Accountabilities: • Help build and mature the Microsoft Security practices within the organisation utilising the Azure M365 application stack and E5 capabilities • Evaluate the effectiveness and coverage of security products and tooling to continuously monitor and protect company assets • Identification, mitigation, and management of security threats, vulnerabilities and risks • Work closely with Spires managed security operation centre • Assess and respond to external threat intelligence reports • Conducting internal audits of security controls in place developed/supported/ implemented by Spire’s technical infrastructure and development teams • Support ISO27001, NIST, Cyber Essentials Plus and other internal and external audit programmes • Providing support and guidance within IT and the Wider Business to ensure compliance with security policy and standards • Support the continuous improvement of security policies, procedures, standards and guidelines • Implement and improve technical processes to create efficient and secure methodologies • Support the management and investigation of security events including post incident reviews in conjunction with other IT teams and members of the Information Security function • Develop awareness materials to ensure continuous improvements to the security culture for the organisation • Research security enhancements and make recommendations • Stay current on information technology trends and security standards Personal Profile: Qualifications and Training • Recognised IT or Information Security qualifications including Cisco, SANS, ISO27001, CCSP, CISA, or SSCP (desirable) • AZ500, SC200, SC900 (desirable) • CEH (desirable) Knowledge and Technical Ability You will have at least 3 years experience in a similar technical IT Security role for a medium to large enterprise, involving a broad range of technology including some of the following: Demonstrable Specific M365 experience is essential ▪ SharePoint Online, Purview, InTune, Defender, Sentinel, Azure AD (Entra) o Knowledge & understanding of security principles surrounding SIEM, Antivirus, DLP, Firewalls, Open Source Filtering tools, Cloud security (Azure), EDR, Scanning/vulnerability tools, IdAM (PAM) etc. o Experience working with SOC desirable o Knowledge of Windows Servers and Linux Servers o Endpoint and network security technologies • Knowledge of IT Security and Governance best practices and industry standards, including, but not limited to, ISO27001, NIST, Cyber Essentials etc • Strong understanding of technical security risk, threat, and vulnerability management principles • Ability to drive own workload identifying risks and requirements working flexibly where required Skills and Behaviours • Someone intuitive and self-motivating • Likes to problem solve by researching and investigating better ways of operating utilising the people, processes, and technologies • Excellent verbal and written communications skills • Excellent inter-personal skills • Ability to work accurately and at pace commensurate with a rapidly changing risk environment • Ability to respond to risks and issues quickly • An innovative thinker and detail oriented • Friendly and approachable • Willingness to learn and undertake formal and informal training should it be required