IT Cyber Security Specialist

**ACCELERATE YOUR CAREER**

WAE Technologies Limited exists to accelerate the advantage and impact of our clients. We do it through innovative engineering and technology that solves complex problems and brings a step-change in weight, speed, and efficiency. Join us to help fulfil our mission to accelerate an efficient, electric, and sustainable future.

An opportunity has arisen for **IT Cyber Security Specialist** to join our IT team in a rapidly expanding and exciting work environment. Purpose of the role is to be responsible for overseeing information security, cyber security and ICT risk management programs based on industry-accepted information security and risk management frameworks. This includes identifying and mitigating security risks, responding to security incidents, conducting security audits and providing the IT roadmap to relevant industry standard accreditations, e.g. Cyber Essentials/Cyber Essentials+, ISO27001 or NIST.

**Job role**:

- Coordinate the continuous development, implementation and updating of cyber security and privacy policies, standards, guidelines, baselines, controls, processes and procedures in compliance with relevant regulations and standards for information systems.
- Develop and manage the frameworks, processes, tools and consultancy required to manage IT Cyber & Information Security risks and to make risk-based decisions related to IT activities.
- Proactively identifying and mitigating security risks and vulnerabilities through continuous assessment internally and working with external 3rd party auditors to conduct periodic reviews.
- Proactively identifying and mitigating IT risks as well as responding to observations identified by third-party auditors or examiners while assisting in developing periodic reports and dashboards presenting the level of controls compliance and current IT risk posture.
- Develop a framework for cyber security controls relating to Operational Technology infrastructure for manufacturing.
- Assist IT managers and staff with the audits and facilitate management response and remediation efforts.
- Ensure overall IT compliance with regulatory requirements through proactive planning, communication, ownership, and relationships with key stakeholders.
- Identify acceptable levels of residual risk and assist with action plans, policy and procedural changes for risk mitigation. Provide strategic recommendations to key IT projects to help improve project results, quality of deliverables, risk optimisation, security processes and compliance with regulations.
- Facilitate cyber security, information security management and regulatory (as required) training for all employees.
- Support internal investigations, prepare written findings and recommendations, and carry out follow-up activities.
- Coordinate Information Security Incident response activities, manage reporting for events and/or exploited vulnerabilities, including unauthorised system or network access, denial of service, inappropriate data access, data corruption, and/or collection of private or confidential information.
- IT point of contact for disputes, requests for exceptions and complaints regarding business-wide information systems security policies, practices and related issues, supported by the IT Management Team.
- Work as a liaison for external bodies requiring information and reports on IT security incidents.
- Create and maintain all relevant Cyber and Information Security documentation and procedures.
- Stay up-to-date on the latest security threats and technologies
- Work with other IT staff and business stakeholders to ensure the security of the company's information assets
- Contribute to solutions developed by Operations & Infrastructure, Applications and Service Delivery teams to ensure cyber security controls and principles and maintained and upheld at all times.
- Contribute to the IT Service Catalogue.
- Be a member of the IT Change Advisory Board and IT Incident Management and Response team.
- Support the Out Of Hours Incident Management process for cyber security incidents
- Work within the ITIL aligned IT management framework as lead by Head of IT
- Own additional IT Processes as identified/required.

**You’ll have**:

- Experience in a similar/IT related role - Essential
- Experience working within a Microsoft enterprise environment - Essential
- Knowledge of IT processes and controls and excellent understanding of risk and control frameworks e.g. CoBIT, ISO, NCSC, NIST and ITIL. - Essential
- Possess Certified Information Systems Security Professional (CISSP) or other information systems security certifications - Desirable
- An excellent understanding of information security regulatory requirements and standards such as ISO 27001/2, Cyber Essentials/Cyber Essentials Plus, SANS top 20, NIST SP-800-53 - Essential
- Understanding of ISO21434, TISAX and other related automotive standards - Desirable
- Good practical knowledge of security technologies and wider busines