About the Role Our business is growing and we need an experienced Information Security engineer to join our Global Technology Security team with a proven track record of building/operating in a modern Information Security practice in a global organisation. You will have developed, managed and implemented information security controls and processes. This will involve a range of activities including consultative engagements, project-work, pro-active security testing, vulnerability management, auditing, reporting and investigations.
You'll be responsible for conducting risk assessment, policy creation and awareness training while staying up to date with other industry best practices. You'll be hands-on with a variety of security technology and interact with various internal teams to lead and deliver best-in-class solutions in an exciting fast-paced environment. Dynamic, smart people and inspiring, innovative technologies are the norms here.
Main Responsibilities - Drive the evolution of the company's Information Security standards to maintain best practice and alignment with corporate policies and regulatory requirements
- Be hands on in managing and maturing our security technology and processes
- Investigate and respond to information and cybersecurity incidents
- Provide consultation and/or education as needed and drive the adoption of security as a value add/best practice
- Work in partnership with stakeholders, to ensure all projects, changes, IT standards and procedures are compliant with Information Security Standards and Policies
- Manage (third party) penetration testing and facilitate any subsequent remediation activities
- Act as a subject matter expert on matters of Information security relating to Yondr
- Conduct 3rd party risk assessments to ensure suppliers are aligned with our security standards and fall within our risk tolerances
- Manage phishing platform, training and related reporting
- Provide guidance and subject matter expertise on processes, controls, and objectives around audit and information security activities, best practices, and process improvements
- Conduct vulnerability assessments, risk analyses, and remediation tracking to drive the attack surface management program
- Conduct Identity and Access Management entitlement reviews of key platforms and applications
- Engage in audits, compliance assessments, and regulatory security requirements
- Maintain documentation related to security processes, incidents, and compliance requirements
Qualifications and experience - Experience with regulatory and compliance standards; ISO27001, SOC2, PCI DSS
- 5+ years experience working as an information security professional within a medium to large sized global organisation
- Proven experience implementing, maintaining and leading an effective information security control assurance programme
- Strong stakeholder management and communication skills, including technical members of staff and senior non-technical business leaders
- Applied working knowledge of networking principles and the OSI model to evaluate control effectiveness and support investigation of network-based security incidents
- Background in working with international organizations that provide 24x7x365 operations
- Must understand OT, Network and Zero-trust architecture
- Understanding of email security tools, vulnerability management, penetration testing and remediation
- Strong analytical, troubleshooting, and problem-solving skills
- Information Security, alongside significant knowledge and experience of Cyber security
- Working knowledge of Microsoft Sentinel, Qualys, Microsoft Defender, Knowbe4 are essential.
- Exposure to Microsoft Purview, MDR services, UBA and IT/OT network environment are desirable
- Excellent verbal and written communication skills
- Ability to manage multiple priorities and work independently or within a team environment
- Relevant certifications preferred, such as:
At Yondr, we want to enhance the diversity, equity, inclusion and belonging of our workforce to reflect the world we live in. Our roles are potential opportunities for everyone; all interested parties, regardless of nationality, race, ethnicity, religion, age, sexual orientation, or gender, are welcome to apply. We ensure all candidates have equitable access and consideration throughout the hiring process.
Yondr is committed to fostering a welcoming, safe and inclusive work environment. We provide support through our benefits, which are inclusive of all backgrounds.
