Information Security Engineer at Flash Group

Responsibilities:

• Enhance and continuously improve the current information security strategy and practices.
• Apply a security framework and ensure adherence.
• Build and manage IT security governance, including policies and processes.
• Oversee information security audits, whether performed by the organization or third-party personnel.
• Drive security within the infrastructure and IT technical teams, including access controls for the production environment, development environment, internal systems, and data warehouse.
• Conduct continuous security control validation.
• Upskill the security team.
• Manage the Vulnerability Management Program.
• Optimize current security toolsets.
• Oversee cyber incident response management.
• Ensure secure configuration of enterprise assets and software.
• Handle key account management and relationship management of information security software suppliers.
• Manage access control.
• Oversee network infrastructure management.
• Proactively research and implement new detection technologies and methodologies.
• Manage the assessment of the current technology architecture for vulnerabilities, weaknesses, and possible upgrades or improvements (through external 3rd party audits/reviews).
• Implement and oversee remediation, improvements, and fixes to the information security environment based on audit findings.
• Communicate information security goals and new programs effectively with other department managers within the organization.
• Develop and provide appropriate awareness training, plans, and communication.

Requirements

Minimum Requirements:

• BSc in Computer Information Science / BTech in IT / BTech in Information Security.
• Relevant certification (CISM, CISA, CRISC).
• Exposure to cyber risk frameworks (NIST, ISF, ISO 27001/2, FFIEC).
• Azure administration-related certification and Office 365 administration certification required.
• 4+ years in information security, computer science, or information science, with at least 1 year in an Azure environment.

Skills:

• Cloud security (Mobile, Azure, and M365).
• Understanding of encryption and key management standards.
• Understanding of Microsoft server infrastructure environment.
• Understanding of business continuity and high availability requirements of a 24-hour fintech business.
• Identity and access management.
• Malware analysis.
• Incident management.
• Management of 3rd party service providers.
• Penetration testing, threat & vulnerability management.
• Risk management and analysis.
• SIEM tools (Security Information and Event Management).
• Governance, legal compliance, and audit assurance.
• Configuration of firewalls.

Attributes:

• Attention to detail, analytical and diagnostic skills.
• Creative thinking and problem solving.
• Works well under pressure.
• Ability to work in a team and independently.
• Strong interpersonal skills.
• Good communication skills.
• Deadline-driven.
• Ability to implement policies.
• Policy writing skills (considered an asset).
• Adaptability to change.
• Accountability and responsibility.