Group Information Security Consultant

Job Description

Job Purpose: The Information Security Consultant is responsible for developing, implementing and managing security measures that support the successful delivery of the OCG Information Security Strategy / Roadmap. Key accountability is to implement & monitor solutionsand processes that protect the organisations networks, systems, software & data from malicious activity & infiltration.Accountabilities:

• Support the development & execution of OCGs information security strategy & roadmap
• Support tasks to maintain an Information Security Architecture for the group
• Manage security incidents & provide responses to detect, analyse, contain, eradicate and recover, integrating with wider group crisis management where required
• Provide 2nd and 3rd line security operations support and support for out of hours critical incidents
• Implement & deliver information security initiatives, directly & in cooperation with other IT & business teams & third parties, as part of the roadmap
• Design & manage required security monitoring/logging systems & resources to provide relevant information on security incidents & potential risks
• Monitor and report on key metrics to facilitate security governance & the assessment of the overall security risk position across the group
• Work with infrastructure & service teams to maintain regular patching / upgrade schedules & processes across relevant systems in the group
• Support the development and adoption of information security policies & standards
• Help raise awareness about Security standards across the group and educate colleagues
• Support regular security tests & other security related compliance across the group
• Support initiatives around change management & compliance with PCIDSS, GDPR, SOx & any other key control requirements
• Perform security operations activities within the remit of systems & controls owned by the Information Security function.
• Work within a virtual team across OCG territories
• Act as a security subject matter expert as required
• Actively maintain knowledge of the threat landscape, technology solutions & industry standards, leveraging external network & key advisors
• Present ideas, MI & reports to technical & business teams, Senior Leadership & relevant partners

Skills and Experience:

• Proven experienceworking in an IT Security or Information Security function
• Hands on expertise of implementing & managing a number of technical security measures such as1. Network Security WAN/LAN, Firewall, Intrusion Detection/Protection, Denial of Service, Proxy, Content Filtering2. Web Security Web Application Firewall, Web Security Risks & Controls such as Cross Site Scripting, SQL Injection, DDOS & Brute Force3. Component Security Active Directory, System Hardening, Endpoint Protection, Asset Management, Email Security, Patching, Vulnerability Management4. Monitoring & Detection Security Event & Incident Monitoring & Management, Log Retention & Audit, Threat Detection & Response5. Access Control Role based Access Control, Identity Access Management, Privileged Access Management, Common Authentication/Single Sign On, Multi-Factor Authentication, Password Security6.Data & Encryption Public Key Infrastructure, File Integrity Monitoring, Device Encryption, Data Encryption, USB Control, Data Leakage Controls
• Worked extensively with Microsoft products & services
• Analytical & problem solver / solution provider
• Able to work independently & as part of a team
• Able to communicate up, down, & across all levels of the technical backgrounds & wider organisation
• Relevant certifications (e.g. CompTIA Security+, CISSP: Certified Information Systems Security Professional.GSEC: GIAC Security Essentials. CEH: Certified Ethical Hacker)
• Can travel within UK, & Europe

Preferable

• Working knowledge of securing the cloud (SaaS, PaaS & IaaS), specifically Azure and AWS and Web Application Firewalls such as Imperva & Cloudflare
• Understanding and use of Information Security risk management frameworks
• Worked within regulated environments (e.g. GDPR, SOx)
• Microsoft, Cisco & other relevant product certifications
• Worked in Retail or Entertainment industries
• Degree or relevant professional security qualifications

Living Our Values:Fun-Passion:I organise fun activities that keep the team engaged and celebrate our achievementsTrust-Respect:When managing others, I question and challenge in a way that respects others input and builds trustQuality-Service:I work hard to raise the bar for service, constantly looking for ways to make things better for guests at every stage of their journeyCo-operation-Accountability:I take responsibility for my teams performance and make sure people are motivated and able to achieve targetsStrategic Leadership:I lead activities to measure our success so that we can keep improvingInspirational Leadership:I encourage open feedback that enables people to learn and developChange Leadership:I take personal responsibility for my teams performance and sense of company direction