defining and managing all stages of security incident response across a diverse range of clients and technology environments, based on the NISTSP800-61 Incident Response Lifecycle. What You'll Be Doing: '-Support the development of tools to support the implementation e.g. RACI, Service Catalogues … ability to explain technical problems to non-technical business stakeholders at all levels. '-Strong knowledge and experience with the ISO27001:2013 standard and NIST framework '-Good understanding of information/cyber security issues across various sectors. '-Good technical, analytical, and communication skills (both written and verbal). '-Ability more »
products and understanding of their capabilities including EndPoint Management, Vulnerability Management, SIEM Understanding of major regulatory and industry standards/guidelines such as NIST and MITRE ATT&ACK frameworks Stakeholder Management: ability to create and maintain strong relationships with stakeholders in order to drive outcomes and create alignment … with accountability for regulatory compliance and information security management frameworks (e.g., International Organisation for Standardization [IS0] 27000, National Institute of Standards and Technology [NIST] 800). Demonstrable experience in facilitating IT Control audit activities. Disclaimer: This vacancy is being advertised by either Advanced Resource Managers Limited more »
all levels. '-Strong written and oral communication skills '-Active SC Clearance, or ability to obtain SC clearance Experience of following Cyber Security Frameworks: '- NIST Cybersecurity Framework (CSF): Understand the five core functions of Identify, Protect, Detect, Respond, and Recover. Familiar with the framework's guidelines for managing and … reducing cyber risks, in particular NIST 800.53. '- ISO/IEC 27001: Comprehend the international standard for information security management systems (ISMS). Knowledge about risk assessment, controls, and continuous improvement. '- CIS Controls: Be aware of the Centre for Internet Security's critical security controls. These provide a prioritized more »
Treatment Plans Establish security requirements for cloud-based solutions by evaluating business strategies and requirements, implementing security standards such as ISO 27000 series, NIST, CSF, and CSA Identify and deliver appropriate controls based on industry standards (e.g. CCM) to drive cloud and customer security solutions framework based on … and best practices for delivering security across IaaS, PaaS, SaaS and Serverless architectures Implementing Information Security and Privacy Standards and Frameworks (e.g. ISO 27k, NIST800-53, CIS, GDPR) Leading security working groups and external security testing (ITHC, Penetration Testing, etc) of cloud solutions at high HMG classification levels (OFFICIAL required more »