I am Recruiting for a Senior Support Engineer to assist the business in using a risk based approach to secure IT systems from current and emerging threats during development and maintenance cycles. Determine security requirements for projects. Assist in the development and refresh of global strategy for information security. Prepare global IT security standards and reference architecture. Assist the development of policies and procedures. Estimate the cost and determine the delivery approach for security solutions.
If this sounds like you, I need to speak with you asap!
KEY TASKS and RESPONSIBILITIES
• Plan, analyze, and design global security systems including network monitoring, intrusion detection and prevention, identity management, access control, mobile device management, and data protection. Initiate upgrades to security systems as necessitated by technology availability and maturity, security gaps, emerging threats, business risk and needs, and cost effectiveness.• Serve as a primary security contact for projects during the planning, analysis, and design phases of projects. Provide IT security technology and process guidance for enterprise architects and the business. Monitor ongoing projects to verify that security components are built and deployed as originally designed. Assist in reviewing compliance to Zurich’s reference security architecture and industry standards, internal policies, and procedures. • Improve the security posture of business systems by planning and designing the delivery of security within the solutions. Evaluate security at all levels including network (firewalls, routers, etc.), server (mid-range, mainframe, virtual, appliance, etc.), OS (Windows, Linux, OSX, iOS, Android, etc.), application server (WebLogic, JBoss, WebSphere, etc.), application (Java, JSP, .NET, etc.), data store (Directory and database), authenti-cation mechanisms, authorization procedures, auditing/logging, and user administration and access control. Consult on security considerations based on system delivery models including internally hosted, cloud hosted, cloud managed, mobile, etc. • Help develop security strategy based on business strategy, available technology, and current/emerging threats. Maintain Zurich’s IT security reference architecture for the IT organization the business units.• Research emerging threats, vulnerabilities, and security practices/standards to maintain professional relevance and assist during the response to security incidents affecting or potentially affecting the organization.• Enhance the Security Group’s and reputation by maintaining personal networks with other IT and business units, suppliers, and vendors; participating in professional organizations and acquiring professional certifications; accepting ownership for tasks; providing noticeable business value beyond technical security consultation.
RELATIONSHIPS:
Internal:
• CITO PMO• GiTAG Architects• BU CISO• Business analysts• Governance partners (Group Risk, Group Compliance, Group Audit, Group Legal)• Procurement• IT Finance• HR and Recruiting (including external recruiters)• Business Risk and Control Committees
External:
• Service Providers and Suppliers• External auditors• Assurance organisations• Industry bodies (e.g. ISF)• Group IT Operations• Vendors
QUALIFICATIONS/EXPERIENCE
• Minimum 3-5 years professional experience with a Bachelor’s Degree.• Must have experience in SiteMinder or Oracle Identity Manager• Risk management and IT security skills.• Experience with working across business unit and geographical boundaries to engage team members required. • Certifications: CISA , CISM , CISSP and (PMP or equivalent).
KNOWLEDGE:
• Strong integrity and highly ethical.• Strategic orientation with the ability to act tactically as required• Effective in influencing and persuasion.• Project management excellence.• Foresight to connect disparate pieces into cohesive but simple solutions.• Execution – the ability to deliver, time and again.• Has a bias for action using effective problem solving and decision making techniques.• Knowledge of generally accepted security practices, able to perform security assessments, and understands data protection requirements.
TECHNICAL SKILLS
• Information risk and security skills (i.e. putting information security in a business context and consulting with internal stake-holders).• Security knowledge and/or other skill-set across various technologies and platforms incl. network infrastructure, operating sys-tem (iSeries, pSeries and Wintel) and databases (Oracle and SQL) are highly beneficial.• Experience of financial services (or other) application and infrastructure information security.• Experience of delivering information security projects is valued.• Knowledge of the application of IT security tools and techniques is valued.• Written and oral English language proficiency.• Other language skills are valued.
TRAVEL and OTHER REQUIREMENTS
Requires occasional travel to the business division headquarters, corporate centre, and across region (depending on role location) or conference locations; travel will typically not exceed 10%.
Please submit your application online.![]()
↧