Gazprom Marketing & Trading (GM&T) is a subsidiary of the Gazprom group – the world’s largest gas producer and one of the world’s largest energy companies. Headquartered in London, GM&T operates to provide Gazprom group with a global marketing reach, round the clock operational coverage and excellent customer service. Established in 1999, GM&T has grown from a single office in London into a truly global organisation, with around 1000 employees worldwide. With offices in Europe, Asia and the USA, GM&T trades energy commodities including gas, power, oil, LPG, helium, emissions, LNG and FX and also operates a retail business, trading as Gazprom Energy.
Our culture is defined by our people. Through living our values every day we continue to create a culture that enables us all to succeed. We work as one team with our customers, our parent company and each other in order to understand each other’s needs. With an unstoppable passion for excellence, growth and learning, we’re committed to creating an environment that fosters the development of knowledge, skills and experience, so that our people can thrive and prosper in their careers with us. We believe that we have the best team in the industry which makes us a trusted partner across international capital and energy markets. Our diverse employee base, with a wealth of expertise, knowledge and experience makes GM&T a truly exciting place to work. We encourage new ideas and initiatives as innovative thinking is central to how we do business. Most importantly, we are a growing and developing business where inspired individuals can make a difference and help shape our future.
GM&T are offering a rare and exciting opportunity for an Technical Information Security Officer to work on an existing information security team within a green field environment. The successful candidate will be one of the main contacts for security measures and will be required to help shape and deliver the 2018 Security plan.
They will lead the running of day to day security activities and present security awareness, building credibility and buy in from stakeholders throughout the business. Assistance with security incident management and follow-up is also required along with adherence to and development of security standards and policies. Effective monitoring of overall security both technical and policy level is required. This will include the ability to install security solutions. To summarize, they will provide a confident and noticeably positive input to the Information security function at GM&T.
Duties & Responsibilities
- Provide specialist design, analysis and diagnosis on all IT Information Security matters
- Performing regular security reviews, vulnerability, risk assessments and audits
- Help with managing and maintaining security applications, such as Varonis, Qualys, ArcSight, CyberArk, ArcSight and other various security solutions.
- Develop and maintain security policies, standards and procedures
- Provide technical expertise to development projects and operational teams
- Research and analysis of security issues and solutions
- Run security improvement initiatives
- Manage security incident response
- Working with the business and other stakeholders in delivering an identity access management solution
- Assisting with GDPR initiatives, compliance and process reviews
- Working with Engineering and TechOps teams to improve security of the MetaPack product suite ensuring the OWASP vulnerabilities are mitigated by design. Provide advice and guidance on the application and operation of physical, procedural and technical security controls
Skills & Competencies
- Security Qualifications
- Knowledge of networking
- Thorough understanding of distributed infrastructure
- Knowledge understanding of encryption
- Prior experience with organizing penetration testing
- Good hands-on security skills (forensics may be an advantage)
- Excellent ability to convert technical information to management reports
- An excellent communicator
- An understanding of data/cyber law and regulation
- Understanding of Risk
- An inquisitive nature
- Ability to work under pressure
- Excellent people skills
- The UK financial services regulatory environment and experience of regulatory inspections and surveys is desirable
- Practical, common sense delivery of successful, collaborative security solutions
- Solving complex security problems
- Bachelor’s degree in computer science, management information systems or similar field/experience
- CISSP or CISM qualified