IT Cybersecurity Assurance Specialist

Abingdon, GB, OX14 3YP

Information Technology

Sophos Overview – Cybersecurity Evolved

Sophos evolves to meet every new challenge, protecting more than 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyberthreats. Powered by SophosLabs, our cloud-native and AI-enhanced solutions are able to adapt and evolve to secure endpoints and networks against never-before-seen cybercriminal tactics and techniques. Managed through our award-winning, cloud-based platform, Sophos Central, our best-of-breed products work together through our unique Synchronized Security system to share threat intelligence and respond to evolving threats. The Sophos suite of products secures networks and endpoints against automated and active-adversary breaches, ransomware, malware, exploits, data exfiltration, phishing, and more.

 

 

Job Purpose

 

The IT Cybersecurity Assurance Specialist will be responsible for performing information systems audit work related to the company’s risk assessment as well as monitor the overall IT business recovery plan.  This role is a key influencer on policy and awareness and is responsible for the development, review, implementation, and maintenance of the organization’s information security assurance program.

This a great opportunity to help secure a world-leading security company. As you’d expect you’ll be joining an organization that takes security seriously. You will get the opportunity to work with some world-leading experts from across the company in a fast-paced & exciting environment where security is a priority.

 

Main Duties

 

 

 

  • Performs IT risk assessment control audits on current policies and ensures we are following those policies
  • Identifies top risks to the organization and the behaviors that must change to mitigate those risks
  • Identifies weaknesses in internal controls and opportunities to enhance IT operational efficiencies
  • Tracks remediation of audit issues noted in internal audit reports
  • Reviews IT policies once a quarter to maintain relevancy
  • Maintain a framework that effectively measures compliance with information technology policies
  • Ensures IT disaster recovery plan is implemented and all stakeholders are trained and informed
  • Serves as the lead liaison with IT for IT external auditors and co-sourced consultants
  • Establishes, implements, and maintains information assurance programs, requirements, and standards based on the analysis of user, policy, regulatory, and resource demands
  • Communicates risk assessment findings to relevant stakeholders outside the security team
  • Updates and maintains documentation including, but not limited to, policies, standards, contingency plans, and incident management plans
  • Analyzes information assurance-related technical problems and provides engineering and technical support for solving these problems
  • Identifies, reports, and resolves security violations
  • Ensures employees and third parties understand, acknowledge, and fulfill all applicable information technology policies
  • Have and maintain an expert knowledge of Infosec industry trends and developments and advise on changes to the threat landscape
  • Have and maintain an expert knowledge of the relevant legislative, contractual, compliance and technical information requirements
  • Project manage and plan the work of cross-functional teams on cybersecurity & compliance projects
  • Articulate complex technical security issues into business focused terms and communicate with senior stakeholders across the business
  • Identify, propose and initiate improvements to the organization’s security posture
  • Assist and mentor other team members

 

Special Conditions

 

  • Occasionally required to be available out-of-hours.

 

Organisational Responsibility

 

  • Works closely with Internal Audit, Legal and the IT team.
  • Advices managers and teams across the business on security risk and compliance.
  • Reports to the Senior Manager of Strategy and Risk.

 

Qualifications

 

Essential

 

  • Educated to bachelor’s degree level

 

Desirable

 

  • Security-related professional certification (CISSP, etc)

 

Skills and Experience

 

Essential

 

  • Expertise in IT security risk management in a business context with practical experience developing and implementing appropriate mitigation strategies.
  • Demonstrable experience in a senior security role.
  • Strong interpersonal skills.
  • Ability to handle complexity and innovate.
  • Strong project management and organizational skills.
  • Ability to work in a fast-paced, rapidly evolving company environment and drive results.
  • Excellent communication, presentation and interpersonal skills – ability to communicate across and up the organization including internal communication to gain buy-in on security strategy.

 

Desirable

 

  • Knowledge of Sophos products.
  • Experience working in a global environment.
  • Experience securing an AWS environment

 

Equal Opportunities

 

Sophos is committed to equality opportunity in all areas of its work. All qualified applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, marital status, race, religion, colour, age, disability or sexual orientation.

 

If you choose to explore this opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos.  If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights.  If you have any questions about Sophos’ data protection practices, please contact dataprotection@sophos.com.

At Sophos, we want every organization to be protected by innovative, next-generation IT security, even those who don't have a huge IT staff. We protect organizations of all sizes, all around the world by making enterprise-grade security that is simple to deploy, manage, and use. It is our passion, and something we are truly proud of.


Job Segment: Database, Information Systems, Project Manager, Technical Support, Information Security, Technology