Role : Security Specialist
Purpose of role : The role will involve working across all IT projects inorder to assist the business in using a risk-based approach to secure IT systems from current and emerging threats.
Ensure all new projects incorporate security best practices in line with Primark’s security policies and best in class cyber security frameworks.
The Security Specialist will liaise with stakeholders to elicit, analyse, communicate and validate security requirements as a result of changes to business processes and information systems.
This position requires an ability to understand security standards and controls and translate them into a model that will allow the organisation to achieve its goals.
Reports to : IT Security and Privacy Portfolio Manager
Provide subject matter expertise and guidance to project teams on building in appropriate level of security into systems / applications being delivered
Conduct security impact assessments for all projects that go through IT governance and report on projects’ compliance to Security team
Define and deploy a set of minimum security baseline standards across a wide range of technologies and platforms.
Working with information gathered from multiple sources, be able to evaluate true security impact, ensuring that proposed solution is reconciled with all security standards and controls.
Be able to break down complex security requirements into project understandable
Non-Functional Requirements Documents using existing templates, making use of plain English, diagrams, process flows and scenarios
Have the ability to work in a team collaborating on different aspects of a large project, ensuring that the objectives of all components are aligned and that delivered solution will works as an end to end process.
Perform detailed security control assessments / reviews, perform required research, document conclusions and recommendations, provide associated security guidance and manage follow-on actions.
Participate, assess, consolidate findings and manage follow-on actions regarding forensic investigations, penetration tests and vulnerability assessments.
Proactively contribute to ensuring that the Primark's IT security policies are effectively implemented and to the improvement of process efficiencies
Successfully engage in multiple initiatives in parallel.
Essential knowledge, skills experience :
Educated to degree level (or equivalent).
Minimum 5 years’ experience of IT Security experience.
Demonstrate experience of gathering requirements and converting them into a product vision.
Experience in a similar role in within the Retail sector or a Regulated environment.
A proven track record of working on security projects in a fast paced international organisation.
Working knowledge of Security principles, techniques and technologies.
Exceptional analytical and problem solving skills, and experience applying these skills.
The ability to build trust and relationships up-and-down the organisation and with external key third parties
Exceptional communication skills, with the ability to explain complex IT concepts to non-technical colleagues
Solid understanding of cloud technologies and related best practices.
CISSP, CISM, CCSP or equivalent.
The Ideal Candidate will :
Clearly understand, apply and persuade others to use the necessary critical emerging technologies.
Have the ability to communicate effectively in writing and verbally to a wide range of people at all levels including communicating complex technical issues to non-technical user base.
Have vendor management experience
Have exceptionally strong attention to detail
Be able to work with minimal supervision and take up initiatives on their own
Be Pro-active and hands on - responds purposefully to events.
Have the ability to operate within a highly pressurised and fast paced environment, consistently delivering results and achieving corporate objectives on time and within the agreed parameters.
Have sharp awareness of commercial reality; while being innovative and forward thinking.
Be willing to travel within Europe and work flexible hours as required.