THE OPPORTUNITY:

As a junior Information Security Officer, or someone who wishes to transition into security, you will work closely with our Senior Information Security team to protect our sensitive information and systems from unauthorised access, breaches, and cyber threats. You will play a crucial role in implementing security measures, monitoring security events, and educating staff on security best practices.

WE WOULD LIKE YOU TO:

• Assist in the implementation and maintenance of information security policies, procedures, and standards.
• Conduct regular security assessments and vulnerability scans to identify potential risks and weaknesses in our systems and networks.
• Monitor security events and incidents, investigate security breaches, and coordinate response efforts.
• Assist in the development and implementation of security awareness training programs for employees.
• Help enforce compliance with regulatory requirements such as GDPR, DORA, ISO 27001 and ISO 22301.
• Contribute to the development and maintenance of disaster recovery and incident response plans.
• Collaborate with Engineering teams to ensure that security controls are integrated into the design and implementation of new systems and applications.
• Stay up to date with the latest trends and developments in information security and share knowledge with the team.
• Provide support during security audits and assessments.
• Perform other duties as assigned by the CISO.

THE NON-NEGOTIABLES:

• Some experience in information security, either through entry-level security officer positions or cloud engineering roles.
• Knowledge of information security principles, practices, technologies, and standards.
• Familiarity with common security tools such as WAFs, intrusion detection systems, DLP controls etc.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Ability to work independently as well as part of a team.

THE NICE TO HAVE’S:

• Experience with security incident and event management (SIEM) tools.
• Familiarity with cloud security principles and best practices, particularly in AWS.
• Knowledge of secure coding practices and application security.
• Experience with penetration testing and ethical hacking techniques.
• Experience with risk assessment methodologies.
• Familiarity with regulatory compliance frameworks beyond the basic requirements, such as ISO 27001 or NIST Cybersecurity Framework.
• Experience working in a regulated industry (e.g., finance, healthcare, government).