AVP - Cyber Security Management
- Employer
- Mizuho International
- Location
- London, United Kingdom
- Salary
- Competitive
- Closing date
- 30 Aug 2024
View moreView less
- Sector
- Engineering, IT, Security
- Job Role
- Cyber Security Consultant
- Job Type
- Permanent
You need to sign in or create an account to save a job.
We are looking for a Cyber Security Specialist to join our Information Security Department in London.
The ISD Information Risk Management department is responsible for Security Administration, Information Security practices, Third party Risk Management and Cyber Security services within Mizuho and affiliates.
ISD aims to provide IT service support based on ITIL, which is an internationally recognised framework for IT governance. As well as being recognised as good practice, this is now a minimum standard required for SOX and Statement on Auditing Standards No. 70 ('SAS 70') compliance, internal and external audits and FSA Advanced Risk Response Operating ('ARROW') assessments.
The job holder will be responsible for the monitoring and analysis of:
The role is also required to be a part of Security & Incident Response team to drive the maturity of security monitoring and response practice including security technology stack effectiveness.
Responsibilities
Monitoring & Compliance
Analyse, develop and refine security monitoring controls, practices and use-cases to detect anomalies and incidents across the applications and infrastructure estate.
Security Engagement & Best Practice
Other
Qualifications, Skills and Experience
Required technical knowledge:
Qualifications:
We champion a flexible work environment, as we understand the need for people to meet other commitments or simply strike a good work-life balance. As such, we are happy to talk flexible working for this role such as reduced working hours. The role will also include homeworking.
At Mizuho we are committed to supporting equality and diversity, and seek to create a workplace that is fully inclusive. We welcome applications from all sections of the community that we operate in and from all ethnic backgrounds, sexual orientation, beliefs, gender identities and disabilities.
If you require more information about our equal opportunities policy or wish to discuss any accessibility requirements or reasonable adjustments please contact the recruitment team - recruitment@mizuhoemea.com and we will be happy to help.
Mizuho Bank provides financial and strategic solutions for the increasingly diverse and sophisticated needs of international clients, focusing its efforts on serving major corporations, financial institutions, individuals and public sector entities. A relationship management approach to serving clients enables Mizuho Bank, together with group companies including Mizuho Trust & Banking and Mizuho Securities, to develop customised solutions in areas such as corporate, structured and project finance, transaction banking and risk management.
With 81 offices outside Japan, Mizuho Bank offers both local experience and the ability to progress careers across its global business network. Mizuho Bank is a subsidiary of the Japan-based Mizuho Financial Group, Inc, one of the largest financial services companies in the world, with total assets of approximately US $1.8 trillion (as of March, 2016). Mizuho London Branch has over 850 employees, Mizuho Bank employs over 27,000 employees and is part of the Mizuho Financial Any personal data you provide will be processed in accordance with our Recruitment Privacy Notice. Please do not create an account or apply for any vacancy if you do not agree to the terms of our Recruitment Privacy Notice available here
The ISD Information Risk Management department is responsible for Security Administration, Information Security practices, Third party Risk Management and Cyber Security services within Mizuho and affiliates.
ISD aims to provide IT service support based on ITIL, which is an internationally recognised framework for IT governance. As well as being recognised as good practice, this is now a minimum standard required for SOX and Statement on Auditing Standards No. 70 ('SAS 70') compliance, internal and external audits and FSA Advanced Risk Response Operating ('ARROW') assessments.
The job holder will be responsible for the monitoring and analysis of:
- the usage of Mizuho's information systems with respect to published policies and standards;
- the configuration of Mizuho's information systems with respect to compliance to internal policies and standards;
- the configuration of Mizuho's information systems with respect to known security vulnerabilities and best practice standards.
The role is also required to be a part of Security & Incident Response team to drive the maturity of security monitoring and response practice including security technology stack effectiveness.
Responsibilities
Monitoring & Compliance
Analyse, develop and refine security monitoring controls, practices and use-cases to detect anomalies and incidents across the applications and infrastructure estate.
- Monitor activity upon specified information systems and devices. Identify and report suspicious, improper, malicious or harmful activity. To include regular and ad-hoc reporting.
- Undertake complex IR investigations into specific threats or security incidents both internal and external.
- Identification, escalation and reporting of security incidents and breaches. Co-ordination of responses to these breaches, assess the impact and improving the overall Incident Response process.
- Experience in incident investigation, and analytics of network and host-based artifacts.
- Experience with IR and Forensics tools, packet inspection tools
Security Engagement & Best Practice
- Work alongside the company's independent penetration testing program.
- Work closely with other technical and business departments to mitigate security/cyber risk:
- Implement SOPs and refine processes.
- Identify potential security threats and risks that may need review.
