09/06/2022 updated
100 % available
Cybersecurity Analyst, Information Security Services Specialist, Snr. Quality Assurance Tester
London, United Kingdom
United Kingdom
PhD Information Security and Systems ManagementSoftware DevelopmentMonitoringSecurityGDPR ComplianceInformation Security ManagementQA and Testing Technical Writingpolicy writing Requirements EngineeringIT Audits
Compliance (GDPR, Infosec Policies) Cryptography, Information Security, PCI-DSS, ISO27001, OWASP, SOX, Scanning, Burpsuite, Nmap, OpenVAS, Wireshark, Monitoring/Scanning, LogRhythm, DarkTrace, Tennable, JIRA, CRM, Gemini, Sharepoint, Confluence, ServiceNow, Software Development Life Cycle, scripting, Object-Oriented Programming, Java, C#, C++, Windows, Linux, Kali/Ubuntu, Mobile platforms, digital framework, Web-based services, Amazon - AWS, REST, database management and queries, SQL, MySQL, cloud, AWS, Azure, data protection, Nessus, Metasploit, network security, IT security, Continuous Integration, Jenkins, GitLab, penetration tests, firewalls, penetration tools, ERP, MS Word, Excel, automated tests
Languages
EnglishNative speakerSpanishGood
Project history
Role and Responsibilities:
* Perform and coordinate Proof of Concept (POC) on latest technologies and make recommendations to
company executives and board members
* Produce and communicate periodic security metrics to board members
* Computer threat analysis and monitoring
* Participate in budgetary meetings and decision-making
* Organise and enforce periodic company-wide information security training in line with ISO27001,
PCI-DSS and GDPR statutes and other industry-related standards
* Good knowledge of ISO27001, NIST, PCI-DSS, GDPR.
* Perform and coordinate PCI-DSS and IT audits
* Perform and coordinate data protection audits
* Oversee incident management activities - disaster drills, business continuity plans
* Implement and maintain security controls - technical, procedural and physical
* Offer consultations on security-related matters to other departments
* Liaise with other branch offices in Europe and EMEA zones on project delivery
* IT Project delivery and management
* Manage security team member
* Create, review and distribute information security-related and data protection-related policies
* Undertake risk assessment activities - formation of risk committees, identification of risk
owners, etc
* Review and provide relevant information security improvements/recommendations to executives
and board members
* Oversee and conduct due diligence on third-party vendors and other client-facing activities
* Coordinate and enforce information security-related CBT for computer Programmers
* Attend regular trainings, seminars with a view to keeping up to date with latest information
and security trends
* Develop risk-based mitigation strategies for networks, operating systems, and applications
using Nessus, Burpsuite, OpenVas, Wireshark and Metasploit.
* Compiling and tracking of vulnerabilities and mitigation of results to quantify program
effectiveness using Jira
* Creation and maintenance of vulnerability management policies, procedures, and training
* Revision and defining of requirements for information security solutions
* Organising network-based scans to identify possible network security attacks and host-based
scans to identify vulnerabilities in workstations, servers, and other network hosts.
* Major Achievements so far:
* Created and implemented a process to capture and report internal security breaches
* Proof of Concept on a new email monitoring tool, which was implemented based on my
recommendations
* Implemented a company-wide CBT on data protection
* Perform and coordinate Proof of Concept (POC) on latest technologies and make recommendations to
company executives and board members
* Produce and communicate periodic security metrics to board members
* Computer threat analysis and monitoring
* Participate in budgetary meetings and decision-making
* Organise and enforce periodic company-wide information security training in line with ISO27001,
PCI-DSS and GDPR statutes and other industry-related standards
* Good knowledge of ISO27001, NIST, PCI-DSS, GDPR.
* Perform and coordinate PCI-DSS and IT audits
* Perform and coordinate data protection audits
* Oversee incident management activities - disaster drills, business continuity plans
* Implement and maintain security controls - technical, procedural and physical
* Offer consultations on security-related matters to other departments
* Liaise with other branch offices in Europe and EMEA zones on project delivery
* IT Project delivery and management
* Manage security team member
* Create, review and distribute information security-related and data protection-related policies
* Undertake risk assessment activities - formation of risk committees, identification of risk
owners, etc
* Review and provide relevant information security improvements/recommendations to executives
and board members
* Oversee and conduct due diligence on third-party vendors and other client-facing activities
* Coordinate and enforce information security-related CBT for computer Programmers
* Attend regular trainings, seminars with a view to keeping up to date with latest information
and security trends
* Develop risk-based mitigation strategies for networks, operating systems, and applications
using Nessus, Burpsuite, OpenVas, Wireshark and Metasploit.
