Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Jobs - IT Security Manager London, UK GSLC, GSTRT, GSEC, GCIH, GCCC, GPEN, GMON, GCFA, GCFE InfoSec Jobs

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

IT Security Manager
Company Euromoney Institutional Investor PLC
Location London, UK
Travel 5%
Salary Market rates
URL Not provided
Contact Name Matthew
Contact Email mbullimore/at/
Expires 2018-01-18

Job Description

Euromoney Institutional Investor PLC is listed on the London Stock Exchange and is a member of the FTSE 250 share index. It is an international business-to-business media group focused primarily on the asset management, banking and commodities sectors under brands including Euromoney, Institutional Investor and Metal Bulletin. It is a leading provider of economic and investment research and data under brands including BCA Research, Ned Davis Research, and the emerging market information providers, EMIS and CEIC. The group also runs an extensive portfolio of events for the financial and commodities markets. Its main offices are in London, New York, Montreal, Hong Kong and Sofia, and more than a third of its revenues are derived from emerging markets.

Euromoney is a dynamic organisation with a newly independent status, following a share buy back from DMGT plc, and ambitious growth plans.

The Group’s Central Technology function works with and complements the business focused (outward) Divisional technology teams. It is principally responsible for delivering core shared services (inward) across the Group. Due to its group wide coverage it is able to leverage economies of scale and provide subject matter expertise in a range of core disciplines.

The Service Delivery team provides core shared infrastructure and security services across the divisions. It delivers reliable, secure and cost effective core services (e-mail, file+print, end user computing, back-office applications, infrastructure and networks). The DevOps team support and maintain the centrally hosted divisional websites, providing 24x 5 coverage. The Information Security team develops, implements and maintains security controls to mitigate the ever-increasing risk of cyber threats.

The Central Platforms team support and maintain the Group’s suite of centrally developed platforms (publishing and subscription management), used extensively across the divisions. The platforms are developed in line with business demand. The team is also responsible for maintaining and iterating development best practice and quality standards, sharing and promoting their adoption across the divisions.

The Project Management Office is responsible for overseeing the portfolio of central technology projects, providing expert guidance and support to the project management team and stakeholders to deliver projects to time, budget and quality.

The Central Technology function also oversees risk, audit, compliance and disaster recovery processes across the Group, working closely with the Risk function and divisional teams.

This is a critical role with global coverage, responsible for managing and developing IT Security across the Group’s business divisions and functions. The IT Security Manager will take accountability for ensuring cyber security defense techniques are employed across all areas of the business, and that security best practice is adhered to in all areas of technology management.
Key responsibilities include:
• Define and establish appropriate controls and processes in line with industry best practice so as to protect the confidentiality, integrity and availability of the Group’s information assets and systems
• Identification and mitigation of new information threats and vulnerabilities, escalating where necessary
• Effectively managing the IT Security team (virtual) working with technology key stakeholder across the Group
• Lead security incident response activities
• Managing and implementing the annual IT Security program
• Working closely with the Director of Information Risk to align IT Security initiatives

• Protect the Group’s data assets using tools and best practice techniques
• To detect the presence of suspicious and malicious activity on the network
• React promptly and professionally to any incidents, providing triage, escalation and remediation as required
• Supporting the execution of internal and external audits
• Oversight for technical security controls including, but not limited to:
o Penetration testing
o Content control and malware protection
o Network security including firewalls and IDS
o Security event and log management
o Security incident response
o Vulnerability and patch management
• Appropriate escalation of security vulnerabilities and trends identified from security incidents
• Conducting or overseeing activities such as penetration testing and regular security audits, with results collated and appropriate recommendations made
• Continual research of IT Security threats and solutions in line with industry advancement and trends
• Managing security exception processes, such as privileged access requests
• Liaising with both the Business and Technology Services project teams regarding Security requirements for proposed, new, or developing services
• Contributing to requirements and subsequent design, testing and implementation of security controls required to support defined security policies and procedures
• The review and approval of any software patch or security updates, in association with other technical teams, and the TS Change process
• Maintain an understanding of existing and emerging information security best practices
• Establish and manage 3rd party supplier relationships where required
• Remain commercially and results focused
• Work with onshore and offshore development teams to increase the maturity of secure development practices and remediate web application vulnerabilities
• Product owner for the Web Application Firewall, create rules to mitigate threats, analyse logs, troubleshoot issues
• Prioritise issues and engage with Product teams to agree timelines and releases
• Managing the IT Security budget

• Strong prior experience as an Information Security Officer or Senior Analyst in a global enterprise environment
• Able to demonstrate a broad knowledge of IT Security and Service Continuity standards & practices
• A good knowledge and understanding of Windows Server 2008< and associated Windows enterprise technologies in a networked, enterprise environment
• Apply a risk proportionate approach to IT Security
• Experience of configuring and supporting firewall and intrusion detection technologies
• Management of Log Logic or similar SEM solutions
• Working knowledge of McAfee EPO, Symantec and Qualys toolsets
• Current knowledge of security industry threats and trends and vendor landscape
• Media, digital or Financial Services industry experience preferred
• Preferably worked in a global organization with 24/7 business demands

• Deep knowledge of SANS and OWASP security standards
• ITIL v3 Foundation
• Familiarity with ISO27001 and ISO27002 controls
• Certified Information Systems Security Professional (advantageous)
• Certified Ethical Hacker (advantageous)
• ISO27001 Lead Implementer (advantageous)

• Professional
• Researcher
• Passionate about Information Security
• Reliable
• Self-motivated
• Ability to distil data (threats)
• Strong communicator
• Results driven
• Commercial and technical pragmatism
• Honesty and integrity
• Self-awareness
• Team player
• Positive attitude

• Central Technology Senior management team
• Central Technology Heads of Development
• Service delivery teams
• Divisional CTOs and Heads of Technology
• Director of Information Risk

• IT Security Team (Onshore (3), Offshore (5))