Purpose of role
The role will involve working across all IT projects in order to assist the business in using a risk-based approach to secure IT systems from current and emerging threats. Ensure all new projects incorporate security best practices in line with Primark’s security policies and best in class cyber security frameworks.
The Security Specialist will liaise with stakeholders to elicit, analyse, communicate and validate security requirements as a result of changes to business processes and information systems. This position requires an ability to understand security standards and controls and translate them into a model that will allow the organisation to achieve its goals.
Reports to: IT Security, Privacy & Portfolio Manager
- Provide subject matter expertise and guidance to project teams on building in appropriate level of security into systems/applications being delivered
- Conduct security impact assessments for all projects that go through IT governance and report on projects’ compliance to Security team
- Define and deploy a set of minimum security baseline standards across a wide range of technologies and platforms.
- Working with information gathered from multiple sources, be able to evaluate true security impact, ensuring that proposed solution is reconciled with all security standards and controls.
- Be able to break down complex security requirements into project understandable
- Non-Functional Requirements Documents using existing templates, making use of plain English, diagrams, process flows and scenarios
- Have the ability to work in a team collaborating on different aspects of a large project, ensuring that the objectives of all components are aligned and that delivered solution will works as an end to end process.
- Perform detailed security control assessments/reviews, perform required research, document conclusions and recommendations, provide associated security guidance and manage follow-on actions.
- Participate, assess, consolidate findings and manage follow-on actions regarding forensic investigations, penetration tests and vulnerability assessments.
- Proactively contribute to ensuring that the Primark's IT security policies are effectively implemented and to the improvement of process efficiencies
- Successfully engage in multiple initiatives in parallel.
- Educated to degree level (or equivalent).
- Minimum 5 years’ experience of IT Security experience.
- Demonstrate experience of gathering requirements and converting them into a product vision.
- A proven track record of working on security projects in a fast paced international organisation.
- Working knowledge of Security principles, techniques and technologies.
- Exceptional analytical and problem solving skills, and experience applying these skills.
- The ability to build trust and relationships up-and-down the organisation and with external key third parties
- Exceptional communication skills, with the ability to explain complex IT concepts to non-technical colleagues
- Solid understanding of cloud technologies and related best practices.
- CISSP or equivalent.
- Clearly understand, apply and persuade others to use the necessary critical emerging technologies.
- Have the ability to communicate effectively in writing and verbally to a wide range of people at all levels including communicating complex technical issues to non-technical user base.
- Have vendor management experience
- Have exceptionally strong attention to detail
- Be able to work with minimal supervision and take up initiatives on their own
- Be Pro-active and hands on - responds purposefully to events.
- Have the ability to operate within a highly pressurised and fast paced environment, consistently delivering results and achieving corporate objectives on time and within the agreed parameters.
- Have sharp awareness of commercial reality; while being innovative and forward thinking.