Information Security Officer required to provide security expertise and guidance to key Security Programme which includes a number of projects as part of the organisations cyber strategy.

The role will include input into the requirements and designs working with internal security teams and external parties to put in place agreed solutions to meet the aims of the programme. This is a dynamic role combining security solution design, implementation, assurance and review activities with standards, policy and procedure development.

The Information Security Officer will come with strong analytical, information security and application security skills ,along with a technical understanding of the practical application of information security controls within financial services firms. The Information Security Officer is vital to ensuring that appropriate security controls and best practice are applied to emerging services within the organisation

As a strategic role, it will require strong business acumen and detailed knowledge of information security & cyber security policies and procedures. The successful candidate will be someone who has a finely tuned understanding of the challenges of policy implementation and can respond in an agile and collaborative manner to ongoing business and regulatory requirements.

The Information Security Officer will have previous experience of implementing; Privileged Access Management, End Point Security, Identity & Access Management, Supplier Security Assurance, Cloud Based security offerings and Security policies/procedures/standards

This role faces off to the business and the successful candidate will be a first class communicator with strong C-level stakeholder management skills. They will play the lead role in driving key policy projects and programmes, the creation of a strategy for developing Policy outreach and awareness and contribute to the strategic plans for the policy and awareness teams.

Applications from candidates with security related degrees and relevant security industry certifications such as CISSP, CISM, SSCP and CISA are welcomed.

For more information on this role please contact Neil Morgan at McGregor Boyall

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

IT Security Lead required for major name in financial services. The IT Security Lead has the responsibility of assessing, discovering and directing remediation of security vulnerabilities within the business, working closely with all relevant infrastructure and IT security teams to identify the root causes of vulnerability issues. They will deliver long term strategic remediation in line with the overall Cyber-Security Strategy.

The IT Security lead will come with a strong technical background and solid experience in vulnerability detection and various methodologies including SIEM, IDS/IPS, ATP, DLP, EPS, DDoS, Aim etc. Strong Experience in technical IT Security is required and it is essential they come with experience of working within large scale complex IT environments in the financial services industry with a strong preference for a hardcore incident response background.

The IT Security Lead will be a high quality communicator with strong ability to communicate with senior stakeholders across an enterprise organisation and will have previously served as a vulnerability management or remediation specialist

For a more detailed job spec please contact Neil Morgan at McGregor Boyall

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

Application Security Consultant – Permanent – London

McGregor Boyall are searching for and Application Security Consultant to work with one of our Fintech clients in London. You will be working alongside a team of developers as the SME in Application Security

Main responsibilities

• Oversee and review all existing policies (will also be required to write new policies)
• Threat modelling
• Run modelling workshops internally, across various business functions.
• Provide Stat Analysis & create reports around current procedures.
• Act as a senior member of the London Cyber team, contributing to regional AppSec strategy.

Requirements

• Expert level knowledge of web-based application Security
• Experience with mobile-based application Security (desirable)
• Experience with a range of Security Frameworks
• Experience working within a C# Environment (Desirable)

Application Security Consultant – Permanent – London

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

Senior Security Network Engineer

Our trading client is looking for a Senior Security Engineer to join their London office. You will be responsible for implementing critical network security infrastructure and contributing to key security projects.

Responsibilities:

• Be the Cyber Security SME within the organisation for technical policies and technologies
• Communicate effectively and give expert advice to senior security and technology stakeholders
• Provide expertise of Enterprise Security concepts and frameworks

Key Skills:

• DDoS Mitigation, IPS (Intrusion Prevention Systems) and NAC (Network Access Control)
• Cisco LAN Switching and Routing
• CCNP, CCNA qualified or equivalent experience
• CCSE qualified or equivalent experience
• Financial Services background would be desirable

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

Information Security Risk Manager - Senior – 2nd line of Defence

Role Purpose

• You will be responsible for developing and maintaining the ISR (Information Security Risk) team’s relationship with several other lines of business, globally as well as regionally, with a focus on global banking and commercial baking teams.
• You will ensure your department supports the other lines of business with their Information Security Risk posture and ensure that they are challenged when their risk appetites are breached.
• You will primarily liaise with the CIO functions for each of these business functions and you will be responsible for challenging, advising and guiding the respective IT functions on the effective management of their information and cyber security risks. (Relationships with the IT CIOs will be managed jointly with the global ISR Managers.)
• You will ensure the teams’ activities are aligned to the business operational risk management framework, which includes oversight of Technology’s 1st Line of Defence and;
  • Key IT technology programmes and initiatives
  • Information and cyber security incidents
  • Cyber threats and threat mitigation
  • Information security awareness initiatives
  • Providing support for large change programmes within Technology amongst others.

Key Accountabilities

• Liaising with senior managers to understand the current risk landscape, and to follow-up on any respective risk management / mitigation duties.
• Maintaining on-going visibility of IT key initiatives and helping to prioritise Information Security Risk oversight, according to risk.
• Increasing the understanding of information risks within the IT functions by explaining these in business terms.
• Helping IT functions ensure that they are kept within their risk appetite by recommending mitigating actions.
• Supporting the IT functions in the root-cause-analysis process and guide them to ensure relevant information security risks and controls are included in the process.
• Providing 2 Line of Defence visibility on current threats, mitigation, intelligence, cyber security and incident management.
• Work with all areas of ISR, locally and globally, to develop an engagement framework that allows the ISR function to:
  • Reduce duplication of effort and ensure best use of scarce ISR resource
  • To have single / globally aligned frameworks
  • To have single / globally aligned risk model
  • To standardise and globalise were feasible without losing coverage for regional or local processes
  • Establish processes to ensure compliance with all internal and external regulations

Information Security Risk Manager - Senior – 2nd line of Defence

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

Lead Scrum Master - Cloud Security - London

The Cloud Security Lead Scrum Master will be a member of the Global Cybersecurity Technology team. This team is responsible for identifying, developing and deploying global cybersecurity controls across the estate and leveraging the firm’s assets, network and data to identify threats.

This role will partner heavily with Cloud Services Engineering teams to support the end-to-end secure deployment of security technologies across the firm as well as building upon your own team.

Responsibilities

• Manage the delivery of Cloud Security technology solutions by DevSecOps engineering team across Cloud Platforms (AWS, Azure or GCP).
• Define Agile project working approach and enforce all team members to follow the same methodology.
• Organise and facilitate project planning, daily stand-up meetings, reviews, retrospectives, sprint and release planning, demos and other Scrum-related meetings.
• Track and communicate team velocity and sprint/release progress.
• Empower Cloud Security & DevSecOps teams to collaborate and make effective decisions promoting adaptive planning, evolutionary development, early delivery and continuous improvement.
• Update agile tracking systems to provide transparency on Product & Sprint Backlogs.
• Assist with internal and external communication, improving transparency, and radiating information.
• Assist team with making appropriate commitments through story selection, task definition.
• Identify and remove impediments, prevent distractions that interfere with the ability of the team to deliver the sprint goal.
• Ensure awareness, involvement and support from key stakeholders by building strong project teams and maintaining robust communications on the project status throughout its lifecycle.
• Ensure risks and issues are identified, managed closely and remove project blockers from the team.
• Make key decisions to ensure the successful implementation of all initiatives
• Work directly with various stakeholders across multiple geographies, such as Cybersecurity engineering teams, Cloud Services Platform engineering teams, Product Owners and Business Partners to produce accurate delivery estimates and manage the transition from analysis through to design and delivery.

Requirements

• Extensive project management experience and experience of Scrum, Agile and Software Delivery Cycle (SDLC) experience.
• Results oriented technical leadership in driving key initiatives from concept to execution.
• Proven experience as Scrum Master and Agile Delivery Lead.
• Experience in Agile Project methodologies and tools such as JIRA and Confluence.
• Understanding of different analyses options and development of implementable solutions.
• Ability to understand technical issues especially those related to Cloud Platforms and Cloud Security at a high level.
• Proven skills to lead teams and motivate others to achieve objectives.
• Demonstrated coaching experience (effective at getting the best out of people, drive people to their best performance, empowerment, and motivation).
• Ability to consume requirements and create/implement solutions to satisfy requirements.
• Ability to manage risks and willingness to work with the team and stakeholders to help mitigate those risks.
• Relevant Agile Certifications such as Certified Scrum Master or Agile Certified Practitioner and Project Management Certifications such as PRINCE2 or PMP would be desirable.

Lead Scrum Master - Cloud Security - London

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

Programme Manager required to design, manage and deploy security awareness programmes, including delivery of Cyber & Information Security training modules

The Programme Manager will design, manage and deploy behavioural change platforms including cyber measurement, information security training and targeted training to high risk communities across the organisation.

The Programme Manager will be responsible for the delivery of specific areas of behavioural change (including managing a global network of cyber ambassadors, awareness programmes, training, behavioural measurement) with the goal of reducing cyber risk stemming from employee conduct and behaviour. They will also support the delivery of behavioural assurance campaigns such as Phishing testing, social engineering and clear desk checks.

The Programme Manager will be a high quality communicator, comfortable engaging with C-level stakeholders across the Cyber & Information Security areas of the business.

The successful candidate will have a background in behavioural and culture change and we welcome candidate with relevant security industry certifications such as CISSP or CISM.

For more information on the role please contact Neil Morgan at McGregor Boyall.

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

IT Compliance Analyst - Permanent - London

We are looking for an IT Compliance Analyst to develop, initiate, maintain and revise policies and procedures within our client's compliance programmes. You will be the first point of contact from an IT compliance perspective, ensuring the business stays compliant with relevant regulations.

