We are recruiting for a Senior Cyber Security Specialist here at City & Guilds. In this role you will lead and act as subject matter expert for computer and network threat intelligence, incident responses, investigations and vulnerability assessments that pertain to different types of cyber threats, including malware, data theft, denial of service, and data breaches.

You will collaborate with a new Managed Detection Response (MDR) provider and be responsible to lead the development and integration of that service to deliver maximum value to the business in reducing cyber risk, cost, and efficiency.

As SCSS, you will be a senior strategic lead, delivering cyber risk reduction by utilising a sound base of technical engineering skills and substantial business and project leadership experience through technology, business and third parties.

You will need to be based in the UK working on a hybrid basis with a mix of home and office - but you do need to be within commutable distance from one of our City & Guilds hub offices.

This appointment will be made on merit.

We believe that diversity and inclusion strengthen and enriches us, and that it is the responsibility of everyone at the City & Guilds Group to drive this value. As ethnic minority groups and disabled people are currently under-represented within the Group, we particularly encourage and welcome applications from these communities.

You will be responsible to define and chart a multi-year strategy of success and foster effective relationship with IT and the wider business to pinpoint the underlying issues and create effective corrective and preventive measures.

Our successful candidate will be self-driven in identifying opportunities, making recommendations and championing maturity initiatives to improve the posture and efficiency of the security operation. You must be comfortable and experienced in working and delivering successfully across the global environment and addressing complexities of obligations, regulations, Legacy, and resistance to change.

The working hours are core Mon-Fri UK hours; however, the service is provided globally and there will be some need for out of hours response in the case of major incidents and threat priorities where vital. The design of the service based on the use of an external 24/7 hybrid MDR aims to reduce the need for this, and it will be within the gift of the individual to optimise these arrangements.

You should have extensive technical experience (plus 5 years) working with information security and/or technology in senior technical positions. You will bring substantive senior experience of managing technology and information security major incidents and demonstrable best practice.

You will have an excellent knowledge of IT infrastructure (hardware, databases, operating systems, local area networks etc) and application architectures.

You will be incredibly 'hands on' when needed and will be required to maintain a strategic overview of all project and related Security function activity.

We need you to have a solid mix of technology and commercial skills, demonstrating critical thinking and problem-solving ability with a focus on business outcomes and efficiencies. You will provide thought leadership and be the recognised expert for your subject knowledge and skill set, enabling a strong contribution to scoping, solution design, configuration, and testing in a delivery capacity.

Our successful candidate will have a detailed understanding of Security Infrastructure design and IT Security best practice. You will have excellent written and spoken communication skills with the ability to create, update and maintain network diagrams.

As Senior Cyber Security Specialist, you will have a detailed knowledge of security products, SIEM, AV, security gateways, Firewalls, load-balancers, ACLs, routing and switching. You should have a strong understanding of common IT protocols, infrastructure and systems.

You will have extensive experience of technologies including but not limited to Firewalls, IPS & IDS, Active Directory, Windows Server, Linux, AWS, Vulnerability management and SIEM, DRM.

We would expect you to have a familiarity with industry security standards such as NIST, Cyber Essentials, ISO27001 and GDPR.

You should also have experience with internal/external Security and Governance audits.