Information Security Specialist

Senior Cyber Security Specialist required for market leading financial services firm. You will be championing Secure by Design across all change and delivery programmes, embarking on threat modelling and giving straight up advice for colleagues on security best practice and regulatory requirements.

What you’ll be doing

• Build Key Relationships: Foster strong connections, help to shift our security culture and advocate for Secure by Design principles throughout our projects.
• Engage in Design Reviews: Perform design reviews, threat modelling, and risk assessments to ensure robust security measures are incorporated from the outset.
• Provide Expert Guidance: Offer expert advice and consultation on our policy & standards, industry regulations, frameworks, and best practices to support our change initiatives and operational teams.
• Capture Security Evidence: Ensure that security requirements and considerations are seamlessly integrated into our change solutions and evident.
• Assess Security Risks & Threat Landscape: Identify and evaluate security risks, making recommendations to continuously improve the firm’s security posture in an ever-changing threat landscape.
• Define Security Test Objectives: Set clear objectives, boundaries, and focus areas for security tests to prevent vulnerabilities in our technical ecosystem.
• Remediate Risks: Ensure that any risks or findings from security scans or tests are addressed within risk appetite before changes are promoted to production.
• Support and Mentoring: Assist our team lead and provide mentorship to junior team members, fostering a collaborative and growth-oriented environment.

We need you to have

• Be Cyber Security Savvy: You know your Cyber Security Frameworks inside out and can explain their significance and impact to everyone from tech teams to senior business stakeholders.
• Information Security Guru: You’ve got a comprehensive understanding across a range of Information Security domains, including Identity & Access Management, Network Security, Cryptography and Public Key Infrastructure, Mobile & API security, and more

• Analytical Ace: Your strong analytical skills help you interpret how industry trends, regulations, and the threat landscape can affect our business.
• Penetration Testing Pro: You’ve got experience in scoping penetration tests, conducting risk assessments, and overseeing remediation plans.
• Influential Communicator: You’re skilled at influencing, communicating, and collaborating with senior management and stakeholders.
• Cloud Connoisseur: You’re well-versed in Cloud Service models like IaaS, PaaS, and SaaS and the security context when deploying solutions into them.
• Proven Track Record: You’ve got experience in a similar role, bringing valuable insights and expertise to the table.

It’s a bonus if you have but not essential

• Regulated Industry Rockstar: You’ve got experience working in a regulated industry and the financial services sector.
• Threat Modelling Maestro: You’ve participated in threat modelling using techniques like STRIDE.
• Microsoft Specialist: You have knowledge and understanding of Microsoft Azure and 365 security products like Defender, Sentinel, Azure Information Protection, and Intune.
• Cyber Community Champion: Holding Information Security certifications such as CISM, CCSP, CRISC, or CompTIA Security+ and being actively involved in the cyber community through participation in working groups, forums, and facilitating knowledge-sharing sessions.

We seek individuals from a diverse talent pool and encourage applicants from underrepresented groups to apply to our vacancies. Our commitment to fair recruitment processes means that we welcome applicants from all backgrounds, regardless of their lived experience or personal characteristics. We also invite applicants who meet most of the listed requirements, even if not all, to apply. If you require any adjustments to the application process, please let us know.

Barclay Simpson acts as an Employment Agency for permanent positions and an Employment Business for temporary/contract engagements.