IT Security Specialist

RSSB ,
London, Greater London
More Details

Overview

Job Description

Overview The Operations & Security Service within RSSB is tasked with delivery of all IT infrastructure and related IT operations to enable business capabilities and services, including ensuring these are secure and recoverable. The IT Security Specialist role ensures the security and recovery of specific services and technologies and provides a key role in assuring the overall IM&T service. They will help balance risks with business drivers, supporting projects to achieve secure and effective outcomes, and actively manage the security and recoverability of operational services. Responsibilities * Lead on the security and recovery strategy, policy and processes. * Lead on the development and update of information security policies, standards and guidelines, including corporate security testing standards. * Develop the countermeasures and contingency plans to mitigate security risks and impact to services, culminating in a robust business continuity and disaster recovery plan. * Document detailed processes for security management, business continuity and disaster recovery. Monitors these to ensure they are actionable and being adhered to. * Provide advice and guidance on security policies to manage identified risks and business requirements, ensuring adoption and adherence to standards. * Monitor the external environment to gather intelligence on emerging cyber threats, assessing and documenting impacts and threats to the organisation. * Manage and support the delivery of secure and recoverable services and operations. * Undertake risk assessments on IT infrastructure and services, to identify potential risks and impact to the business. * Work with suppliers to ensure adherence to agreed service levels and standards. * Deliver insights into the existence of vulnerabilities, and the effectiveness of defences and mitigating controls, including to non-technical audiences. * Take ownership for the integrity of penetration testing activities and disaster recovery plans, working with business owners to provide advice and guidance on the planning and execution of vulnerability testing. * Investigate breaches of security and recommends appropriate control improvements, working closely with the RSSB DPO. * Keeps stakeholders informed during service recovery or security breaches, collecting and disseminating relevant information. * Provide solution architecture input from a security and recovery perspective. * Contributes to the development of solution architectures for specific services and technologies with a view to the security and resilience of the resulting services. * Evaluate architectures to help balance business drivers with security and resilience, and ensure they align to security standards. * Research and apply innovative security architectures to new or existing problems. * Translate solution architectures into documented infrastructure and service deliverables and supports their implementation and operation. * Develop and own a standardised security approach which can be applied through the lifecycle of new projects. * Work in areas covering infrastructure, service delivery and support; both supporting others and working independently on agreed tasks. * Provide support to the DPO where required. * Maintain a good understanding of the overall RSSB IT environment. Qualifications * Experience developing and leading security policies and processes for organisations with complex technology and information landscapes. * Experience of the management of information security, including the establishment of monitoring and auditing. * Knowledge of best practice security standards (e.g. Cyber Essentials/ISO/IEC 27001/NIST/PCI-DSS/SOC). * Knowledge of GDPR and Data Protection legislation and it's alignment with information security. * Working knowledge and certification in information security management principles, covering information governance frameworks. * Working knowledge of IT security principles and policies, and network infrastructure principles, including cloud hosted solutions. * Experience of ITIL change and problem management, including designing and managing response and recovery processes for major service disruption. * Strong communication skills including communicating complex technical information and concepts to both technical and non-technical audiences. * Strong interpersonal skills including the ability to influence customers and suppliers in relation to decisions on security and recovery. * A strong team-working and collaborative style including focus to ensure security is well understood and customer requirements are being met. * Experience of leading the development and implementation of security and disaster recovery policies. * Experience of analysing and understanding the broad business needs in relation to IT infrastructure and services, particularly around service disruption and recovery. * Analytical and problem-solving ability including experience of performing a range and variety of

People also viewed