Security Delivery Associate Manager, Cyber Generalist
Our cyber practice is a fast-growing community of industry-leading experts. The practice covers Assurance, Compliance, Security Operations, Offensive Security, and Security Research.
We are looking for enthusiastic security professionals to join our fast-growing cyber practice. We work with both public and private sector clients, such as the UK central government and blue-chip companies, to deliver tailored solutions that meet their compliance and business requirements.
Job Description
Due to the nature of the client engagements, every employee needs to be able to achieve Security Clearance.
This means that you need to have the right to take up employment within the UK, do not have or require any visa to work, and have been resident in the UK for at least 5 years without any gap(s) totaling more than 6 months.
As an employer, we believe in facilitating a flexible work pattern whilst considering operational requirements, client, and individual needs. We are proud of our hybrid work pattern that typically sees employees in the office for a minimum of 2 days per week.
You should be able to easily commute to our Manchester office. For some roles/projects, travel to the clients' offices will be required, and the frequency is often determined by the client.
Diversity, equity, and inclusion are integral to the success of 6point6. We welcome applicants with different perspectives, skills, life experiences, and backgrounds, and are proud to have an organizational culture where employees can bring their authentic selves to work.
We are looking for a technical cyber security generalist consultant with experience in solving complex cyber security problems utilizing your technical expertise and learned experience.
As a cyber generalist, we expect you to demonstrate advanced skills and a high level of expertise across multiple facets of the cyber security domain, some examples of the types of experience that would be beneficial can be found below; we do not expect any candidate to have experience in all of these areas.
We expect a technical cyber security generalist consultant to align their work with SFIA Level 5 responsibilities, which include influencing policy, overseeing complex projects, and delivering high-quality security solutions.
Key Responsibilities:
Security Governance and Compliance
1. Develop and implement security policies, standards, and guidelines.
2. Ensure compliance with relevant legal and regulatory requirements.
3. Conduct security audits and risk assessments to identify vulnerabilities.
4. Develop, implement, and maintain security policies, standards, and guidelines to ensure organizational security objectives are met.
5. Conduct regular security audits and assessments to ensure compliance with internal policies and external regulatory requirements.
6. Monitor and evaluate compliance with legal and regulatory requirements.
7. Develop and oversee a comprehensive risk management program to identify, assess, and mitigate security risks.
8. Ensure the organization adheres to industry best practices and frameworks, such as ISO 27001, NIST, and COBIT.
9. Prepare and deliver compliance reports to senior management, detailing the organization’s compliance status and areas for improvement.
10. Collaborate with internal and external stakeholders to ensure security policies are effectively communicated and understood.
11. Provide guidance and support to business units on compliance-related issues and the implementation of security controls.
12. Maintain documentation of all compliance-related activities, including risk assessments, audit findings, and remediation efforts.
13. Stay current with evolving laws, regulations, and industry standards to ensure the organization’s security posture remains compliant and up-to-date.
Security Operations
1. Monitor security systems and develop alerting use cases.
2. Provide best practice advice for SecOps/SOC teams.
3. Support the establishment and delivery of SecOps strategies.
4. Perform SOC Maturity Assessments via SOC-SMM framework.
5. Perform threat hunting and vulnerability management.
6. Manage and analyze security incidents, and provide recommendations for containment and resolution.
7. Create and present incident and SecOps performance reporting.
Security Assurance
1. Conduct security assessments and facilitate penetration testing.
2. Provide assurance on the effectiveness of security controls.
3. Develop and maintain security documentation and reports.
4. Advise on full Policy Life Cycle Management.
5. Apply standard Information Assurance models to new and existing client engagements.
6. Conduct comprehensive security assessments to identify vulnerabilities in systems and networks.
7. Develop and maintain security testing plans, procedures, and documentation.
8. Ensure security measures are implemented effectively during system development and deployment.
9. Review and assess the security posture of third-party vendors and partners.
10. Validate the effectiveness of security controls through regular testing and audits.
11. Provide detailed reports on security assessment findings, including risk analysis and remediation recommendations.
12. Collaborate with development and operations teams to ensure security requirements are met throughout the project lifecycle.
13. Implement and manage security tools and technologies to enhance security posture.
14. Stay up-to-date with the latest security trends, vulnerabilities, and regulatory requirements.
15. Develop and deliver security training and awareness programs for clients.
16. Perform incident response activities, including investigation, mitigation, and reporting.
17. Ensure compliance with industry standards, such as ISO 27001, NIST, GDPR, and others.
18. Support the development of security policies, procedures, and guidelines.
19. Provide expert advice on security best practices to enhance overall security resilience.
Security Architecture
1. Design and review security architectures for new and existing systems.
2. Provide security input during project design and implementation phases.
3. Ensure that security architecture aligns with business objectives and compliance requirements.
4. Define the Security Architecture roadmap.
5. Investigate and thoroughly understand applications and systems.
6. Ensure that the scope, context, and constraints are documented and accepted.
7. Identify, engage, and manage stakeholders.
8. Facilitate the making of system-level security decisions, ensuring that they are made based on the best information and are aligned with risk owner needs.
