Find

Sony Interactive Entertainment - Information Security OfficerDevelopment of the information security policies and standards in line with good practice, theGlobal Information Security Policy & Standards, and compliance to frameworks which includeISO27002, PCI DSS and NISTLeading several cyber security transformation programmes (IPS, SIEM, Privileged Access)Management, End Point Protection, Host Hardening & Active Directory hardening) and business projects ensuring they are delivered on track in budgetWork with various stakeholders across the business for the requirements capture, analysis and designing an integrated architectural designCoordinating and implementation of a programme of penetration testing, patch management, vulnerability process maturation & scanning, and security reviews of the environment based on riskConducting security reviews and assessments (inc third party) across all areas of the client business and developing implementable remediation plans to address any findingsAssisting in the maintenance of the information security risk register utilising various risk assessment methodologies (identifying information security risks and risk treatment actions and escalating them through appropriate management channels) and managing appropriate treatment activityIdentification and investigating information security incidents and coordinating the resolution of information security incidents by liaising with the business ownersPromoting, developing, and conducting information security training, education and awareness programs to a diverse audience of employees

Performing in depth cyber security and performance analysis, identifying vulnerabilities and threats that could result in security breachesParticipating in internal audit reviews to assess the management and control of IT risk i.e. disaster recovery/business continuity plans, business impact analysis, logging, monitoring, removal media management, change management, user management & password managementAuditing processes and controls on the Bank's infrastructure and applicationsManaging small/medium size audits, participating in larger engagements within IT or providing specialist knowledge to other audit risk teams and relationships with key stakeholders across the businessEnsuring that all audits meet internal audit plan timescales and comply with quality requirements

ABN Amro - IT Security OfficerProvided evidence on the effectiveness of IT controls in order to establish the maturity level and identify gaps with the information security policyOverseeing the end-state implementation of Security information and Event Monitoring (SIEM) forEurope, APAC & USA.Implementation of timely user access review of IT and technical users within business and IT applicationsImprove risk awareness and knowledge of the risk policies of business analysts, project managers, and application designers and developers

Undertaking security risk assessments as part of development projects identifying areas of information security control weaknessSupport project delivery, advising and ensuring effective delivery by implementation teamsInternal/external (onsite) Risk Assessments & providing recommendations of controls to mitigate risks for third party suppliers & customersUser access reviews of IT and technical users to take ownership of centralised access controlTracking, managing and reporting on business security incidents, ensuring root causes are identified and remediatedReport analysed risks with stakeholders & provide remediation recommendationsResponding to changing security risk landscape and emerging control issues, identifying these and ensuring they are effectively addressedContinuous review of control effectiveness and impact assessments for new projectsReview/update security designs prior to change approvals & implementations

Led the technical development of ISO27001 framework across the new security high availability/resilient platform along with the migration of new and existing customer networks (worth from £50Million - £750 Million) from commercial/legacy platformsResponsible for the requirements definition and leading the technical implementation of IS controls within IT migration projectsDeveloped security baselines & responsible for reviewing the implementation of agreed IT security baselines in test and production environmentsInvolvement in the IT change management approval process to minimise impact of changes to customerRegularly interfaced with external and internal stakeholders to provide progress reports & outline identified issues for project deliveryManaged budgets in accordance to capacity management and provide input to budget forecasts upgrade or replace equipment

Investigation and remediation of information security incidents and other policy violationsManaging a global team to implement firewall assurance by moving from manual to semiautomated to fully automated phase by centralising firewall changes from Europe, America & APACLiaising with customers to capture, analyse requirements and to translate into designsWorking with the implementation team to enhance the development of the firewall assurance tool from functionality and reporting perspectiveBenchmarking the assurance tool against the requirementsProduce customer audit reports for firewall changes and report anomalies on a daily basisManage team performance and ensure process/procedure alignment across the team globally by provide training to members of the team for any new processes or new ways of working as moving from each phase to ensure SLA's are being met as per targets

Capgemini - Security AnalystWorking within the UK Security Service Assurance team applying security intelligence and analysis in a multitude of technologies that accompanied a highly regulated multi-client arenaMentor junior staff to ensure they understand the technologies, procedures performed to coach them to familiarise themselves to team objectives/functions & ensuring skill transfers and technical security awareness within the teamsIntegrate new clients into support model to support Web Security, Email Security & MalwareManage proxy server policies to ensure web usage policy is adhered and authorised exceptions when provided genuine business casesIntroduce process efficiencies for existing processes and procedures by performing gap analysis and document new improved ways of workingIdentify and assess the degree of threat posed by external and internal emergent trends and propose proactive methods and security configurations to protect assetsInvestigate the cause of high priority security breaches and proposing suitable countermeasuresReport recommendations to client infrastructure to reduce incident volume & produce ad hoc monthly reports for clients