Infrastructure Security & Compliance Engineer

We're growing a team of highly skilled, collaborative and passionate Security and Compliance Engineers who will help assure the security of Refinitiv platforms and infrastructures and contribute to the continuous improvement of the cyber resilience of Refinitiv technologies.

As part of our DevSecOps culture, this is an opportunity to collaborate across the globe with highly motivated and knowledgeable Site Reliability Engineers, Application Delivery Engineers and Developers and Security and Compliance partners. The objective is to continually improve our security posture and maintain compliance while delivering with efficiency to market.

Infrastructure Service Improvement

As a Security and Compliance Engineer, you will be joining an exciting new Service Improvement and Security and Compliance function in Refinitiv Infrastructure.

Our vision is to drive a culture of continuous improvement, powered by data, maximising efficiency by developing and implementing intelligent solutions; while always maintaining excellence in infrastructure service and security compliance. In this team you will contribute to Infrastructure Security at all levels, from small compliance enhancements, to large scale infrastructure transformation initiatives. The Security and Compliance Engineer is a contributing member of the Security and DevOps communities, which are enterprise-wide working groups established to improve security posture across Refinitiv by implementing standard controls and driving programmatic solutions to our security and compliance challenges, assuring adoption across the enterprise. You'll need to respond rapidly to evolving requirements, but this is a chance to shape the practices and standards of the Infrastructure capability and change the way we run things in Refinitiv.

Security and Compliance Engineering leads the analysis, definition, design, and provides oversight for construction, testing, installation and modification, across multiple large, interdependent groups, systems and domains. The Security and Compliance Engineering team partners with stakeholders on large projects to provide security governance support and oversight, throughout the life cycle of a project and assure security is considered and built-in sustainably and efficiently throughout the asset lifecycle. The security engineering role is also responsible for a playbook of security solutions, guidelines, and recommendations for the Infrastructure team. You will need to engage Information Security Risk Management and relevant subject matter experts, review company security policies and work to identify solutions available to development and operations teams that satisfy Refinitiv security policy, both in our data centres and in the public cloud. Technical aptitude and a desire for continuous improvement are essential, and we value innovative and critical thinkers. Our function operates almost entirely through engagements with other teams, both in and outside of Technology and with third parties, so you will need to be an excellent communicator.

This will be a challenging and rewarding role, with potential for growth. If this is an opportunity that excites you, please read further to determine if this is the right next step for you, and we hope to hear from you soon.

Responsibilities:

• Follow up on compliance and security related requests engaging all relevant parties including non-technology such as Customer Operations and internal Technology e.g. Cyber Security and Product Engineering, and third-party partners to coordinate the required work
• Support the implementation and monitoring of security related initiatives, such as patching, isolation testing, backup and restore, and security agent rollout across the Refinitiv Technology estate; coordinating across Tech Ops, PE and QE
• Contribute to audit requests internally or externally, including external industry regulatory audits
• Support security policy related audits and document current and future security procedures and policies.
• Translation of security policy into deliverable solutions and tasks
• Develop, plan and deploy measurable and sustainable security enhancements which protect from cyber threats
• Work with internal and external vendors to support facilitation of penetration and vulnerability tests
• Driving compliance with disaster recovery, backup and restore policies and improvements
• Coordinating data centre, disaster recovery, backup and restore testing and rehearsals, and identifying and implementing remediations where identified
• Owning the development and implementation of an Infrastructure Security GRIP (Guidelines, Recommendations, Information Playbook)
• Document and maintain register of Infrastructure Security knowledge articles, defects, procedures and support models
• Support third party security software related to protecting our IT infrastructure, customer data and Hosted application
• Maintaining an understanding of how industry trends and new technologies can be leveraged to meet or exceed our business objectives.
• Joining Security Incident Response and remediation efforts, and capturing and producing post-mortem reports on security-related issues
• Audit and develop processes which contribute to the maintenance of data hygiene for infrastructure assets within Refinitiv's Configuration Management Database and associated tools
• Implement efficient workflow methodologies across capability teams that meet compliance and regulatory requirements
• Collaborate with service improvement partners to devise and implement workflow methodologies that enable capability teams to meet compliance and regulatory requirements

