The Controls Engineer will manage the continuous security control environment for real-time evidence of security compliance.
While our offices are based in Windsor we would be very happy to talk about flexible working arrangements.
Document and maintain the security controls framework ensuring clear linkage to security risks, maintain control effectiveness evidence
Conduct analysis of risks and regulatory requirement to identify control gaps
Implement automated controls – develop solutions to test and measure effectiveness of information security controls
Interface into other Centrica systems to collect data and provide input into MI systems
Ongoing management of the automated controls, identifying false positives, tuning, etc.
Produce reporting and MI that demonstrates coverage of security controls and their effectiveness
Manage the technical implementation and configuration of toolsets
Develop Dashboards for reporting of control effectiveness
Produce communication material and reporting suitable for senior leaders
Utilise the Information Security Risk Management process to report control failures.
Competencies, Experience and Qualifications:
Experience in implementing automated controls
API programming experience
Technical knowledge of analytical and reporting tools
Technical experience of programing skills, data lake and data analysis techniques
Technical knowledge of key information security technologies, such as identity and access management, encryption, and multi-factor authentication
Knowledge of internal and/or external regulatory policies, standards, procedures and controls (e.g., CPNI, NIST, ISO27xxx, PCI, SmartMeter)
Extensive knowledge of IT control frameworks such as COBIT, ISO, ITIL
Understanding of financial services regulations and controls, PRA/FCA, would be an advantage
A good understanding of Security frameworks e.g. PCI, ISO27001, NIST, SANS.