Responsibilities:

Manage and maintain the portfolio of IT Security tools in operation at CloudFactory, keeping track of security events and remediating security related issues where possible.

Maintain compliance standards in support of security controls for endpoint devices across CF (e.g AV, Patch mgmt etc).

Review and test system, web and mail policies, always seeking to reduce risk through strong DLP, encryption and security posturing (when possible).

Baseline user security according to our published security policies ( Acceptable use, Password Policy etc). Provide feedback to relevant parties in regard to policy update requirements or policy compliance issues. 

Support and assist in the management of security related issues via our internal tools (ITSM, Risk Register) whilst following the appropriate escalation channels.  

Stay informed of security related news, industry trends and vendor updates to provide expertise around new security developments, reported breaches and emerging vulnerabilities across the industry.

Help to maintain strong communication channels to the wider business to help ensure that staff are well informed of security vulnerabilities, online threats and growing security trends.

Help to educate and raise user awareness in effective security practices, identify training platforms and education opportunities to widen information security awareness and knowledge.

Support business endeavours in achieving and adhering to industry-led security standards (ISO27001, SOC2 etc).

Provide functional knowledge and guidance in relation to operations and controls to support the wider business and our Clients.

Identify and highlight security gaps, weaknesses and opportunities for improvement. 

Process and Policy

Assist in supporting the internal and external audits process, through info gathering and action tracking.

Support the development of key security processes; business impact assessments, security response plans and end user security policies.

Help to maintain the InfoSec document portal, working to ensure that document control standards are met

Work with the IT Service Delivery function to ensure that risks are being recorded within the relevant Risk Register whilst making sure to log and track risks that emerge from scans, audits etc.

Work to champion the presence of the risk register to ensure that internal staff are mindful of the need to report any form of operational or system risk which may impact the business.

Maintain a good awareness of data privacy regulations such as GDPR, HIPAA etc whilst helping to ensure that the business adheres to good practise and defined processes.

Produce, maintain and manage policy documentation. Addressing any policy gaps and advising the business over policy use.

Requirements

KITSM background with good exposure to the ITIL framework

Broad IT knowledge with strong awareness of Network, Cloud and Infrastructure technologies and concepts.

Have a good understanding of IT security concepts within each layer of a business environment. (From Endpoint to Edge)

A strong aptitude towards learning and discovery

Able to take technical ownership over a given task\project.

Advanced analytical and structured problem solving abilities.

Flexibility/Adaptability: fast to respond, thinks on feet, track record of adapting, thinking outside the box, open mind to new tools and changing processes

Ideas generator and innovator: always asking Why? How?

Self-starter requiring little supervision to complete tasks independently, curious, self-developer

Can work across different business functions, communicating at all levels and can demonstrate strong collaboration skills to achieve set goals\objectives

Good written and verbal communication skills with proven ability to write highly technical reports and documentation

Being able to explain complex issues in simple terms.