Consulting/ Principal Security Engineer
Are you looking to utilise your compliance and governance expertise as a critical member of our GRC team?
Are you a collaborative Governance Risk Analyst looking to work for a mission-driven global organisation?
About the team:
If you are considering a new role and want to work in a company that is helping to change the world, consider joining an organisation serving the global scientific research community, supporting the brightest minds on the planet.
Elsevier is expanding its Global Security team and is looking for a Principal Security Engineer to join its ranks in the UK.
About the role:
This is a Principal role reporting to the Director of Cybersecurity GRC that requires an individual with a deep ability to work with and coordinate projects across the Elsevier Technology Information Security and Data Protection organisation, as well as Technology product owners and their customers. This role will primarily be focused on maturing the GRC functions. This position is responsible for monitoring cybersecurity compliance and regulatory considerations, leading the management of security-related certifications, and assisting with the establishment of a governance program based on standards and policies.
Key Skills:
Experience implementing cybersecurity and compliance-related frameworks such as ISO 27001, ISO 27017, ISO 27018, ISO 42001, FedRamp, StateRamp, TX Ramp, HIPAA, PCI, etc.
Demonstrated business acumen.
Experience managing an enterprise cybersecurity GRC program.
Experience in defining cybersecurity controls, particularly related to regulatory, legislative, and industry-specific compliance requirements.
Understanding of GRC initiatives.
Strong understanding of networking, web-based content delivery platforms and personal computing filesystem operation, architecture, patching and security.
Ability to develop and implement security programs.
Advanced skills in setting, communicating, implementing, and achieving business objectives and goals.
Strong organisation/project planning, time management, and change management skills across multiple functional groups and departments, and strong delegation skills involving prioritising and reprioritising projects and managing projects of various sizes and complexity.
Advanced problem-solving experience involving leading teams in identifying, researching, and coordinating the resources necessary to effectively troubleshoot/diagnose complex project issues; prior success in extracting/translating findings into alternatives/solutions; and identifying risks/impacts and schedule adjustments to facilitate management decision-making.
Advanced communication (verbal and written) and customer service skills. Strong interpersonal, communication, and presentation skills applicable to a wide audience, including senior and executive management, customers, etc., including diction/terminology and presenting information in a concise and effective manner to clients, management, and various departments using assorted communication mediums.
Experience managing projects of various sizes and complexities.
Excellent stakeholder management skills. Ability to cultivate and maintain solid relationships with key stakeholders across organisational teams and third-party suppliers.
Generate regular reporting, including KPIs, metrics and SLAs reporting, executive reporting, and other ad hoc reporting as required by management.
Understanding and promotion of security policies.
Advanced knowledge of security environments.
Implementation of security programs and GRC tools.
Strong analytical and critical thinking skills, and excellent written and oral communication & presentation skills.
Highly collaborative with the ability to articulate ideas and influence peers and senior leaders
Responsibilities:
Drive security-related certification efforts such as ISO 27001, ISO 42001, TX Ramp, HIPAA, PCI, etc.
Drive communication and upwards reporting of the highest risk initiatives to the Director of GRC, VP GRC and other key stakeholders.
Establish a functional Cyber technology audit management process.
Responsible for the resolution of cybersecurity GRC issues.
Establish enterprise-level security governance structure, charters, participants and roles, and perform periodic role reviews to ensure appropriate accountability is maintained.
Serve as a trusted advisor to the business and technology stakeholders across the enterprise to partner on security issues and stay aligned on common goals.
Maintain communication with peers throughout the organisation and security contacts including Business Units and subsidiary locations.
Deliver solutions to help raise security awareness.
Responsible for handling service requests from the Business and Technology teams.
Assist with reviewing existing tools, applications, and processes to help strengthen and optimize current capabilities, as well as identifying any gaps or technical solutions to further enhance the team’s effectiveness.
Communicate problems and solutions verbally and in written form to peers and management.
Work in a way that works for you.
We promote a healthy work/life balance across the organization. We offer an appealing working prospect for our people. With numerous wellbeing initiatives, shared parental leave, study assistance and sabbaticals, we will help you meet your immediate responsibilities and your long-term goals.
Working flexible hours - flexing the times when you work in the day to help you fit everything in and work when you are the most productive.
Working for you
We know that your well-being and happiness are key to a long and successful career. These are some of the benefits we are delighted to offer:
Annual Profit Share Bonus
Comprehensive Pension Plan
Generous vacation entitlement and option for sabbatical leave
Maternity, Paternity, Adoption and Family Care leave
Flexible working hours
Personal Choice budget
A variety of online training courses and career roadshows
Recruitment introduction reward
Employee Assistance Program (global)
About the business -
A global leader in information and analytics, we help researchers and healthcare professionals advance science and improve health outcomes for the benefit of society. Building on our publishing heritage, we combine quality information and vast data sets with analytics to support visionary science and research, health education and interactive learning, as well as exceptional healthcare and clinical practice. At Elsevier, your work contributes to the world’s grand challenges and a more sustainable future. We harness innovative technologies to support science and healthcare to partner for a better world.
We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1-855-833-5120.
Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here.
Please read our Candidate Privacy Policy.
We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.
USA Job Seekers: