Senior Information Security Engineer
We are looking for an experienced Senior Information Security Engineer to join our team at RI.
You will have an opportunity to have a real impact on the business. This role will be the most senior hands-on Security position within the business, you’ll be a key advisor and influencer for our incident and response strategy. You will also be an SME on several key Information Security areas.
We are looking for an analytical individual who can lead and influence others. Being a focal point for InfoSec within the Service Delivery and Operations team, you will ensure all Information Security risks are properly considered and have a track record of investigating and alerting infrastructure teams of all security risks.
The role will be one that grows over time and will offer the successful applicant the chance of true career progression
WHAT YOU DO MATTERS…
- You will be the focal point of InfoSec within Tech Service Delivery & Operations and responsible for building, managing and supporting the Information Security capability.
- You will have the ability to form solid relationships with the existing Tech Teams as well as external third party partners and vendors.
- You will establish the Computer Security Incident Response process, investigation and operational processes.
- Collaborate with Tech and ensure that all relevant systems are actively monitored and any alerting is investigated in a timely manner.
- Collaborate with Tech to ensure information security risks in both ongoing and planned operations are properly considered and all compliance matters are being adhered to as required.
- Collaborate with the Tech Infrastructure Teams to ensure the appropriate network and infrastructure security measures, technologies and processes are in place.
- Lead and advise Tech on InfoSec incidents and assist RI Tech and/or the Business when appropriate.
- Conduct regular and ongoing monitoring and reporting on enterprise-wide compliance.
- Ability to operate within an environment where accountability and responsibilities between stakeholders overlap.
- Analytical, detail-orientated, can communicate clearly, effectively and influence in the right way.
- Calm under pressure, a great 'can do' attitude and always have the focus on our customers, staff and reputation.
- Degree/Post-graduate Degree in Computer Science or equivalent.
- A Certified Information Systems Security Professional (CISSP) qualification or equivalent.
CORE TECHNICAL SKILLS
- SIEM experience. (Security Information and Event Management).
- Responsible for the upkeep and development of Information Security Operational Procedures and Services, with respect to keeping these as effective as possible against changing threats vectors and aligned with policy, regulatory and audit requirements.
- Responsible for the design and specification of new security and technical upgrades.
- Security incident response experience. (Responsible for the testing, improvement, maintenance and smooth running of the InfoSec incident response plan)
- Must cultivate relationships with stakeholders in the business to develop and maintain good communication channels, in order to ensure a high and current security awareness level.
- Liaison with Regulatory bodies, Internal and External Audit as required.
- Consultation on any new business ventures where Security advice needed.
- Strong experience managing technology.
- Understanding of IP networking protocols and distributed systems essential.
- Understanding of digital forensics essential.
- Understanding of attacker tools, tactics and procedures is essential.
- Knowledge of configuring and implementing common technical security controls essential.
- Understanding of enterprise digital environments and distributed technology stacks essential.
- Strong technical and process skills relevant to key Information Security areas which cover;
- Perimeter Security
- Network Security
- Infrastructure Security
- Endpoint Security
- Application Security
- Data Security
- Wireless Security
- Cloud Security specifically around Public APIs and serverless tooling.
- Experience of managing penetration testing and vulnerability scanning and timely remediation of issues.
- Experience of Intrusion Prevention and Detection Systems.
- Experience of implementing frameworks such as the CIS SANS CSC, NIST or ISO27001/2 beneficial.
- Knowledge of regulatory requirements such as PCI-DSS, DPA and the GDPR are essential.
This is an amazing opportunity to build something amazing from the ground upwards. Working alongside a group of enthusiastic colleagues with the focus being on doing the right thing for our customers, staff and reputation.
IT NEVER GETS BORING…
If you are ambitious and love working in a busy environment where every day is new, then River Island is the place to be! As a business, we are committed to developing our talent and offer a fantastic training program to help you optimise your performance and support your career progression with the company.
Our working environment is busy, fast moving and responsive to our customers’ needs, much like our training which is unique to our business and reflective of our fun and refreshing brand and our people within it! Our River Academy offers ongoing training and development by running workshops throughout the year varying from courses focusing on softer skills to the more technical courses you may require to perform your duties.
It’s not all work and no play here either…we all work hard but we also like to have fun too! We are a social bunch and regularly host events ranging from Summer and Christmas parties, bake offs, and lots of charity events!
WE LOOK OUT FOR ONE ANOTHER…and in doing so, we provide great benefits for our employees:
- 50% Staff Discount
- Pension Scheme
- Holiday plus bank holidays
- Interest Free Season Ticket Loan
- Ride to work scheme
- Staff Shop
- Subsidised canteen
- Free onsite parking