Digital Security Specialist - Cissp, CISA, ISO27001, ITIL, PCI DSS, Ci

Digital Security Specialist - CISSP, CISA, ISO27001, ITIL, PCI DSS, Cisco

Person Specification:

Must haves:- Any one of Certified Ethical Hacker, CISSP, PCI DSS, ISO27001, MCSA or related qualification.

Preferred:- ITIL, ISO9000 Auditor, CISA, CCNA/CCNP, CCIE, any enterprise Firewall qualification such as Cisco Firewall Security Specialist or any related

The candidates must have 3 to 5 years working in a similar role performing front line IT security management, Security Incident Triage and/or Incident management

Security specialist for business as usual support and development work in the Infrastructure Security team in the Operations and Assurance Services directorate.

Significant experience of:

- information security incident handling and investigations;
- assurance documentation assessment and review;
- information security audit processes; and ability to communicate information pertinent to information security effectively with a non-technical audience.
- A full and demonstrable understanding of standards:
- ISO (International Organisation for Standardisation) 27000 suite of information security standards;
- CESG (National Technical Authority for Information Assurance) - 10 Steps to Cyber Security (policy portfolio) - implementation; and
- PSN IA (Public Services Network Information Assurance) conditions/Code of Connection.
- Certified:
- Information Systems Security Professional (CISSP).
- Trained and experienced:
- operational security management.

Job Description

- To support the activities of my clients Operational Security Team with specific responsibility for the team's activities in the mitigation of information security risks, which could threaten live service in national systems, in accordance with organisational, legal and governmental requirements.
- To assist the Service Lead in the design, establishment and operation of a Security Operations Centre, and to participate or lead on the operational aspects of information security incident management
- Be responsible for providing a high level of professional strategic advice and guidance on a wide variety of information security issues including information sharing with a wide range of customers and stakeholders.
- Responsible for providing a source of subject matter expertise for staff at all levels, including project/programme managers, Caldicott Guardian, Senior Information Risk Owner and Information Asset Owners.
- Disseminate highly complex, very sensitive and contentious information to a diverse group of internal and external senior stakeholders on a wide range of information governance issues such as national and local data access and data use issues. Possess the ability to sensitively handle and manage conflicting views and information of a contentious nature, which is challenging to communicate and difficult to explain.
- Be responsible for making decisions, which require analysis and judgement of complex issues, eg in relation to the Common Law Duty of Confidentiality.
- Have responsibility for planning and managing own time and the time of others to deliver highly complex and time bound work and projects, constantly readjusting resources/tasks to achieve desired outcomes.
- Line management responsibility for: appraisals; identifying and supporting training and development needs; monitoring sickness absence; resolving disciplinary and grievance matters; and making recruitment and selection decisions for the team.
- Design and implement internal policies and procedures involved in the operation and management of the team and its work.
- Provide advice and guidance on how policies should be interpreted whilst demonstrating expert knowledge in subject matter field.

Mercator IT Solutions provides services as an agency and an employment business