Senior Information Security Engineer

Job Description

Purpose of the role

To support the Chief Information Security Officer in managing and reporting the Information Security Risks faced by Technology Services (TS) in delivering AJ Bell’s systems and services.  This role is responsible for playing a lead role in designing and implementing improvement to the Cybersecurity risk management tools, systems, and processes. Key to this is assisting and supporting the Information Security team to drive continual improvement through innovation, automation and integration of its tools and processes.

The key responsibilities of the role are:

• Delivers and maintains technical enterprise security solutions for (but not limited to) the following areas: End Point Protection, Cloud Security, Network Security, DevOps, Security Monitoring & Remediation.
• Design and implementation of enterprise security technology controls and platforms, following secure infrastructure engineering best practices.
• Evaluation and requirements collection for new enterprise security tools
• Driving the adoption of new tools and techniques, ensuring adequate operational handover is in place and able to articulate inherent value and impact
• Support the planning and co-ordination of patch management activities for internal systems and hardware
• Assessing and recommending server hardening activities to be completed by the Infrastructure and Service Delivery teams
• Supporting audit and due diligence activities within Technology Services
• Supporting and advising on projects and change initiatives to ensure that there is no negative impact on our security posture
• Acts as an integration point between CISO and AJ Bell Infrastructure teams to ensure integration of technical IS solutions into the wider technology estate

Technical Skills:

• Demonstrable experience of implementing enterprise security platforms
• Strong understanding and knowledge of Information Security risk management tools and techniques
• Awareness of Information Security control standards and frameworks
• Awareness and understanding of the Information Security threat landscape
• Deep understanding of Information Security solutions e.g. email / web gateways, SIEM, Endpoint protection etc.
• Knowledge/experience working with firewalls is highly advantageous
• Experience of Cloud security solutions and standards is highly advantageous

Competence, knowledge and skills

Competence

• Experience working within recognised Information Security frameworks and best practices such as ISO27001, NIST etc.
• Experience in an Information Security role gained in a financial services or e-commerce environment is preferred

Knowledge & Skills

• Significant experience in the area of Information Technology (IT) security
• Strong knowledge of core IT and networking concepts
• Well versed in IT security capabilities, framework and concepts
• Extensive experience implementing industry-standard IT security platforms
• Strong ownership of tasks, attention to detail and following through to conclusion
• Ability to challenge approach, strategy and implementation to ensure Information Security is consistently considered and improved
• Ability to work under own initiative to plan and communicate effectively with colleagues and customers
• Structured, self-starting, flexible and enjoy working in fast-paced environments
• Effective communication skills, both written and verbal
• Ability to plan, organise and follow through on assigned tasks and complete with little or no prompting from management
• Excellent attention to detail
• Attained or working towards CISSP certification

Scope of the role

Reports

• May lead a small team of Information Security Engineers

Internal Relationships

• Technology Services Management Team
• All Technology Services staff with a particular focus with Information Security team

External Relationships

• Business and IT stakeholders across all sites
• External vendors

About us:

AJ Bell is one of the fastest-growing investment platform businesses in the UK, with over 418,000 customers using our award-winning platform propositions to manage assets totalling more than £74.1 billion. Having listed on the Main Market of the London Stock Exchange in December 2018, AJ Bell is now a FTSE 250 company.

Headquartered in Manchester with an office in central London, we now have 900 employees and have been named one of the Sunday Times ‘100 Best Companies to Work For’ for three consecutive years.

Additional Information:

There are opportunities for growth and professional development for members wanting to progress within their career including induction training and our study support scheme which is part of our benefits package.

At AJ Bell you can expect a friendly working environment with a strong sense of team work, we have a great sense of pride in what we do and this is reflected in our guiding principles.

There is an active programme of social events throughout the year, which are open to all employees.

Benefits:

• Regular remote working
• Discretionary bonus scheme
• Buy as you earn share scheme
• Contributory pension
• Dedicated time for proof-of-concepts and assessing new tech
• Support to attend conferences, events, and meet-ups
• Pay-day drinks on our 7th floor roof terrace
• 24 days holiday increasing to 30 with length of service
• Holiday buy scheme
• Enhanced maternity and paternity
• Death in service cover
• Confidential 24/7 365 employee assistance helpline
• Free onsite gym and trainer led classes (yoga, Pilates, boxercise, circuits)
• Paid volunteering days
• Bike loan scheme
• Season ticket loan portal
• Plus, much more

This role provides formal cover for Mission and Business Critical systems and processes, and as such you may be required to work evenings, weekends and bank holidays to provide out of hours support for such systems and processes, as part of a rota. Employees who are scheduled to be on-call will receive a weekly standby allowance and will be paid for overtime worked during these periods.  

This role is available under our hybrid working scheme. Ideally we're looking for people who are within commuting distance of one of our offices however for certain roles we can consider UK-based candidates who are further away - ask the recruitment team for more information. Please note, we are unable to provide employment sponsorship to candidates at this time.