Key Responsibilities:

Regular assessments against core IT operational risks and to report on status, priority, remediation actions and other measures required to maintain adequate IT compliance. Refine and/or redevelop regular reviews of IT general control frameworks ensuring information systems operate as expected, maintain integrity and meet responsibilities under the relevant regulations.

Serve as a first point of contact for all IT compliance questions.

• Hands-on activities such as execution of IT compliance monitoring and testing activities controlling, identifying and reporting on issues and exposures are a big part of your job. This includes the automated surveillance of trading activities for potential market abuse. These activities may include algorithmic and/or high frequency trading.
• Draft, review and revise IT compliance policies and procedures to ensure that practices remain compliant with all current laws, regulations and client contracts.
• Plan, prepare and conduct continuing IT compliance training to staff.
• Conduct IT risk assessments and, working closely with the Group IT function, take immediate action when networks/systems have been attacked and provide an incident management plan. Provide appropriate solutions/procedures when gaps have been identified.
• Provide specialist advice on IT issues and, working closely with the Group IT function, develop strategies to ensure the security of systems.
• Participates in vendor risk assessments including discovery, testing, gap identification and summary risk assessment reports.
• Actively research and analyse current IT compliance and security trends, methodologies, issues, technologies, and regulatory requirements.
• Development of new procedures in alignment with appropriate programmes.
• Implement review of folder/file permissions across various systems.
• Raise awareness of data regulations e.g. ePrivacy etc. and, working closely with the Group IT function ensure appropriate safeguards have been put in place across the business.
• Liaise/partner with relevant external bodies, standard setters and external experts where appropriate.
• Ensure that external obligations and client contracts are implemented.
• Report on a regular basis to management on compliance matters.

Role Competencies:

• Ability to work independently.
• Ability to network across various departments.
• Experience in either financial services or commodity trading essential.
• Experience in IT system security compliance, audit or risk management essential.
• Some knowledge in FCA rules desired but not essential.
• Knowledge of; ISO27001, GCCs (General Computing Controls).
• Knowledge of IT networks and security.
• Communicates effectively – able to translate IT security controls and IT jargon into laymen terms.

IT Compliance Analyst - Permanent - London

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

Production Support Analyst - Contract - Hampshire

The Production Support Analyst will be a member of the Production Support team responsible for administration and support of various solutions.

In this role, you may be working with multiple technologies across the Global Information Security technology stack, so flexibility is key.

Key responsibilities:

• Support of the in house built applications providing authorisation services for bank applications
• Provide day-to-day Production support
• Operate as an individual contributor and in a team environment
• Provide application support during Operating system patching
• Co-ordinate and carry out the application releases across multiple environments
• Work with the development team to implement infrastructure solutions for different internal projects
• Support the weekend release and maintenance work
• Troubleshoot application related issues and work with different support team to resolve issue

Essential Skills:

• Strong knowledge Linux OR Windows operating systems.
• Experience as an L3 support professional supporting production issues with ability to provide quick turn-around solution
• Significant experience in analysing logs and identifying problems with authentication and authorization
• Familiarity with common utilities, diagnostic and monitoring tools
• Experience in a CI/CD environment with experience of technology such as Jenkins, IIS, Team City etc..
• Scripting experience with Python OR Shell OR Java
• Good verbal and written communication skills
• Good understanding of network services and related technologies (load balancer, Wide IP, FDNS)
• Experience working in an ITL methodology based environment
• Good understanding of database technology (Oracle/SQL)

Production Support Analyst - Contract - Hampshire

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

Information Security Officer required to provide security expertise and guidance to key Security Programme which includes a number of projects as part of the organisations cyber strategy.

The role will include input into the requirements and designs working with internal security teams and external parties to put in place agreed solutions to meet the aims of the programme. This is a dynamic role combining security solution design, implementation, assurance and review activities with standards, policy and procedure development.

The Information Security Officer will come with strong analytical, information security and application security skills ,along with a technical understanding of the practical application of information security controls within financial services firms. The Information Security Officer is vital to ensuring that appropriate security controls and best practice are applied to emerging services within the organisation

As a strategic role, it will require strong business acumen and detailed knowledge of information security & cyber security policies and procedures. The successful candidate will be someone who has a finely tuned understanding of the challenges of policy implementation and can respond in an agile and collaborative manner to ongoing business and regulatory requirements.

The Information Security Officer will have previous experience of implementing; Privileged Access Management, End Point Security, Identity & Access Management, Supplier Security Assurance, Cloud Based security offerings and Security policies/procedures/standards

This role faces off to the business and the successful candidate will be a first class communicator with strong C-level stakeholder management skills. They will play the lead role in driving key policy projects and programmes, the creation of a strategy for developing Policy outreach and awareness and contribute to the strategic plans for the policy and awareness teams.

Applications from candidates with security related degrees and relevant security industry certifications such as CISSP, CISM, SSCP and CISA are welcomed.

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.