Yondr Group is a global developer and service provider of data centers, seeking an experienced Information Security Engineer to join their Global Technology Security team. The role involves building and operating information security practices, conducting risk assessments, and managing security technology while ensuring compliance with industry standards.
Responsibilities:
- Drive the evolution of the company’s Information Security standards to maintain best practice and alignment with corporate policies and regulatory requirements
- Be hands on in managing and maturing our security technology and processes
- Investigate and respond to information and cybersecurity incidents
- Provide consultation and/or education as needed and drive the adoption of security as a value add/best practice
- Work in partnership with stakeholders, to ensure all projects, changes, IT standards and procedures are compliant with Information Security Standards and Policies
- Manage (third party) penetration testing and facilitate any subsequent remediation activities
- Act as a subject matter expert on matters of Information security relating to Yondr
- Conduct 3rd party risk assessments to ensure suppliers are aligned with our security standards and fall within our risk tolerances
- Manage phishing platform, training and related reporting
- Provide guidance and subject matter expertise on processes, controls, and objectives around audit and information security activities, best practices, and process improvements
- Conduct vulnerability assessments, risk analyses, and remediation tracking to drive the attack surface management program
- Conduct Identity and Access Management entitlement reviews of key platforms and applications
- Engage in audits, compliance assessments, and regulatory security requirements
- Maintain documentation related to security processes, incidents, and compliance requirements
Requirements:
- Experience with regulatory and compliance standards; ISO27001, SOC2, PCI DSS
- 5+ years experience working as an information security professional within a medium to large sized global organisation
- Proven experience implementing, maintaining and leading an effective information security control assurance programme
- Strong stakeholder management and communication skills, including technical members of staff and senior non-technical business leaders
- Applied working knowledge of networking principles and the OSI model to evaluate control effectiveness and support investigation of network‑based security incidents
- Background in working with international organizations that provide 24x7x365 operations
- Must understand OT, Network and Zero-trust architecture
- Understanding of email security tools, vulnerability management, penetration testing and remediation
- Strong analytical, troubleshooting, and problem-solving skills
- Information Security, alongside significant knowledge and experience of Cyber security
- Working knowledge of Microsoft Sentinel, Qualys, Microsoft Defender, Knowbe4 are essential
- Excellent verbal and written communication skills
- Ability to manage multiple priorities and work independently or within a team environment
- Exposure to Microsoft Purview, MDR services, UBA and IT/OT network environment are desirable
- Relevant certifications preferred, such as: CISSP, Security+, CISA, CEH, GSEC, Microsoft Certifications