Job Title: Technical Security Manager Reporting to: Director of IT and Security Contract: Six-month fixed term contract Hours: Full-time Salary: £60 - £65k FTE depending on experience Base: Hybrid, home and minimum two days per week in London office Job purpose: To operate our information security management system and maintain Mental Health Innovations’ ISO 27001 certification Closing Date: 8th November 2024, 5pm Please Click Here for the full candidate pack for this role. Key Responsibilities Building and maintaining excellent relationships with team leads across the organisation to raise awareness of security and work through issues Deputising for the Director in security matters as required Operation of the ISMS and Data Protection processes Managing risk register, preparing for management review meetings Developing/maintaining controls and ensuring they are implemented across the organisation Refining our security KPIs and maintaining them Proposing actions from KPIs, events and incidents and coordinating resultant work Working with the Director to track threats and vulnerabilities, evaluate risk levels and progress treatment plans Ensuring secure endpoint and cloud posture Working with the team to plan consultancy days; e.g. work items requiring deep knowledge of a specific security domain or a technical specialist Monitoring our processes and suggesting improvements Proposing and progressing other continuous improvement work Feeding into training and awareness programmes and improving security culture Preparing for audits and carrying out remediation work Working with the Director to create, maintain and manage policies and ensure compliance Planning and participating in incident response exercises Managing major incidents and conducting post mortems/reviews Person Specification Essential Experience of risk management Working knowledge of security standards and frameworks, particularly ISO 27001 Knowledge (and preferably experience) of GDPR and DPA 2018 Experience of incident management Excellent knowledge of high level security concepts and best practice Excellent documentation skills, including policies and standards Knowledge of the following areas (deeper experience of one or more preferred): Endpoint security Network security Cloud security Application security Identity and access management Secure distributed working practices Excellent written and verbal communicator Ability and desire to learn new tools, skills and consider other perspectives Growth mindset. Comfortable performing a wide range of activities, including stretching to new skill/experience areas Ability to manage own time, confirm priorities and expectations Independent worker who knows when to ask questions Comfortable working with the wider team and organisation Comfortable dealing with ambiguous situations and objectives Desirable Professional qualifications, such CompTIA, CISSP, CCSP, ISO 27001 Auditor Exposure to ITIL (ITIL Foundation or higher preferred) Experience in one or more of the following: Cloud (AWS preferred) Salesforce SSO & federated identities Network security, SASE & VPNs Endpoint security Infrastructure security and best practices Working knowledge of encryption technologies Password management and access control Security training and awareness Secure distributed working practices Securing domains Detection and response, with excellent troubleshooting skills Working knowledge of one or more of these tools/products: Salesforce JIRA & Confluence Mac/iOS & ChromeOS Windows/Office365 Google Workspace Creative thinker, but understands the importance of seeing a piece of work through to the end and on time Decisive, proactive, knows when to check the boundaries We will be interviewing on a rolling basis and reserve the right to close the job advert early if we receive a high number of applicants.