IT Security QA Lead/Manager, NIST Our client, a leading financial services organisation, are looking to engage a specialist IT Security QA specialist. The IT Security QA Lead will be responsible for ensuring quality is embedded throughout IT Security Capability, including setting strategies and standard to achieve predictable outcomes and defect-free products consumed by colleagues across the wider IT estate and business Hybrid working - 2 days per week on site.Limited company engagement is permitted; IR35 determination is the responsibility of the Limited company providing services prior to commencement. General responsibilities: - Define capability-wide Quality strategy and in-depth knowledge of drivers of cyber engineering, cyber security terminology, methodologies and cyber threat intelligence frameworks. Conduct quality assurance reviews of security systems, tools and processes ensuring compliance with security standards. Standardise security testing on applications and infrastructure enabling identification of security weaknesses. Standardise validation of security patches, updates, and configurations. Review security procedures, and controls for compliance and effectiveness ensuring alignment to NIST. Ensuring alignment to NIST maturity improvements Analyse security incidents, changes, and requests to identify root causes and prevent future occurrences/improve efficiency. Develop company-wide best practices for IT security quality assurance and conduct security awareness training for employees. Ensuring adherence to prescribed Digital Operational Resilience processes and ensuring that capability technology resilience strategies and plans meet business resilience needs at all times. Skills and experience required: - Extensive Security Technology and Engineering experience with deep insight into the latest security technology trends. Extensive experience in managing teams and MSPs. In-depth knowledge and experience of drivers of cyber engineering, cyber security terminology, methodologies and cyber threat intelligence frameworks. Experience with security tooling. Experience with incident response frameworks and methodologies, including frameworks like NIST CSF and MITRE ATT&CK. Familiarity of working with Agile software and development teams Familiarity with security information and event management (SIEM) and security orchestration, automation, and response (SOAR) tools. ITIL, ISTQB, ASTQB, ISEB certified or equivalent commercial experience. Experience working with the NIST Cyber Security Framework and ISO27001.