Security Assurance, Alerting & Cyber Incident Specialist

About the Job:

The Security Assurance, Alerting and Cyber Incident Specialist is responsible for undertaking security assurance activities (people, process and technology), managing security incidents, advising on security controls and associated risks as a results of Technology change activities, and ensuring effective risk mitigation.

This role involves creating comprehensive security reports, developing and implementing change governance processes, and reviewing security alerts leading the subsequent response to security incidents, including remediation actions. The role will work cross-functionally with internal teams and external suppliers to safeguard Caldic's infrastructure, protect sensitive data, and ensure compliance with regulatory requirements.

What you will do:

1. Security Assurance, Reporting, and Remediation

• Conduct regular security assurance assessments to evaluate and document the effectiveness of security controls, primarily within region, but also globally.
• Identify and prioritize security risks, work with control owners to develop and agree remediation plans and track progress toward resolution.
• Prepare detailed reports for internal stakeholders on security vulnerabilities, risks, and mitigation efforts, including metrics and KPIs.
• Collaborate with cross-functional teams to implement security policies, standards, and procedures aligned with industry best practices and regulatory requirements.
• Conduct follow-up reviews to validate the effectiveness of remediation actions and ensure continued compliance.

2. Security Alerting and Incident Management

• Work with our external SOC provider and internal teams to lead the response to security alerts and incidents, including containment, eradication, recovery, and post-incident analysis within region and globally, where required.
• Develop, implement, and update incident response plans, playbooks, and procedures.
• Investigate security incidents to identify root causes, assess the impact, and develop corrective actions to prevent recurrence.
• Coordinate security incident response activities with internal and external stakeholders, ensuring timely communication and resolution.
• Conduct post-incident reviews and lessons-learned sessions to enhance incident response capabilities.

3. Change Management

• Work with Technology teams to assess potential security risks associated with proposed changes, and provide recommendations for mitigation, to ensure secure and controlled implementation.
• Ensure that all changes to the Technology environment are recorded, tested, and authorised according to change management policies.
• Conduct post-change reviews to evaluate the impact of changes on the security posture and identify any additional actions required.

What you will need:

Education and Experience

• Minimum of 7 years’ experience in security assurance, security incident management, and security change assurance.
• Bachelor’s degree in Computer Science, Information Security or related field or Professional certifications such as CISSP, CISM, or similar.

Skills & Competencies

• Strong understanding of security assurance controls, risk assessment, and compliance standards.
• Experience with change management and ITIL practices.
• Proficiency in security incident management and root cause analysis.
• Strong written and verbal communication skills with the ability to present security issues to non-technical stakeholders.
• Ability to work well under pressure and manage multiple security incidents simultaneously.
• Analytical with a strong attention to detail.
• Methodical in approach, particularly with regards to Incident Management.

Desirable Skills/Competencies

• Worked within a global and maturing organisation.
• Experience working with outsourced service providers.
• Experience working with ITIL processes.

Additional Requirements

• Willingness to be on-call for security incidents and work extended hours as needed.