Information Security Architect – CISSP CISM PCI-DSS – Harrogate, North Yorkshire
Candour have been retained by a true global organisation to source an accomplished Information Security Architect of CISSP or CISM certification as well as significant PCI-DSS experience to work out of their North Yorkshire offices.
Remote onboarding & interviewing is currently available with ongoing WFH options to be considered in due course.
Key skills, qualifications & experience:
- Bachelor's Degree ideally in Information Security or Computer Science
- Significant PCI DSS experience
- Relevant industry qualifications - CISSP, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, Security +, CGEIT etc.
- CCSP or AWS Cloud Certifications highly preferable
- ISO 27001 or NIST CSF experience highly preferable
- Strong understanding of business applications, including internet facing and financial systems.
- Excellent technical knowledge and preferably design experience of: Mainstream operating systems [for example, Microsoft Windows, Macintosh, Linux, AIX] databases, middleware, virtualisation and storage technologies.
- A wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, cryptography, SIEM, anti-malware solutions, automated policy compliance tools, and desktop security tools.
- Network infrastructure and design, including routers, switches, firewalls, and the associated network protocols and concepts.
- Application and web technology and security issues (for example OWASP).
- Ability to apply skills to new technology stacks including Public Cloud and Containerisation.
- Technical knowledge of mainframe systems (desirable).
- Proficiency in performing risk, business impact, control and vulnerability assessments.
- Ability to absorb and understand complex 24x7 enterprise IT environments and rapidly identify potential vulnerabilities, security risks and impacts.
And how you will use those skills:
What Part Will You Play?
- Works with IT and IS teams to identify, select and implement technical security controls.
- Consults with IT solution designers (cloud and on-prem) to assure and ultimately approve designs and system changes in line with policy, agreed standards and/or risk profile.
- Develops security processes and procedures to ensure that security controls are managed and maintained.
- Researches, evaluates and recommends information-security-related hardware and software, including developing business cases for security investments.
- Maintains an in depth understanding of financial and credit card industry standards (e.g. PCI standards, card association requirements, GDPR) and ensures that all projects are delivered to these standards.
- Assesses IT operational activities for compliance and security gaps both periodically (e.g. PCI assessments) and as an ongoing activity (e.g. day to day interactions).
- Prioritises remedial work, driving security improvements across the business. Trains non-security staff on risks and sensible approaches for mitigation.
A full job description is available to candidates meeting the above minimum criteria, please apply in the first instance with your latest CV outlining your salary expectations for an immediate response.