Risk Management Professional. The institution is a key player in the finance sector and is dedicated to fostering a secure and technologically advanced environment for its clients. they are seeking a dynamic professional to join their existing team in Singapore.

This role involves collaborating with internal and external teams to assess risks, implement effective security measures, and ensure the overall robustness of the technology landscape.

Key Responsibilities:

• Conduct comprehensive risk assessments for the firm's IT systems, applications, and processes.
• Develop, implement, and enforce risk management policies, procedures, and controls to mitigate potential threats.
• Collaborate with cross-functional teams to identify and address emerging risks associated with technological advancements.
• Monitor and analyze security incidents, providing timely response and remediation strategies.
• Stay abreast of industry trends, emerging threats, and best practices to enhance the firm's risk management capabilities.
• Communicate effectively with stakeholders, including IT teams, senior management, and regulatory bodies.

Qualifications:

• Bachelor's degree in Information Technology, Computer Science, or a related field.
• Minimum of 8 years of experience in information technology risk management.
• Strong understanding of information security frameworks, risk assessment methodologies, and regulatory requirements.
• Familiar with related regulations such as Technology Risk Management Guideline, CCoP2 Risk Management Practices, Guideline on Business Continuity Management, Guideline on Outsourcing and other relevant notices and guidelines
• Familiarity with industry frameworks and methodologies for technology risk management, such as NIST Cybersecurity Framework, ITIL, ISO 27001, and COBIT. Professional certifications such as CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control) are advantageous.
• Experience with risk assessment tools and technologies.
• Excellent communication skills, both written and verbal.

If you are interested in this role, please send us your updated resume today to nicole@licoresources.com quoting reference number A08915. Please note that only shortlisted candidates will be notified.

“Data provided is for recruitment purposes only.”

Job Reference No: A07415 EA Licence No.: 13C6733 EA Registration No.: R1333454

Job Title: Information Security Analyst
Location: Bristol + Hybrid Working + UK Travel
Compensation: £40,000 - £45,000 + Benefits
Role Type: Full time / Permanent
Role ID: SF58487

At Babcock we're working to create a safe and secure world, together, and if you join us, you can play your part as an Information Assurance Administrator at our Ashton, Bristol site with travel to a variety of sites to the UK

The role
As an Information Security Analyst, you will be responsible for providing a high level of professional Information Assurance (IA) support across the Missions Systems business.

Day-to-day, you'll be responsible for supporting the effective delivery of all IA related matters ensuring key support functions are delivered in a smart, flexible and holistic manner to ensure the business continues to operate safely and securely.

Main responsibilities will be:

• Supporting the development of the Mission Systems ISMS and ISO27001 Certification.
• Supporting the implementation of a program leading to ISO28001 Certification.
• Conduct internal and external auditing activity in support of maintaining the ISMS.
• Maintaining all records and IA Policy / Process documentation in support of the ISMS and ISO continued Certification.
• Providing essential support to both internal and external stakeholders to enable an open and transparent working relationship focused on resolving issues as they arise as well as supporting the development of specific plans for change to meet key customer requirements.

This role is full time, 37 hours per week and requires regular UK travel across a range of internal and customer sites on a monthly basis, alongside home working arrangements.

Essential experience of the Information Security Analyst

• Providing customer facing ISO27001 or ISO28001 advice and guidance.
• A broad understanding of computer and network technical architecture.

Qualifications of the Information Security Analyst

• Ideally hold a Degree in a relevant subject or working towards it with relevant experience.

Security Clearance
The successful candidate must be a sole UK national who is able to achieve and maintain Security Check (SC) security clearance for this role with the ability to gain Developed Vetting (DV) once in post if required.

Many of the positions within our company are subject to national security clearance and Trade Control restrictions. This means that your eligibility for certain roles may be affected by your place of birth, nationality, current or former citizenship, and any residency you hold or have held.

What we offer

• Generous holiday allowance
• Matched contribution pension scheme, with life assurance
• Employee share scheme
• Employee shopping savings portal
• Payment of Professional Fees
• Reservists in the armed forces receive 10-days special paid leave
• Holiday Trading is a benefit that allows the majority of employees to buy additional leave or to sell up to one working week of annual leave from their annual entitlement
• 'Be Kind Day' enables employees to take one working day's paid leave a year (or equivalent hours) to undertake volunteering work with their chosen organisation or registered charity

Babcock International

For over a century, Babcock has helped to defend nations, protect communities and build a better world. To continue, we must adapt, advance and be a sustainable business with a shared goal.

We are a disability confident committed employer. If you have a disability or need any reasonable adjustments during the application and selection stages, please email with the subject header 'Reasonable adjustments requirement'. We're committed to building an inclusive culture where everyone's free to thrive. We are happy to talk about flexible working - please ask about alternative patterns of work at interview.

Closing date: 13/08/2024

Proud member of the Disability Confident employer scheme

Job Description:

• Attend to internal and external inquiries at the counter.
• Handle Medical Report/Records queries.
• Assist in sending acknowledgment letters and receipts.
• Extend Medical Report/Medical Records deadlines as needed.
• Respond to external queries about Medical Report applications.
• Sort incoming mails and faxes.
• Receive documentation from staff or Courier Services.
• Manage returned cases from departments and clinics.
• Coordinate appointments for Workman Compensation/Specialist Medical Report/Objection.
• Manage the MRO hotline and respond to queries.
• Follow up on AM/PM process and close Records requests.
• Process Inter-hospital loan requests.
• Tag internal/external emails in a shared system.
• Assist Executives with ad hoc tasks.

Requirements:

• Diploma in Business or similar.
• 1-3 years of administration experience.

All qualified applicants, please click “ APPLY NOW”

Kimmy Low Yi Ting (Kim) | CEI Registration Number: R23112122

Recruit Express Pte Ltd Company Reg. No. 199601303W | EA LICENCE Number: 99C4599