Do you want to be part of a force for good, helping to make life better for customers & society in the moments that matter? At Hodge, we put people at the heart of our business and that means our customers, colleagues and communities. Hodge is a Welsh financial service provider that focus on commercial lending, and specialist residential mortgage markets.
Under the overall management of the Senior Cyber Security Engineer, working as part of the Cyber Security team ensure that operational controls in relation to Hodge systems, infrastructure and data are managed in line with cyber and information security best practice and that the estate is pro-actively upgraded and maintained.
The Cyber Security Engineer will engage on a range of Cyber Security areas and activity across Hodge to ensure that new and amended services are built and taken live with the appropriate level of control.
We’re looking for:
- Previous experience in Cyber or Information Security Role
- Knowledge of range of tools to implement Cyber controls including AZAD, Defender, Mimecast.
- Knowledge in IT security best practice, solutions and frameworks.
In return we offer:
- Salary up to 55k.
- 35 hours per week.
- Based in Cardiff City Centre operating in a flexible Hybrid workspace.
- Private Medical & Health Insurance
- 28 days Holiday with the option to buy more.
- Subsidised Gym Membership.
- Extensive learning and development programme
- Generous, personalised benefits package
- Company pension contribution up to 15%
- 4 days on top of annual leave for community and charity work
- Flexible working options
Key responsibilities will include:
Cyber Security Operation
- Assist in the implementation of appropriate cyber security toolset covering user, infrastructure, and application activity
- Undertake all required activities to ensure that operational cyber controls and working effectively and managed pro-actively.
- Operate vulnerability management process across applications and infrastructure to ensure risk is managed effectively and ongoing process improvement
- Work with outsourced security providers to ensure work being undertaken is of required standard and appropriate reporting is available.
- Contribute to the ongoing development of the Cyber Security Roadmap to ensure consistent reporting of risks and controls, and alignment to best practise.
- Ensure appropriate documentation is maintained to support current and future activity.
- Ensure work includes appropriate quality control mechanisms and automated reporting.
- Contribute to the ongoing cyber awareness and education programme for Hodge colleagues.
- Work to ensure Cyber security activity undertaken supports visibility, transparency and suitable metrics on cyber controls and activity.
- Contribute to assurance assessments of third-party suppliers
- Understand the wider economic environment in which Hodge operates.
- Demonstrate a good understanding of relevant frameworks, tools and languages.
Project and Change Delivery
- Work with Service Delivery and Technology Project colleagues on implementation and planning of cyber related tools and projects.
- Work with business and IT stakeholders to ensure security provision and tools align with short and longer-term goals.
- Work with software and delivery teams to provide cyber security and controls guidance across development and infrastructure projects.
- Engage with software teams to assist in the evaluation of security considerations and controls that are part of software development and delivery.
- Work with external suppliers to utilise external expertise where required across delivery and live operation.
- Understand core architectural patterns, frameworks and infrastructure used by Hodge.
- Develop and implement threat modelling and risk analysis framework.
- Ensure that defined security standards are applied to all work undertaken (e.g. password policy, authentication standards)
- Work with 3rd party suppliers to manage penetration test planning, execution and evaluation of results
- Review work of other team members to ensure quality standards are maintained and knowledge transfer.
- Work with the IS Service Delivery and Engineering departments to assist in the investigation and resolution of live issues and to support BAU activity.
- Work with IS Service Delivery team to ensure Service Transition controls and documentation are provided in line with agreed Service Transition framework.
- Engage with and contribute to relevant cyber and tech community forums.
- Advise and coach other team members to aid their technical and team development.
- Pro-actively investigate technology landscape and best practise to identify improvements.
- Maintain a knowledge of current Cyber technologies and best practise to identify improvements.
- Engage with external parties to share and improve knowledge.
Please be aware that should we pursue your application, all our Financial Services employees will be expected to complete background checks to assess suitability for employment, these include; a criminal record, identity, sanctions, adverse finance, fraud prevention and reference checks to comply with our regulatory requirements.
Hodge is an advocate of being an equal opportunities employer, We believe in promoting equality and diversity which is central to our lives today. We welcome applications from all sections of the community and recognises the value a diverse workforce brings to an organisation.
ESG and sustainability are at the heart of everything we do and serves as a reminder of the responsibility we have to our stakeholders, customers, colleagues and the communities we operate in to use our position wisely. We’re currently exploring different certifications available and have done an initial review of how we think we’d fare, as we see this as a real opportunity for Hodge given our social purpose