Senior Information Security Engineer
To support the Chief Information Security Officer and Chief Technology Officer in managing and reporting the Information Security Risks faced by Technology Services (TS) in delivering AJ Bell’s systems and services. Key to this is maintaining the confidentiality, integrity and availability of the data that resides upon those systems.
Play a lead role in designing and implementing improvement to the Cybersecurity risk management standards, processes and tooling. Keep cyber risks and key risk indicators up to date ensuring that they can be reported on from a Departmental and Executive level.
Assist and support the Information Security team to drive continual improvement through innovation, automation and integration of its tools and processes.
The key responsibilities of the role are:
- Implementing changes / fixes to address security vulnerabilities identified (e.g. during security scans, penetration tests etc.)
- Assessment, planning and co-ordination with other teams regarding patch management activities for internal and third party hosted systems
- The technical security lead on major initiatives, including those driven by the security team and by other business areas.
- Supporting and advising on projects and change initiatives to ensure that there is no impact on the security posture.
- Developing and proposing Information Security Policy considering best practice and to reflect the deployment of new technologies.
- Monitoring external information sources to make recommendations on latest security threats and vulnerabilities
- The technical lead for major security incidents and investigations
- Developing and maintaining security playbooks to respond to incidents
- Providing technical guidance and mentoring to junior members of the team.
- Improving security awareness across the department and organisation
- Being on rota to provide on call support for evenings and weekend cover for major incidents requiring escalation from the SOC. This is generously rewarded with a fixed on-call rate, plus overtime for call outs and time in lieu.
- Experience in sourcing and utilising external threat intelligence
- Knowledge of network protocols, architecture and information security standards and procedures
- Awareness, and exposure, to Security Information Event Management (SIEM) technology
- Endpoint security products, anti-virus and anti-malware solutions
- Exposure to email and web gateway solution
- Fortinet (or equivalent) networking products
- Microsoft Server / Desktop operating system experience
- Linux configuration and security management
- Awareness of Cloud security solutions and standards, especially AWS
- Experience of O365 deployment and the configuration of appropriate alerts, monitoring and Defender deployment.
- Ability to produce reports and briefing papers for technical and non-technical audiences
Competence, knowledge and skills
- Experience working within recognised Information Security frameworks and best practices such as ISO27001, NIST etc
- Experience in an Information Security role gained in a FS or e-commerce environment.
- Microsoft certification and/or computing related degree (or equivalent)
- Willingness to actively seek and assume responsibilities that will introduce efficiencies and improvements the Technology Services team
- Proven ability to be the technical lead on complex projects.
Knowledge & Skills
- Self-motivated, professional, tenacious and enthusiastic
- Strong ownership of tasks, attention to detail and following through to conclusion
- Ability to challenge approach, strategy and implementation to ensure Information Security in consistently considered and improved
- Ability to work under own initiative but to plan and communicate effectively with colleagues and customers
- Structured, self-starting, flexible and enjoy working in fast paced environments
- Effective communication skills, both written and verbal
- Ability to plan, organise and follow through on assigned tasks and complete with little or no prompting from management
- Ability to learn and develop new skills and take on new challenges
- Excellent attention to detail
- Ability to provide technical coaching and mentoring to junior members of the team.
AJ Bell is one of the fastest-growing investment platform businesses in the UK, with over 418,000 customers using our award-winning platform propositions to manage assets totalling more than £74.1 billion. Having listed on the Main Market of the London Stock Exchange in December 2018, AJ Bell is now a FTSE 250 company.
Headquartered in Manchester with an office in central London, we now have 900 employees and have been named one of the Sunday Times ‘100 Best Companies to Work For’ for three consecutive years.
There are opportunities for growth and professional development for members wanting to progress within their career including induction training and our study support scheme which is part of our benefits package.
At AJ Bell you can expect a friendly working environment with a strong sense of team work, we have a great sense of pride in what we do and this is reflected in our guiding principles.
There is an active programme of social events throughout the year, which are open to all employees.
- Regular remote working
- Discretionary bonus scheme
- Buy as you earn share scheme
- Contributory pension
- Dedicated time for proof-of-concepts and assessing new tech
- Support to attend conferences, events, and meet-ups
- Pay-day drinks on our 7th floor roof terrace
- 24 days holiday increasing to 30 with length of service
- Holiday buy scheme
- Enhanced maternity and paternity
- Death in service cover
- Confidential 24/7 365 employee assistance helpline
- Free onsite gym and trainer led classes (yoga, Pilates, boxercise, circuits)
- Paid volunteering days
- Bike loan scheme
- Season ticket loan portal
- Plus, much more
This role provides formal cover for Mission and Business Critical systems and processes, and as such you may be required to work evenings, weekends and bank holidays to provide out of hours support for such systems and processes, as part of a rota. Employees who are scheduled to be on-call will receive a weekly standby allowance and will be paid for overtime worked during these periods.
This role is available under our hybrid working scheme. Ideally we're looking for people who are within commuting distance of one of our offices however for certain roles we can consider UK-based candidates who are further away - ask the recruitment team for more information. Please note, we are unable to provide employment sponsorship to candidates at this time.