Information Security Engineer


Birkenhead or Liverpool

REFERENCE: 03.22.15
CLOSING DATE: 4/15/2022 12:00:00 AM

Job Purpose

The Information Security Engineer will primarily be responsible for creating, developing and managing Carpenters Group’s technological response to Information and Cyber Security, with responsibility for the management and implementation of information, data and network security systems, and shared responsibility for the review of policies and procedures in accordance with externally verified ISO 27001: 2013 requirements, client security audits and other third-party accreditation schemes. 


Key Duties and Responsibilities

  • Translate IT policies and procedures into fully realised systems in line with the ISO27000 series standards.
  • Work with business delivery teams to create policies and procedures aligned to business processes.
  • Contribute expert knowledge towards the development of a company-wide information security management strategy, including toward systems aligned with company information governance policies
  • Continually develop, implement and maintain information security policy, standards, procedures and practices.
  • Work to ensure best practice in information security management is reflected in customer agreements, expectations and standards down the supply chain.
  • Work toward embedding information security awareness, practices, tools, guidelines, checks and metrics into every phase of the software development and operations lifecycle
  • Gap Assessment and Audit Compliance
  • Ensure information security controls, monitoring and procedures are implemented
  • Maintain currency with emerging security trends, new guidance and standards, evolving threats, vulnerabilities, and control techniques
  • Join and maintain relationships with industry and cyber security bodies
  • Establish and govern the Security Incident response processes, investigations and security operational processes. Lead and / or advise business units as necessary to investigate security incidents
  • Establish and maintain an Information Security Risk Management Strategy and ensure that the IT and Corporate Risk Registers adequately reflect information security risks.
  • Work with security vendors and other 3rd parties on outsourced SOC projects
  • Manage penetration and application testing schedules, bringing in a range of 3rd party services as appropriate
  • Win resource within the Infrastructure Team to monitor and improve the security of the infrastructure.
  • Draft responses to tender documents and requests for information from 3rd parties where they relate to data protection, GDPR and ISO27001
  • Review and analyse system logs on an operational basis and in response to incidents, taking appropriate corrective and preventative action


Experience and Knowledge

You will be someone who is self-motivated and focussed on the customer. You will demonstrate initiative and ownership. You value others and their contribution and enjoy working collaboratively with colleagues. You will be flexible and adaptable to change. In addition, you will have the following skills:


  • Experience in information security risk management
  • Experience in advising training teams in the development and delivery of information and cyber security education
  • The ability to present Information Security in an engaging and positive manner, and to approach all work with a view of how to positively improve our business and provide our users with a fantastic experience.
  • Knowledge of the ISO27xxx family of standards (standards, codes of practice, guidelines)
  • Information security fundamentals and risk management
  • Internal and external audits - both given and received
  • Strong subject matter experience in network security, application security, vulnerability and penetration testing.
  • Must be able to interface and coordinate work effectively demonstrating strong project management skills
  • Any Information Security qualifications such as CISSP would be highly desirable
  • Broad range of skills and knowledge across multiple IT disciplines
  • Knowledge of Firewalls, networking, penetration testing, log analysis and anti-virus systems
  • Knowledge of system hardening techniques
  • Excellent organisational skills: ability to balance priorities to meet multiple deadlines
  • Ability to function in a high paced environment to meet high pressure deadlines
  • Strong stakeholder management skills
  • Proactive, shows initiative and takes ownership of a service area in order to deliver improvement
  • Strong problem solving skills
  • Detailed analytical approach

Software Tester

If you have been referred to this job advertisement by an employee at Carpenters Group please add their name here.