Senior IT Security Systems Engineer
Our team of business services staff play a significant role in the success of Dentons, and we recruit staff into a wide variety of areas. Here, we look for focused, flexible individuals from a variety of backgrounds who are team players. Previous experience within the legal sector is not essential. We want to give everyone the opportunity to develop his or her potential fully and, therefore, provide support, training and encouragement to members of staff at all levels.Purpose of role
To assume responsibility for System Security in Dentons.
You will improve security by protecting system boundaries, keeping computer systems and network devices hardened, encrypted and updated against attacks and securing highly sensitive data.
The Senior IT Security Systems Engineer performs two core functions for the business. The first is the day-to-day operations of the in-place security solutions while the second is the identification, investigation and resolution of security breaches detected by those systems. Secondary tasks may include involvement in the implementation of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines and procedures as well as conducting vulnerability audits and assessments.
The Senior IT Security Systems Engineer is expected to be fully aware of the businesses security goals as established by its stated policies, procedures and guidelines and to actively work towards upholding those goals.
- Ability to identify production security issues and implement any required fixes in a timely manner.
- Analyse firewalls, systems and work with 3rd party support to ensure applications are secure and proper change management is in place around changes.
- Liaise and communicate effectively with the business to ensure that Dentons meets the cyber security requirements of any tender documents. Identify and mitigate any security gaps that exist.
- Carry out vulnerability testing, risk analyses and security assessments in conjunction with 3rd party security and application providers.
- Collaborate and implement improved authentication, authorisation and encryption solutions for on premise, cloud and remote access systems.
- Co-ordinate audits with nominated third parties and clients.
- Be point of contact for local aspects of security controls for the Edinburgh, Glasgow and Aberdeen offices.
- Respond to client tender information request documents, and bids, in conjunction with the Business Development team.
- Evaluate new technologies and processes that enhance Dentons security capabilities.
- Supervise changes in software, hardware, network, telecommunications and user needs in conjunction with IT Security & Governance Manager.
- Update, implement, and define, corporate security policies.
- Assists in the maintenance and evaluation , of policies and procedures in line with both business requirements and national and international legislative changes, i.e. ISO 9001/27001/22301 processes and procedures.
- In partnership with all of Business Services, ensure IT's services are properly positioned within client RFP responses as well aligning responses.
- Coordinate and oversee internal and external client audits as it relates to IT security and compliance.
- Coordinate and oversee third-party IT vulnerability assessments.
- Perform internal audits of IT and other business functions against ISO 27001.
- In partnership with IT Leadership team, work with respective IT personnel to ensure awareness and alignment of ongoing client, industry and best practice compliance obligations.
- Act as business liaison with all Business Services. In this role, engage in ongoing dialog regarding business unit's priorities and IT service requirements to support efficient operations.
- Knowledge and experience of industry standards such as ISO 27001, Cyber Essentials.
- ISO 27001 lead auditor qualification preferred.
- Extensive understanding of data handling best-practices and information management and governance.
- Knowledge and expertise of cross-border regulations , such as GDPR and EU data Privacy rules.
- Broad understanding of technology and legal applications preferred (not mandatory).
- Extensive information security experience, across broad security domains.
- Experience working with technical people responsible for implementing security technology.
- Experience in security monitoring, detection, prevention and control systems.
- Ability to stay current with intrusion detection systems, hacker techniques, phishing schemes, emerging logical security threats, and compromised server techniques.
- Ability to dig into details as well as analyse data from a high level view.
- Understanding of the compliance, legal and ethical obligations that organisations should have with respect to logical and physical security, personally identifiable information and data protection.
- Comprehensive knowledge about data handling and security best protocols.
- CISSP/CISA/CISM certification preferred.
- Hands on technical security experience with Windows Server and desktop operating systems.
- AV and Malware Protection.
- System Security Patch Management.