Senior Security Specialist

11 October 2017
Information Technology - Permanent
United Kingdom
Close Date
31 December 2017

In conjunction with the Business Line management, to define criticality criteria and the quantifiable and qualitative impacts on the business arising from the loss of systems' availability, integrity or confidentiality and to ensure appropriate processes to deal with incidents are in place and effective

To work with the global and local Compliance and Security teams to ensure that all applicable Global Standards are applied and enforced as well as with external service providers as applicable

To support the sales and delivery teams to provide customers with regulatory compliance information and guidance eg LINK and VISA annual compliance

To ensure that governance and audit of controls required for compliance with the various standards takes place including PCI DSS, PCI PIN, PCI PTS, LINK, ISO 27001, ISO 20000 within area of responsibility and to assist with the validation of compliance with these standards by external parties as required

To ensure appropriate and timely reporting and escalation (within Wincor Nixdorf) of areas of non-compliance and poor security

To be responsible for the maintaining the security and compliance processes within assigned area covering pre-deployment and live operation. Ensuring they reflect current best practice including managing third party information sources and working with the operational teams to identify issues and track exceptions to resolution or mitigation

To perform risk assessments on changes to systems as a result of regular compliance processes (patching, configuration and security standards) and design changes by taking part in the change management processes and to be responsible for the management of Cryptographic Key management processes and technologies as part of a multi-part team on a scheduled basis

To be on call for 2nd line escalation and incident management of security incidents

To support and contribute to the following further elements of the IS program:
- Policies, standards & baselines
- Firewall rule reviews
- Change request reviews and recommendations for internal and service provider changes
- Client-facing assessments
- Assessments by 3rd party auditors
- ISO 27001 & 20000 and other standards implementation

To lead manage, coach and mentor all personnel within assigned team to ensure high levels of performance. To set and agree objectives to ensure achievement of results and to monitor performance on an ongoing basis taking remedial action as appropriate

To complete ad hoc duties and tasks allocated through line management chain


Android OS
- Black duck monitoring/management and OS vulnerability assessments
- CVE identification and prioritisation with the OS Product Owner
- OS signing/APKs
- Retrieval of OS logs/decryption
- Point of contact with Customers IS personnel

Key management process knowledge
- Key loading/key injection

Pen Testing /Vulnerability assessment of IT Services
- AWS specifically
- liaison officer with Pen test provider(s)

Logging/log management (SIEM)

Vetting processes for APK
- liaison officer with Vetting provider(s)

Knowledge of Security around Web Enabled Apps and associated Server Side infrastructure

General Knowledge of Cloud and Security considerations