Information Security Engineer

Information Security Engineer Vacancies at: Edinburgh / Leeds / Newcastle Apply for this position We work with some of the UK’s biggest companies and government departments to provide a pragmatic approach to technology, delivering bespoke software solutions and expert advice. An Information Security Engineer works as part of the IT Department and focuses on introducing and improving the processes, tools, and policies necessary to prevent, detect, document, and counter threats to Scott Logic. The role carries defined responsibilities within the Service Management System (SMS) under ISO/IEC 20000-1:2018 and contributes directly to the Information Security Management System (ISMS) under ISO/IEC 27001:2022. Scope of this role Supporting the internal IT function across Scott Logic Ltd., Marra Ltd., and Logical Holdings Ltd., with occasional support to client projects as required. Impact of this role Prevents information security threats to Scott Logic and ensures the secure, compliant delivery of IT services to all staff across the three companies. Key Responsibilities Service Management (SMS) Deliver IT services within the SMS scope in accordance with ISO/IEC 20000-1:2018. Execute SMS processes, including incident management, service request management, problem management, change management, release and deployment management, and configuration management. Maintain accurate configuration and asset records. Triage, prioritise, and handle security events and service tickets to agreed SLAs. Keep customers and stakeholders updated with accurate and timely ticket updates. Govern and Protect Monitor and respond to security events across Scott Logic. Understand regulatory obligations to protect confidential data and maintain appropriate controls. Maintain and communicate minimum security configuration standards for managed operating systems. Analyse and determine root causes of security incidents and breaches. Assist with information security training and awareness. Support risk-based threat and vulnerability assessment processes. Follow data governance policies and processes. Manage access control policies and processes, including entitlement reviews. Provide Support Respond to security incidents effectively, maintaining clear communication with key stakeholders throughout resolution. Build and maintain a knowledge base to improve resolution times. Maintain effective working relationships with internal teams and third parties to resolve, minimise, and avoid issues. Lead and Coordinate Champion information security policy, standards, and awareness throughout Scott Logic. Drive improvements to the IT team's ways of working and evolve information security processes to deliver better outcomes. Continual Improvement Actively contribute to the continual improvement of the SMS and the services it governs, in line with SMS Clause 10: Continual Improvement. Identify and recommend process and procedural improvements. Participate in management reviews and retrospectives. Educational Qualifications – Essential A relevant technical or information security qualification is essential (e.g. CompTIA Security+, SC-900, or equivalent). Experience, Knowledge and Expertise – Essential Commercial experience in an information security role. Risk management experience, including performing assessments and designing controls. Experience with the Data Protection Act and UK GDPR. Experience designing and implementing information security controls in cloud environments. Experience with Microsoft Defender and Sentinel. Experience, Knowledge and Expertise – Desirable Good understanding of cybersecurity standards and frameworks such as ISO/IEC 27001:2022, CIS, OWASP, and NIST. Good understanding of ISO/IEC 20000-1:2018 (SMS). Good understanding of ISO 9001:2015 (QMS). Good understanding of ITIL principles. Role Specific Skills and Competencies (Technical and People Skills) Excellent communication skills; able to remain calm under pressure and manage difficult situations with stakeholders. Flexibility and ability to adapt to changing environments and new challenges. Detail-oriented with a systematic approach to identifying risks and devising mitigations. An inquisitive approach to investigating root causes of security incidents. Drive for personal growth and ongoing professional development.