Infosec Lead - IT Information Security Lead

Job Description

IT & DATA Security DESIGN : THE INFOSEC Lead - An extremely conscientious, cutting edge, innovative mature tech start up needs a virtual security manager!Joining a very bright switched on, cultured team - We are not recruiting for the finished article but as much of the spec as possible! Home / Remote basedAce Global HQ in ManchesterIf you think you tick some of the spec and all the personality profile and ambition we are looking for - then please reach out!Salary is also negotiable based on experience Playing a lead role in identifying, defining and implementing platform and company security requirements, and working reporting to the Head of Technology within the development and DevOps team to help design secure architecture and ensure compliance withour regulatory and governance requirements.The clients cloud hosting, owning all security procedures, security architecture, security documentation and security standards compliance within the dev, DevOps and SRE teams, and own monitoring and intelligence relating to all cyber threats.YOU/THEY - A passionate TechyThe applicant should be curious about all aspects of technology, especially as it relates to infosec, and will be an enthusiastic learner.They will be passionate about the security of the business, and take every potential vulnerability as a personal affront.They will enjoy challenges, and be open and transparent about the problems they face, and will enjoy helping colleagues resolve their own problems without judgement.The successful applicant will be hands-on and able to both design solutions and then implement and maintain those designs.RequirementsRole Competencies ( We know we wont get everything but we want to help you become the Infosec legend - so potential counts for a lot!)

• Understanding of designing, building, and delivering a security programme in line with business objectives
• Security and monitoring in IaaS environment (GCP, AWS, or Azure)
• Knowledge of ISO27001 and GDPR
• Assess and analyse a wide range of information to draw conclusions on how to improve the security of our systems
• Deep knowledge of networking, infrastructure and applications from a DevOps perspective with a security focus
• Data storage/architecture best practices with respect to data security
• Awareness of common software security flaws and web application security best practice (OWASP top 10, CWE/SANS Top 25)
• Vulnerability management (OWASP Zap)
• SIEM (Security Onion)
• Experience of EDR solution (ideally CrowdStrike)
• Identity and Access Management
• Maintaining documentation on how to secure and maintain all services
• Applying/enforcing relevant parts of industry standards like IS27001 and PCI DSS
• Understanding of DevOps and Agile principles and how to embed security into the SDLC
• Strong understanding of Linux tooling and ecosystem
• Line management responsibilities

COMPANY VALUES - Fun fun fun - win win win !

• Make it happen - We own things and get them done whatever it takes
• Playful and positive - Lifes too short to take things too seriously, we like to have fun while were working and we love positivity - and yes the glass is half full
• Were in it together - We all have our day jobs to do, our KPIs to hit and projects to complete but were always available to help for the greater good of the business
• No politics - Seriously! We want to enjoy coming to work and that stuff doesnt make it pleasant
• Know your stuff, keep learning - We value people who have the knowledge and have a thirst for it, lots of it
• No drama - Things dont always go right as much as we try, having a hissy fit over it wont help the situation and you wont find that here
• With great data, comes great responsibility - Personal data is a big thing, particularly when you are the custodian of a lot of it, we take that very seriously

If you tick 50% of the spec and 100% of the attitude and personality part then YES PLEASE - APPLY NOW - Ask for Jessica!