9. Define and document strategies, standards, and guidelines to direct the build and deployment of the system.
10. Ensure that agreed-upon architectural principles and standards are applied to the finished system or product.
11. Provide security architecture and technical leadership.
Offensive Security
1. Carry out broad-scope ethical hacking engagements typically encompassing all of the customer's digital assets.
2. Execute penetration testing on web applications, networks, and systems to uncover vulnerabilities.
3. Craft, refine, and deploy custom exploits.
4. Record findings, generate penetration test reports, and convey results to both technical and non-technical stakeholders.
5. Collaborate with the security team to provide insights and recommendations for security enhancements.
6. Engage in red teaming exercises, emulating advanced adversarial tactics and techniques.
7. Stay updated with the latest vulnerabilities, exploits, and industry best practices.
8. Partner with the Blue Team and other security experts to hone detection and response capabilities.
Security Strategy
1. Develop the security practice strategy in alignment with corporate strategy.
2. Evolve current, retiring, and developing new services in conjunction with practice owners and aligned to corporate strategy.
3. Work with business development as the “voice of the customer.”
4. Work with suppliers to maintain relationships and develop new services that complete the “kit list” that 6point6/ Accenture recommends to customers.
5. Monitor emerging trends.
6. Engage with industry bodies.
7. Aligning and maintaining certification for the organization with individual goals.
8. Influence training plans to align with corporate goals.
9. Maintain awareness of regulatory changes that will impact service and drive opportunity.
10. Work with business development to respond to bids.
Consultancy and Advice
1. Provide expert advice on security best practices to clients.
2. Assist clients in developing and enhancing their security posture.
3. Deliver security awareness training and workshops.
Skills and Knowledge
This is a generalist role but some of the key skills we are looking for are:
1. Proven experience in a cyber security role, with a focus on consultancy.
2. Comprehensive understanding of security principles, techniques, and technologies.
3. Experience with security frameworks and standards (e.g., ISO 27001, NIST, GDPR, CAF).
4. Knowledge of Incident response and management frameworks such as NCSC, NIST, and CREST.
5. Experience performing maturity assessments and utilizing their outcomes to drive security strategy.
6. Strong analytical and problem-solving skills.
7. Excellent communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders.
8. Proficiency in security tools and technologies, such as SIEM, IDS/IPS, and vulnerability scanners.
9. Relevant certifications such as CISSP, CISM, or equivalent are highly desirable.
10. Autonomy: Works under broad direction. Work is often self-initiated.
11. Influence: Influences organization, customers, suppliers, partners, and peers on the contribution of their own specialism. Builds appropriate and effective business relationships.
12. Complexity: Performs an extensive range and variety of complex technical and professional work activities. Work requires application of fundamental principles in a wide and often unpredictable range of contexts.
13. Business Skills: Advises on the available standards, methods, tools, and applications relevant to own specialism and can make appropriate choices from alternatives. Analyses, designs, plans, executes, and evaluates work to time, cost, and quality targets. Communicates effectively, both formally and informally.
Qualifications
We will consider all applications but some of the qualifications we would like to see are:
1. Bachelor’s degree in Cyber Security, Information Technology, or a related field.
2. Professional certifications (e.g., CISSP, CISM, CEH, CompTIA Network+, CompTIA Security+, SANS certifications).
3. Professional memberships.
Whilst having experience in a consultancy is beneficial, demonstrable experience in working with clients/external partners in other settings will always be considered.
During your career with us, we actively encourage and support employees to continually up-skill and develop their skills and knowledge.
Additional Information
Who are 6point6, part of Accenture?
Now part of Accenture, 6point6 drives the right change in every organization through the positive impact of technology. Leading with strategy, architecture, and design, we connect cloud, data, and cyber to engineer and deliver large-scale, complex transformations across public and private sectors.
We help organizations realize the value of their business strategy, allowing them to engage in a more meaningful way with their end customers. Our clients work with us because they know for us it’s never just about the project at hand. It’s about creating lasting partnerships built on trust and enabling their long-term success.
We have lead offices in central London and Manchester, as well as access to other Accenture office locations around the UK.
Why us?
6point6 strives to create and maintain a work environment in which people are treated with dignity, decency, and respect. We champion diversity and are committed to creating an inclusive environment for all employees. A number of employee-led groups work with us to create a unique, fun, and fulfilling environment that contributes positively to our culture and our corporate social responsibility commitments.
We are fully committed to hiring, developing, and retaining the best people and operate a zero-tolerance culture towards any discrimination.
Irrespective of your needs, and no matter how small, please let the Recruitment Team know if there are any ways that we can support you during the hiring process.
From health and wellness to lifestyle and finances, we have your best interests at heart.
We offer a competitive salary and benefits package that includes all the standard offerings you’d expect like company bonus plan, pension, private medical, life assurance, and income protection. Employee wellbeing is also of the utmost importance to us and we have many benefits supporting wellbeing including an employee assistance program, life coaching, a cycle to work scheme with bike storage, and much more.
Our Values
Our people shape our culture and our values are embedded into everything we do.
1. HUMAN: We celebrate our differences and bring our authentic selves to work. We are one, inclusive, team.
2. DEDICATED: We are dedicated to each other, our clients, and to our profession. We care.
3. HONEST: We embrace transparency, act with integrity, and encourage everyone to speak openly.
4. BRAVE: We empower each other to make bold decisions, to take ownership, and to challenge with respect.
We are a disability confident committed employer.
If you have access requirements and would like to discuss with us, please contact us: recruitment@6point6.co.uk
#J-18808-Ljbffr