Information Security Engineer
United Kingdom
Full Time
2 hours ago
No Sponsorship
Key skills
CloudCyber SecurityRisk ManagementChange ManagementCommunicationOWASP
About this role
Role Overview
- Prevents information security threats to Scott Logic and ensures the secure, compliant delivery of IT services to all staff across three companies.
- Supporting the internal IT function across Scott Logic Ltd., Marra Ltd., and Logical Holdings Ltd., with occasional support to client projects as required.
- Deliver IT services within the SMS scope in accordance with ISO/IEC 20000-1:2018.
- Execute SMS processes including incident management, service request management, problem management, change management, release and deployment management, and configuration management.
- Maintain accurate configuration and asset records.
- Triage, prioritise, and handle security events and service tickets to agreed SLAs.
- Keep customers and stakeholders updated with accurate and timely ticket updates.
- Monitor and respond to security events across Scott Logic.
- Understand regulatory obligations to protect confidential data and maintain appropriate controls.
- Maintain and communicate minimum security configuration standards for managed operating systems.
- Analyse and determine root causes of security incidents and breaches.
- Assist with information security training and awareness.
- Support risk-based threat and vulnerability assessment processes.
- Follow data governance policies and processes.
- Manage access control policies and processes, including entitlement reviews.
- Respond to security incidents effectively, maintaining clear communication with key stakeholders throughout resolution.
- Build and maintain a knowledge base to improve resolution times.
- Maintain effective working relationships with internal teams and third parties to resolve, minimise, and avoid issues.
- Champion information security policy, standards, and awareness throughout Scott Logic.
- Drive improvements to the IT team's ways of working and evolve information security processes to deliver better outcomes.
- Actively contribute to the continual improvement of the SMS and the services it governs, in line with SMS Clause 10: Continual Improvement.
- Identify and recommend process and procedural improvements.
- Participate in management reviews and retrospectives.
Requirements
- A relevant technical or information security qualification is essential (e.g. CompTIA Security+, SC-900, or equivalent).
- Commercial experience in an information security role.
- Risk management experience, including performing assessments and designing controls.
- Experience with the Data Protection Act and UK GDPR.
- Experience designing and implementing information security controls in cloud environments.
- Experience with Microsoft Defender and Sentinel.
- Good understanding of cybersecurity standards and frameworks such as ISO/IEC 27001:2022, CIS, OWASP, and NIST.
- Good understanding of ISO/IEC 20000-1:2018 (SMS).
- Good understanding of ISO 9001:2015 (QMS).
- Good understanding of ITIL principles.
- Excellent communication skills; able to remain calm under pressure and manage difficult situations with stakeholders.
- Flexibility and ability to adapt to changing environments and new challenges.
- Detail-oriented with a systematic approach to identifying risks and devising mitigations.
- An inquisitive approach to investigating root causes of security incidents.
- Drive for personal growth and ongoing professional development.
Tech Stack
- Cloud
- Cyber Security
Benefits
- 25 days’ annual leave, rising to 30 days with each year of service.
- Generous family leave policies.
- Access to an employer pension scheme, private medical services and Group Life Assurance.
- A range of optional benefits such as discounted gym membership and a cycle to-work scheme.
- A meaningful approach to evaluating your performance and providing feedback on your progress