|IT Security Manager, Up to £80,000 Base + £9600 Car Allowance + Up to 55% Bonus + 38 Days Holiday + 15% Pension, Lovely Blue Chip Company, Brighton Area.
The purpose of the IT Security Manager is to reduce and mitigate IT security risk within the business according to an agreed risk appetite. The IT Security Manager will take responsibility for all security considerations during the selection, planning and implementation of IT systems and providers so as to maintain IT security risk at a tolerable level in accordance with company policy.
Purpose of the Role:
Security Leadership – Be the trusted source of information and cyber security architecture, engineering and operations expertise and pro-actively provide leadership and guidance to Group Finance IT and business functions. Be the recognised focal point for Information Security related matters within Group Finance, and via representation of Group Finance with other parts of the business. Apply a pragmatic and “security by design” approach to all aspects of the role, ensuring that security is an enabler to the business.
Security Strategy, Policy and Oversight – Develop Group Finance IT Security Strategy, design principles and policies based on the Enterprise IT Security Strategy. Ensure that Security Policy and Security Standards are implemented and adhered to, and that exceptions are managed under governance. Provide Subject matter expertise into development of Group Policy and Standards as required.
Security monitoring and Incident Management– develop and maintain proactive internal and external security monitoring, taking action appropriate to risk. Lead the response to IT security incidents, crisis and security problem resolution. Including IT security aspects of business continuity testing
Security Design and implementation – Oversee the design and testing and deployment of security aspects of IT changes to ensure standards are met.
Threat Intelligence & Trends – stay abreast of current future security risks and adapt mitigations and controls accordingly
Penetration Testing and 3rd Party Oversight – Maintain and conduct regular penetration testing schedule for internal and key third party IT partners. Working with relevant stakeholders to identify requirements and resolve issues in timely manner. Lead the oversight and assurance of 3rd party’s security controls and implementation of security and provide strong challenge where needed.
Relationship Management – Establish and maintain effective relationships and governance arrangements with senior stakeholders; provide effective independent escalation and reporting of security issues, risks and deficiencies to business unit management, the Office of the CISO, and relevant governance bodies.
Security Awareness & Training – Report regularly on security profile / exposure and establish key metrics. Implement local security awareness and training initiatives in line with the group’s awareness and training plans
Ideal Qualifications, Knowledge and Skills:
Appropriate security qualification and membership (ISO27001, CISSP, CISM) is desirable. In order to demonstrate the knowledge required to perform the role it is anticipated that the role holder will be educated to degree level or have acquired relevant work experience
Having experience odf working in a regulatory environment, including FCA, PRA is desirable
Good understanding of network security and Cloud architecture, solution infrastructure and application security and vulnerability management
Fully abreast of trends and changing technologies as they relate to information security threats
Information and IT Security broadly, including in-depth knowledge and practice of security architecture development; security threat technical analysis; security solutions evaluation and selection; security solutions engineering and front-line security operations; architectural security controls : application, infrastructure, network, database
Recognised, formal standards for IT control and Security Management Systems, including ISO27001, COBIT, COSO, ITIL and NIST Cyber Security Framework
In depth understanding of trends in security threats, analysis of major publicised incidents and IT trends as they relate to security threats is essential
Detailed understanding of the implementation and operation of key security technologies, including anti-malware (simple and advanced), network perimeter and firewall, monitoring, encryption, intrusion detection, behavioural analysis, information protection, authentication, identity management, security testing and cloud security
Structured approaches to penetration testing, incident and crisis management – experience of contributing to major security incident management is desirable
Active Directory, Citrix, VMware, Cloud platforms Azure, access control,
Relevant experience Managing IT and Information Security, ideally in the financial sector
Track record of delivery of IT security solutions across an enterprise
Proven ability to build successful working relationships and team dynamics
Practical, common sense approach to delivering successful, collaborative outcomes
Working with 3rd parties and outsourced providers including Cloud Services
Experience with systems design and development from business requirements analysis through day to day management