Senior IT Security Engineer

Role Overview:

The Senior IT Security Engineer is a Microsoft Azure Data specialist who works in the Information Technology Group and reports to the IT Director of Identity and Data Protection.

The role is key to the evolution of the Data Governance program at Smith+Nephew (S+N).  A formalized Data Governance Program is required to identify and protect key data assets.  This program is a critical component of a broader Cyber Security Maturity Program, with the backing of Senior Leadership.

This role will work in collaboration with a Governance Risk and Compliance (GRC) team, who will provide the policy and compliance expertise.

The role will be required to lead the design and technical delivery of a program of Data Governance improvements, in the following three main areas:

1. - Identify, documentation and labelling of key data assets across the organization, through business process mapping, use of data-discover tools, and collaboration with other teams working on Privacy Law Compliance and Master Data Management

2. - Deploy effective process and technology controls to protect critical company data. This will primarily require the employment of DLP solutions for in prem and cloud environments, but will also include data labelling, E-mail rules and other technical data exfiltration prevention measures.

3. - Execute on a program of audits, to assess existing data protection controls for adequacy and identify gaps.  Support Data, Technology and Process Owners to remediate control weaknesses

4. - Manage data governance non-compliances reported by the Security Operations team

The role requires a good understanding of Data Governance and associated technologies, Program Management, Audit and Information Security.

The Senior Specialist will be required to engaged with Business, Functional and Project team members, at various levels in the organization, in the execution of assessments and deployment of controls.  As such a confident self-starter is would be best suited.

The Senior Specialist should be comfortable working with and directing third party consultants hired to support the program.

Responsibilities:

5% Program Management

 - Engaging leaders

 - Identifying priorities

 - Managing schedules

 - Reporting

35% Lead S+N Data Governance technologies deployments

 - Collaborate with other teams in Information Security to configure and deploy data governance technologies

 - Deploying rule sets

 - Supporting implementations

 - Investigating incidents of potential data governance policy infractions

10% Identification of key data assets across the organization

 - Conducting interviews and business process mapping

 - Use of Data Discovery technology

 - Maintaining a register of key company data assets

35% Assessing IT Systems and Data Repositories for appropriate Data Protection Measures

 - Prioritizing and scheduling

 - Assessing controls with Business, IT and IS owners

 - Reporting outcomes

15% Gap remediation

 - Support Data and System owners in the remediation of control weaknesses

 - Monitoring and managing actions to completion

Education:

Bachelor’s degree in a Computer Science or related field, or an equivalent combination of training and experience.

Must be fluent in English, reading, writing, speaking and listening.

Licenses/ Certifications:

Microsoft Azure certifications - Azure Data Fundamentals, Azure Data Engineer Associate etc. will be an advantage

One or more professional qualifications related to Information Security and Risk Management, will be an advantage e.g. CISA, CISSP, CCSP, CCSK or similar

Experience:

At least 6 years in Information Technology / Security with:

- At least 4 years performing assessments or audits of Information Security controls

- High level of proficiency with Microsoft Active Directory and Azure active directory

- At least 3 years working with data governance using Microsoft Azure tool stack and other data protection technologies

Prior experience running programs or projects will be an advantage

A understanding of current privacy law e.g. GDPR, HIPAA will be an advantage

Physical Demands:

The position requires the ability to:-

Work in an office or from home (as required) with a high degree of PC work and meeting attendance.

Travel as described below.

Travel Requirements:  10 to 15% 

Stay connected and receive alerts for jobs like this by joining our talent community.

We're more than just a company - we're a community! Follow us on LinkedIn to see how we support and empower our employees and patients every day.  

Check our Glassdoor page for a glimpse behind the scenes and a sneak peek into You. Unlimited., life, culture, and benefits at S+N.

Explore our new website and learn more about our mission, our team, and the opportunities we offer.