Information Security Developer
At Pearson, we’re committed to a world that’s always learning and to our talented team who makes it all possible. From bringing lectures vividly to life to turning textbooks into laptop lessons, we are always re-examining the way people learn best, whether it’s one child in our own backyard or an education community across the globe. We are bold thinkers and standout innovators who motivate each other to explore new frontiers in an environment that supports and inspires us to always be better. By pushing the boundaries of technology — and each other to surpass these boundaries — we create seeds of learning that become the catalyst for the world’s innovations, personal and global, large and small.
Reporting to the Compliance Service Lead (based in UK), the Information Security Developer (ISD) shall contribute towards the development, operation and maintenance of Pearson’s security compliance monitoring systems, a platform which is at the fulcrum of Pearson Security Compliance Function. Furthermore, the ISD will support system owners in an advisory capacity by helping to interpret compliance gaps and providing remediation advice and support.
In this position you will:
- Contribute to the development and maturity of our compliance monitoring system.
- Operates the cloud security compliance system by working with platform managers to on-boarding cloud accounts, products and platforms.
- Take operational ownership for maintaining and updating security compliance rule sets mappings and their corresponding impact weightings in accordance with policy and standard changes.
- Support the team in performing unit test and general quality assurance checks before major releases.
- Maintains the security posture of the compliance monitoring system’s supporting infrastructure and code base in order to ensure they are void of vulnerabilities.
- Develop bespoke cloud security tools and configure cloud security solutions to identify compliance gaps.
- Work with system owners to provide security remediation advice and implementation guidance to resource owners.
- Enhance the reporting capabilities of the compliance monitoring system
Pearson is an equal opportunities employer. We do not discriminate against employees or job applicants and select the best person for each job based on relevant skills and experience.
We are also committed to building an accurate picture of the make-up of the workforce and encouraging equality and diversity.
The information you provide will stay confidential, and be stored securely. It will not be seen by those involved in making decisions as part of the recruitment process.
- Working knowledge of Python / C# / Java / Databases
- Experience of Linux and Microsoft Windows,
- A bachelor's degree in computing
- Experience of automating system administration tasks using scripting languages such as Python and/or Ruby
- Some experience of using GitHub for coding and release management
- Hands on experience of using and re-engineering security tools to validate the existence and effectiveness of security controls deployed to safeguard cloud infrastructures
- Hands on experience re-engineering open source security
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x
- Familiarity with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act, the U.S. Health Insurance Portability and Accountability Act (HIPAA), the European General Data Privacy Regulation (GDPR), and PCI/DSS.
- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
- Knowledge of and experience in developing and documenting security requirements and remediation plans.
- Working knowledge of Industry Standard Product and Program Development Life Cycle, including Secure SDLC and OWASP.
- Security certifications such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Information Systems Manager (CISM) or Global Information Assurance Certification (GIAC)
- Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
- Excellent verbal and written communication skills with experience of working with all levels of the business, often remotely via video conferencing.
- The ability to interact with Pearson’s personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
Primary Location: GB-GB-London
Other Locations US-CO-Denver
Work Locations: GB-London-80 Strand 80 Strand London WC2R 0RL
Organization: Technology & Operations
Employee Status: Regular Employee
Job Type: Standard
Shift: Day Job
Job Posting: Sep 19, 2019
Job Unposting: Ongoing
Schedule: Full-time Regular
Req ID: 1906991
Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.