Information Security Officer (DevSecOps) FTC
Based Wiltshire with Hybrid Working
This is an exceptional opportunity to work for our client a service provider to the UK public sector. They seek an Information Security Officer to provide Information Security advice and manage security controls in relation to DevSecOps to ensure code development meets the require standards.
In this role the post holder will be a point of contact for DevSecOps to provide complex advice and guidance through to resolution, with support from the SME.
- To review modern methods of coding to identify issues, especially related to security.
- Understanding of API and their structure to ensure good practice and security.
- Advise on the Maintenance of ISMS security controls across the organization in relation to Development and coding.
- Design and facilitate tactical level the integration security into the development cycles.
- Prioritise and manage own workload effectively.
- Develop professional relationships with stakeholders and colleagues to share and utilise information, advise and influence managers across the business.
- Work collaboratively on cross-team/pillar tasks and projects to achieve business objective.
- Proactively look for way to improve processes and contribute effectively to the business.
- Responsible for improving own knowledge of DevSecOps.
- Support the overall risk management and governance of teams and the wider business.
- You will have previous experience working as an IT Security Officer with knowledge of DevSecOps.
- with substantial experience of risk management, cyber and information security.
- Practitioner under a scheme like Infosec Training Paths & Competencies (ITPC) scheme
- Ability to form complex communications/messages in a simple, clear and concise manner to the various parts of the business.
- Good stakeholder management and engagement skills; experience of negotiating and managing internal and external stakeholders.
- Ability to understand web technologies and understanding of OWASP identified risks and how to prevent them.
- Ability to understand cloud technologies and how to implement secure systems.
- Ability to understand networking principles and the technologies and be able to apply the knowledge.
- Skills and abilities in understanding coding languages to be able to assess the security of developed applications and API
- Good organisational skills, with the ability to manage and prioritise own workload with little or no senior support
- Knowledge and experience of continuous improvement.
- Training and experience as either a security analyst or network security Officer.
- Certified Information Systems Security Professional (CISSP)/(CISM).
- Member of the Institute of Information Security Professionals (MInst.ISP).
- Practitioner under the Infosec Training Paths & Competencies (ITPC) scheme.
- Experience of working with information covered under the UK Government security practices.
- This role requires SC clearance on appointment.