Security Operations & Compliance Specialist

We are seeking a proactive and technically proficient Security Operations & Compliance Specialist to ensure the integrity and security of our IT infrastructure, while simultaneously developing and maintaining our compliance framework. This unique hybrid role requires a candidate who is equally comfortable writing a Policy as they are patching a server to enforce that policy. You will be the primary link between IT security governance and operational execution.

Key Responsibilities

Security Operations & Technical Execution (The "Hands-on")

• Vulnerability & Patch Management:

  Own the end-to-end vulnerability management lifecycle. This includes conducting regular scanning, prioritising remediation efforts based on risk, and hands-on implementation of security patches and updates across all servers, operating systems, and network devices.

• Infrastructure Hardening:

  Configure and maintain security controls on critical infrastructure components (servers, firewalls, and endpoints) to harden the environment against known threats and ensure alignment with security policies.

• Incident Response Support:

  Actively monitor core system logs, firewall alerts, and endpoint security console notifications for anomalous activity. Triage identified security events and participate in the initial forensic investigation and accurate documentation required for breaches.

• Access Administration:

  Oversee the secure administration of user accounts and access controls, ensuring that least privilege principles are enforced across all platforms (e.g., Active Directory, cloud services).

Governance, Risk, and Compliance (The "Policy")

• Policy & Procedure Development:

  Research, draft, and implement internal IT security policies, standards, and operational procedures (e.g., acceptable use, data classification, and incident response plans) to meet business and regulatory requirements.

• Compliance Auditing:

  Conduct internal audits and gap analyses against key industry frameworks (e.g., ISO 27001, Essential Eight, or SOC 2 standards).

• Risk Assessment:

  Perform regular risk assessments on systems and processes to identify potential vulnerabilities (both technical and procedural) and recommend actionable mitigation strategies to management.

• Documentation:

  Maintain comprehensive and up-to-date documentation for all security controls, operational procedures, and compliance evidence for external audits.

Collaboration & Communication

• Stakeholder Liaison:

  Serve as the subject matter expert for security to the wider business, translating complex technical risks into clear, non-technical language for management.

• IT Collaboration:

  Work closely with the IT operations and development teams to ensure new deployments and infrastructure changes adhere to security policy and control standards.

Skills and Experience

• Experience:

  48 years of experience, with a proven track record blending Systems Administration (SysAdmin) duties with IT Security/GRC principles.

• Certifications (Highly Valued):

  Holding certifications like Security+, CISSP (Associate), CISA/CRISC, or vendor-specific security certs.

• Technical Proficiency (Mandatory):

  Hands-on expertise in Vulnerability Management tools, Patching methodologies (e.g., WSUS, SCCM, or automated solutions), and core Windows/Linux server management.

• Compliance Knowledge:

  Solid understanding and practical experience working with a major security framework (e.g., ISO 27001, NIST CSF).

• Analytical Skills:

  Strong ability to analyse logs, audit data, and technical findings to determine compliance status and risk levels.