The Cyber Threat Specialist role is part of the global Information Security function and will work with colleagues and stakeholders in multiple geographies.
The Threat Specialist will perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring.
They will also determine the relevance of the threat to our business, through the application of a risk-based methodology and take action or pass action on to the relevant teams to counter the threat.
The Threat Specialist will also identify vulnerabilities using multiple technologies (vulnerability scans, penetration testing reports, Bitsight ratings, etc.) and operate the vulnerability management process ensuring remediation to target.
The success of this role is dependent upon building a lasting alignment between Information Security technology and business requirements. In particular, the role must take into consideration:
- The special requirements of the Firm with regard to client confidentiality, as well as regulatory requirements such as data protection.
- Achieving a balance between protecting the firm and ensuring that users can work effectively; being pragmatic but cognisant of risk.
Skills and Experience Required
- Education – an IT or Information Security qualification / experience or 4+ years’ experience in a similar role.
- Experience working in large, matrix and geographically dispersed global organisations where IT and Information Security have played a key role to the business.
- Demonstrable experience of managing outsourced security services and driving continuous improvement.
- In depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
- Experience with governing vulnerability management processes and technologies.
- Experience with the creation of reports, dashboards and metrics for presentation to senior management.
- Technical knowledge of various Information Security technologies and evidence of a continuous learning mind-set.
- Integrity and professionalism, with a consistent and uncompromising adherence to best practice.
- Stakeholder management skills, including the ability to communicate complex Information Security concepts in business language.
- Passionate and driven to exceed expectations and to deliver with integrity.
- A relevant industry certification, such as ethical hacking, CompTIA Security+, CISSP or similar, is an advantage.
- ISO 27001 qualification and / or experience is an advantage.
Please contact Laura Madgwick for further information at firstname.lastname@example.org