Required Skills / Experience

Essential

• 3+ years relevant corporate IT security and compliance experience, including:
  • Patch and vulnerability management, including zero-day vulnerability incident response
  • DDOS mitigation and Penetration Testing
  • Network, firewall and antivirus security best practice
  • ISO27001, 27002 and/or ISO9001 qualified
  • Experience with SIFMA, SOX and/or SOC2 audit compliance
  • Experience of writing and implementing security policy and runbooks for security compliance
• Technical degree/related field or equivalent industry experience
• Experience across a range of infrastructure technologies (e.g. database, middleware, virtual, storage, compute, networks and public cloud technologies) ideally with some background in supporting trading, analytics, risk, and data services.
• 2+ years of experience working with BigFix, and ideally other industry Patch and Inventory Management Tools, e.g. SCCM or Ansible
• ITIL certification, Agile Development and/or DevOps methodologies certification
• Basic operational project/delivery management experience
• Working knowledge of IT end-to-end incident and problem management and working knowledge of change, capacity, availability and risk management, including service management tools
• Excellent written communication and document creation skills, including proficiency in the use of all Office365 Tools
• Evidence of producing comprehensive written reports to senior management
• Strong data literacy, with the ability to interpret, summarise and present findings from large datasets
• Experience using Configuration Management tools to configure infrastructure and application components
• Writing and implementing process and automation flow diagrams for implementation by other Technology areas
• Evidence of prioritising and managing workload to meet challenging deadlines

Behavioural Competencies:

• Willingness to work flexibly; may include working hours to support the business in USA/UK time zones
• Evidence of excellent interpersonal skills and ability to manage, facilitate and drive change, within internal teams and externally in matrix environment
• Demonstrated strong influencing and persuasion skills with the ability to engage with multidisciplinary teams and build successful relationships at all levels.
• Self-driven. A proactive, critical thinker who is capable of working autonomously
• Excellent problem-solving ability and organization skills with a focus on goals and the ability to manage multiple priorities in a fast-paced environment.
• Comfortable making prioritization decisions and handling multiple demands simultaneously while adapting to constantly changing requirements.
• Quick learner and ability to quickly grasp and digest large amount of information. Analytical, meticulous and attentive to detail.

Desirable:

• Prior experience implementing Configuration, Incident, Problem and/or Change Management using ServiceNOW
• Ability to write databases in SQL languages
• Able to create engaging, informative dashboards in the data visualization tools Tableau/PowerBI
• Experience with application and cloud deployment methodologies across AWS and Azure
• Familiar with cloud capabilities for network security, data security, and encryption.

As a global business we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in our operations around the world regardless of race, colour, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. We are proud to be an Equal Employment Opportunity Employer providing a drug-free workplace.

Intrigued by a challenge as large and fascinating as the world itself? Come join us.

By clicking on "Apply", the process for submitting an application will begin. If you have any questions prior to clicking "Apply", please contact the recruiter.

We care about benefits too.

We support our colleagues' wellbeing with inclusive benefits. So that's support for physical, financial, mental and environmental health, paid time off to volunteer, consumer discounts & savings and so much more. All of which are tailored to your needs and may vary by location. For more details talk to your recruiter.

Our fast paced and supportive environment is only possible due to determined, autonomous problem solvers who love our high performance culture. And as a global business, Refinitiv relies on diversity of culture and thought to deliver on our goals. So we seek hardworking, qualified employees in all our operations around the world-regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Refinitiv is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.

Refinitiv makes reasonable accommodations for applicants and employees with disabilities. If an accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact us to request an accommodation. A full list of our office locations and contact information can be found at: Refinitiv Office Locations .

Be the breakthrough, activate your future and shape ours.