- Assist in risk assessment/acceptance/remediation processes
- Develop and mature the Incident Response and Threat hunting capabilities.
- Implementation of Incident Response frameworks/methodologies such as Kill Chain, MITRE, Threat Modelling, Diamond Model.
- Development of Threat Intelligence capabilities and integration of such controls with the security monitoring framework.
- Development of Security monitoring use cases and implementing custom IOC within the controls to detect suspicious and unusual traffic.
- Development of Vulnerability Management program within the organisation.
- Provide support to the IR practises such as IR investigations, and forensics procedures/processes.
Other
- Providing subject matter expertise in Cyber Security as needed.
- Contribute to the design and delivery of security monitoring and control effectiveness reporting measures.
- Availability to cover anywhere from 7am to 7pm on all business days noting that ad-hoc cover outside of the normal work day may sometimes be needed.
Qualifications, Skills and Experience
- Relevant experience in an Incident Response and Security Monitoring;
- Relevant experience in working with threat modelling frameworks.
- Experience in finding, analysing, and extracting attack related payload from packet captures and host forensics images.
- Experience in a banking, investment banking or investment management environment;
- Managing cyber security incidents;
- Experience working with Cyber Security and Incident Response frameworks such as NIST, Kill Chain, Attack life Cycle, & MITRE).
- Relevant experience with MITRE Att&Ck alignment with security monitoring use cases.
- Relevant experience with cloud security assessments aligning it to industry standard benchmarking such as CIS.
Required technical knowledge:
- In depth knowledge of a broad spectrum of security technologies incorporating network, operating system and application security;
- Working knowledge over a range of operating systems and platforms including: Windows Server, Windows XP, UNIX (Solaris, Linux), Stratus;
- Working knowledge of networks: LAN, WAN, routers (Cisco), switches (Cisco), Firewalls, remote access solutions, VPNs;
- In-depth experience with SIEM tools with a strategic oversight on appropriate use case methodologies. Implementation of robust security monitoring use cases and Threat hunting capabilities.
- Incident Response experience with forensics capabilities. Experience with packet analysis on wireshark or any other network protocol analyser including hands on exp with IR tools.
- Experience with Advance threat detection, IAM solutions and DLP is preferred.
- Working knowledge of security products: network based intrusion prevention systems, vulnerability assessment and compliance monitoring solutions, content management tools.
- Strong knowledge on Vulnerability Management, with proven record of Remediation plans to reduce the threats and risk to Information Assets.
- Understanding of VMware technology stack.
- Full understanding of CIS security standards, assessment of the builds to ensure the alignment with CIS benchmarking and working with business to achieve the target state.
- Knowledge of SSL inspection and encryption methods.
Qualifications:
- Sound knowledge and understanding of information security principles and best practices;
- In-depth understanding of legislation affecting security, privacy and systems assurance; experiencing working to recognised standards - e.g. NIST, COBIT.
- GCIA, GCIH, GCFA or equivalent.
We champion a flexible work environment, as we understand the need for people to meet other commitments or simply strike a good work-life balance. As such, we are happy to talk flexible working for this role such as reduced working hours. The role will also include homeworking.
At Mizuho we are committed to supporting equality and diversity, and seek to create a workplace that is fully inclusive. We welcome applications from all sections of the community that we operate in and from all ethnic backgrounds, sexual orientation, beliefs, gender identities and disabilities.
If you require more information about our equal opportunities policy or wish to discuss any accessibility requirements or reasonable adjustments please contact the recruitment team - recruitment@mizuhoemea.com and we will be happy to help.
Mizuho Bank provides financial and strategic solutions for the increasingly diverse and sophisticated needs of international clients, focusing its efforts on serving major corporations, financial institutions, individuals and public sector entities. A relationship management approach to serving clients enables Mizuho Bank, together with group companies including Mizuho Trust & Banking and Mizuho Securities, to develop customised solutions in areas such as corporate, structured and project finance, transaction banking and risk management.
With 81 offices outside Japan, Mizuho Bank offers both local experience and the ability to progress careers across its global business network. Mizuho Bank is a subsidiary of the Japan-based Mizuho Financial Group, Inc, one of the largest financial services companies in the world, with total assets of approximately US $1.8 trillion (as of March, 2016). Mizuho London Branch has over 850 employees, Mizuho Bank employs over 27,000 employees and is part of the Mizuho Financial Any personal data you provide will be processed in accordance with our Recruitment Privacy Notice. Please do not create an account or apply for any vacancy if you do not agree to the terms of our Recruitment Privacy Notice available here
You need to sign in or create an account to save a job.
Get job alerts
Create a job alert and receive personalised job recommendations straight to your inbox.
Create alert