* Compiling and tracking of vulnerabilities and mitigation of results to quantify program
effectiveness using Jira
* Creation and maintenance of vulnerability management policies, procedures, and training
* Revision and defining of requirements for information security solutions
* Organising network-based scans to identify possible network security attacks and host-based
scans to identify vulnerabilities in workstations, servers, and other network hosts.
* Major Achievements so far:
* Created and implemented a process to capture and report internal security breaches
* Proof of Concept on a new email monitoring tool, which was implemented based on my
recommendations
* Implemented a company-wide CBT on data protection
Role and Responsibilities:
* Perform and coordinate Proof of Concept (POC) on latest technologies and make recommendations to
executives
* Participate in budgetary meetings and decisions
* Major Achievement: Established and kitted an IT security laboratory for the Irish Head Office
* Organise periodic infosec training for non-tech personnel in line with ISO27001 statutes and
other industry standards
* Mentor and train Junior colleagues
* Perform IT audits
* Liaison with other departments to deliver projects
* IT Project delivery and management
* Continuous Integration using Jenkins and GitLab
* Review security requirements and develop tests to validate the requirements
* Carry out application, network, systems and infrastructure penetration tests
* Deploy testing methodology and collect data
* Report on findings to a range of stakeholders, and client-facing activities
* Offer useful security improvements and recommendations
* Keep up to date with latest testing and ethical hacking methods
* Define test plans, security pen tests and simulated attacks on vehicle networks, firewalls,
operating systems, devices connected to the vehicle and connected car infrastructure
* Perform and coordinate Proof of Concept (POC) on latest technologies and make recommendations to
executives
* Participate in budgetary meetings and decisions
* Major Achievement: Established and kitted an IT security laboratory for the Irish Head Office
* Organise periodic infosec training for non-tech personnel in line with ISO27001 statutes and
other industry standards
* Mentor and train Junior colleagues
* Perform IT audits
* Liaison with other departments to deliver projects
* IT Project delivery and management
* Continuous Integration using Jenkins and GitLab
* Review security requirements and develop tests to validate the requirements
* Carry out application, network, systems and infrastructure penetration tests
* Deploy testing methodology and collect data
* Report on findings to a range of stakeholders, and client-facing activities
* Offer useful security improvements and recommendations
* Keep up to date with latest testing and ethical hacking methods
* Define test plans, security pen tests and simulated attacks on vehicle networks, firewalls,
operating systems, devices connected to the vehicle and connected car infrastructure
Role and Responsibilities:
* Organise periodic infosec awareness programs for non-tech personnel in line with ISO27001
statutes
* Mentor and train Junior Testers
* Perform IT audits
* Disaster Recovery Plan and Business Continuity coordination
* Implement risk assessment and controls (risk registers, risk reviews, general security controls)
* Enforce security policies in line with ISO27001, SOX and GDPR
* Incident management
* Produce technical documents for both internal and external clients
* Collaborate with Third Party insurance providers on projects
* Major Achievements: successfully delivered a new mobile banking application for a newly acquired
UK bank. I also introduced the concept of lean management to cut out waste of resources as well
as introducing an inventory system to control all digital devices of my Department, which has
helped to improve quality, productivity and efficiency.
* Organise periodic infosec awareness programs for non-tech personnel in line with ISO27001
statutes
* Mentor and train Junior Testers
* Perform IT audits
* Disaster Recovery Plan and Business Continuity coordination
* Implement risk assessment and controls (risk registers, risk reviews, general security controls)
* Enforce security policies in line with ISO27001, SOX and GDPR
* Incident management
* Produce technical documents for both internal and external clients
* Collaborate with Third Party insurance providers on projects
* Major Achievements: successfully delivered a new mobile banking application for a newly acquired
UK bank. I also introduced the concept of lean management to cut out waste of resources as well
as introducing an inventory system to control all digital devices of my Department, which has
helped to improve quality, productivity and efficiency.