IT Security Officer

CARPROOF ,
London, Greater London

Overview

Job Description

Description Do you thrive in a fast-paced, dynamic environment? Are you a collaborative team member with experience providing technical support and analysis of the IT Security environment? Are looking to take on a new challenge? If you answered yes to these questions, consider applying for the role of IT Security Specialist at CARFAX Canada! About Us Every day, Canadians rely on our insights to make one of the biggest decisions of their lives. As the country's #1 provider of automotive history and valuation insights, we're always innovating to make buying and selling used vehicles easier for all Canadians. Working Here At CARFAX Canada, you're not just another employee. You're a critical contributor to the big picture and rely on data when making important decisions. You have a future mindset and are motivated to grow with us. You have a thirst for learning new things and building your skillset. You dream big and chart your own career path. You don't settle for what's quick and easy because you value quality. You know that the best teams are built on trust, so you use your voice to collaborate and create real change. You believe in taking the time to celebrate wins and have fun. You know leading a balanced lifestyle in a supportive work environment is important. You're not just another employee. You are a CARFAX Canadian! Job Details CARFAX Canada is looking for an IT Security Officer who will own the security function of the company and all of its products and services. We are looking for a security lead who is excellent in security frameworks, establishing security program, write policies and also hands on who can conduct technical tasks such as install security software, analyze logs, configure firewall and manage network and cloud security. Reporting to the Director of Technical Operations, they will support the development, implementation, monitoring, and maintenance of security controls, processes, procedures, and systems. This role provides guidance and management for information security projects and technical requirements. If you love a challenge and have a passion for cloud-based software, we want to hear from you! Position Responsibilities * Owns the security position of the company and all its products and services, including PCI compliance, security monitoring, audits, and overall compliance tasks related to security. * Supports security technology to ensure proper operation, including upgrades and installations * Responsible for initiating, architecting and implementing CFC security program. * Conduct system security and vulnerability analyses and perform risk assessments. * Act as an internal security consultant for system and network architecture design and reviews. * Perform network and code vulnerability testing as well as assist responsible parties in understanding and addressing vulnerabilities. * Create cybersecurity awareness content and educate personnel on security threats and best practices. * Performs product evaluations, recommends and/or implements products and services for the security stack. * Act as the primary technical lead for information security incidents and performs forensic investigations of intrusions and other cyber security events to determine root cause. * Provide recommendations for appropriate adaptation of the security environment to meet new demands. * Reports, records and works with departments to resolve security related issues and incidents. * Responsible for analyzing, developing, implementing and enforcement of security, privacy and data protection requirements, policies and corporate technical guidelines. * Identify risks to the business by evaluating business objectives, system requirements, designs and integration points. * Monitor and continually improve overall cybersecurity, including application security, network security, data security, and mobile security. * Establish actionable security levels to address risk, define mitigation strategies, metrics, reporting and program services. * Create maturity models and roadmaps that ensure continual program improvements. * Research information security standards. * Coordinate and track third-party penetration testing including scope, timelines and outcomes. * Evaluate, source, implement, and support managed security services and consultants. Education and Training * Bachelor's degree in computer science/related technical field or equivalent experience. * Security certificate is a great asset Skill and experience required: * 10+ years' experience in the IT industry with at least 5 years' experience in security/ cyber security. * Strong experience and knowledge in IT security standards, risk, compliance regulations, best practices and frameworks such as ISO 27001, ISO 27002, NIST, Soc1&Soc2 for Cyber security, OWASP, PCI DSS * Strong familiarity with estabilishing, architecting and executing security program, designing and writing security policies and procedures, communicating and evangelizing security princ