Who we are: There has never been a more exciting time to join the Digital Solutions business unit at CACI LTD. CACI help clients transform their businesses using data and technology so that they are ready for the challenges of today and tomorrow. Essential Duties and Responsibilities: We are seeking a highly skilled Information Security Governance & Communications Manager to join our team and be responsible for continual improvement of the overall security posture and awareness within our client’s organisation. This role involves overseeing all aspects of cyber security, including risk assessments, vulnerability management, and the integration of security best practices into the software development lifecycle. The candidate will work alongside the Information Security Team comprising technical resources to ensure that applications comply with relevant industry standards and regulations. A key part of the role is managing communication and reporting functions, providing regular updates to senior management, application stakeholders, users, and development teams regarding security risks, remediation efforts, and overall application security posture. The officer will also collaborate with cross-functional teams to implement security improvements and lead security audits and assessments. Key Responsibilities: Application Security Management Adherence to application security policies and standards to ensure applications are secure and compliant with industry regulations and internal policies. Support security assessments for applications across the portfolio, including vulnerability testing, penetration testing, and risk assessments. Collaborate with Information Security technical teams to integrate security best practices into the software development lifecycle (SDLC), including secure coding practices, security testing, and threat modelling. Monitor and manage security incidents related to applications, ensuring timely resolution and mitigation of risks. Ensure that application security controls align with industry regulations, including GDPR, ISO 27001, PCI DSS, or other relevant standards. Stakeholder Communication & Reporting Lead the communication of security risks, vulnerabilities, and remediation efforts to application owners, developers, and other stakeholders. Prepare and present regular security reports to senior management, outlining the status of application security, risks, and compliance metrics. Act as a liaison between Information Security teams and the client’s application stakeholders, ensuring alignment on security priorities and activities. Manage and maintain relationships with third-party vendors, ensuring compliance with security standards and contracts related to application security. Liaison with external and internal auditors, review and issue of audits reports, maintenance of audit findings logs and proactive follow up of open findings. Organise and contribute to the Quality and Security forum. Continually raise awareness and understanding of quality matters within the organisation, liaison with business groups quality leads over quality and compliance matters. Enforcement of quality and information security policies, procedures and processes. Communication of quality and security requirements in a clear, effective and engaging way Assistance with supplier and customer due diligence activities. Continuously evaluate and improve the organisation’s security policies, standards, and practices. Essential Skills: Excellent attention to detail with the ability to draft and produce accurate, detailed reports and documents to tight timeframes. Proven experience of improving application security posture including alignment to associated ISO standards e.g. (OWASP, Cyber Essentials, ISO 9001) Ability to work at all levels, sometimes dealing with confidential and sensitive business information. Proven ability to work under pressure, managing multiple stakeholders with differing priorities and timeframes. Excellent interpersonal and communications skills with experience of managing internal and external stakeholders. Ability to provide accurate feedback of audit findings to executive board members. Can-do attitude with a methodical and diligent approach showing great organisation and planning skills. Experience: Minimum of 5-7 years of experience in information security, ideally with at least 3 years focusing on application security. Proven track record in managing security across large portfolios of applications in a complex environment. Familiarity with common security frameworks and compliance requirements (e.g. NIST, ISO 27001, GDPR, PCI-DSS) Strong leadership experience, with the ability to lead teams and manage security projects across multiple applications and business units Other details Pay Type Salary Job Start Date 02 December 2024