Senior Security Engineer
The Global Technology department plays a crucial role in supporting the success of the business. We are responsible for developing and implementing state-of-the-art software and hardware maintenance to support our fund management, trading, distribution and operational areas with secure, stable and resilient technology platforms.
The primary function of this role will focus on the supporting the Data Loss Prevention (DLP) technologies and processes. Ensuring that all alerts and events are correctly followed up and investigated as well as liaise with other IT teams and departments (Compliance, Data Privacy, Risk) to ensure incident playbooks are accurately followed.
In addition, as part of this role you will be responsible for developing, monitoring, evaluating and maintaining systems and procedures to protect the confidentiality, integrity and availability of information systems. This position evaluates existing data security procedures and identifies new areas of risk as well as reviewing new security applications. This is a technical position that requires knowledge of security industry standards, incident response handling, provide technical security recommendations and/or solutions around systems and networks, and have a solid grasp of overall IT architecture.
Duties and responsibilities
- Perform security incident investigations including chain of custody, containment measures, root cause analysis, and identification of preventive measures
- Assist with the implementation, and administration of information security policies, standards, and procedures, adhering to industry best practices
- Plan, coordinate, and implement security measures to regulate access to computer data files and prevent unauthorised modification, destruction, or disclosure of information
- Perform risk assessments and execute system tests to ensure proper functioning of data processing activities and security measures
- Verifies security controls in new and existing computer systems conform to security policies and guidelines.
- Identify potential security risks, and document remediation options or mitigating controls.
- Assist in integrating regulatory compliance requirements (e.g., SOX, GLBA) into the organisational security road-map
- Participate in the Information Security on-call rotation
- Carry out additional duties as assigned
Technical skills and qualifications
- Bachelor's Degree in Computer Science and/or related field preferred.
- Security related certifications preferred (Security+, CEH, CISSP, OSCP, etc.).
- Extensive experience in information security.
- Experience in supporting data loss prevention technologies and processes.
- Experience in cyber incident response handling procedures and forensic investigation tools.
- Proficient in the security of Windows and UNIX (security access rights, configuration best practices, and potential vulnerabilities).
- Intermediate knowledge of the OSI model and security that is associated with each layer.
- Intermediate knowledge of wide area network security as it pertains to networking protocols and connectivity to/from outside resources (switches, routers, firewalls, VPNs, encryption, and authentication methods).
- Experience with modern scripting languages.
At a minimum the role will require you to:
- Act in accordance with TCF (Treating Customers Fairly) principles
- Understand and follow laws and regulations applicable for your role, seeking the help of your supervising manager or Compliance if additional guidance is required
- Understand and abide by all company policies applicable to your role, and seek support/guidance of the policy owner guidance when required
- You are ultimately accountable for your actions and responsible for seeking further information on any or all of the above as necessary.