Job Description Summary and purpose of position: 6-9 month FTC The purpose of this role is to lead and deliver day-to-day management and oversight of IT security subject matter expert deliverables for security technologies within Wincanton. The IT Security Engineering Team Lead will be responsible for leading the day-to-day security operations, maintenance, support and configuration of the technical security platforms. Oversee and contribute their expertise and knowledge to security data analysis, threat intelligence, security information event management, incident response and defence requirements. They will be the lead for technical security projects and initiatives and will ensure that IT security tools, Security Engineering team and processes are optimised as required by the Head of Cybersecurity & Risk and closely aligned to the IT Technical Engineering team. This role will be expected to support out of hours coverage, as agreed. Purpose Build strong relationships with the Cybersecurity & Risk, Data Privacy, IT, People Services and Legal teams, engage with Business and external providers, to ensure all technical IT Security controls are appropriately deployed. Ensure the company’s safe advancement with new technology and ways of working by technically leading design, creation and application of appropriate technical security products and solutions Ensure research, selection and deployment of new technical security controls are technically viable for use by Wincanton Lead the IT team in the ongoing testing, compliance and assurance of IT systems, processes and standards across the company Engage, support and work closely with the business at all levels to ensure information security regulations, requirement and policies are understood, communicated, & implemented effectively across all business functions. Manage security operations and cyber incident management response Act as an escalation point for threat hunting activity and provide technical decision and input for response and containment Ensure continuous monitoring of security alerts, logs, and reports, conducting in-depth analysis to identify anomalies, threats, and potential vulnerabilities that could impact IT operations Manage security incidents and investigations and partner with external SOC team to respond to security incidents promptly, ensuring the resilience of our IT systems and operational technology Identify and evaluate emerging threats and vulnerabilities, providing recommendations for mitigation, ensuring out critical systems and data are secured Maintain and provide detailed records of incident reports, investigations, and resolutions, adhering to specific compliance and reporting requirements Ensure optimum utilisation of IT Security toolset such as, Tenable, CrowdStrike and Defender to identify, assess, and remediate vulnerabilities specific to our IT infrastructure and operational technology systems, ensuring their confidentiality, integrity and availability Identify, evolve and mature the company’s capability for detecting and responding to cyber incidents Duties And Responsibilities Provide a point of technical authority for the effective use of technical security controls across the company and ensure adequate escalation cover is provided out of hours as required Develop technical roadmaps for IT security technology, in step with the Cybersecurity & IT Strategy and other business planning activities Work closely with the Cybersecurity team to ensure critical business assets are adequately protected from cyber-related threats through the use of appropriate technical controls Provide thought leadership and expertise to identify, evaluate and monitor ongoing threats and risks that could affect business operations Utilise Tenable, CrowdStrike, Mimecast and Defender to identify, assess, and remediate vulnerabilities specific to our IT infrastructure and operational technology systems, ensuring their integrity and availability Act as a security advocate within the IT Technical team to ensure security best practice across the team Keep up to date with the latest emerging threats, vulnerabilities and attacker techniques Develop an understanding of Wincanton’s regulatory and customer/contractual obligations for IT security, and the requirements of standards such as Cyber Essentials/Essentials Plus, GDPR and ISO27001, NIST Cybersecurity Framework Deliver confidential eDiscovery, legal hold, data extraction, analysis and summary against identified data custodians, working with approved third-parties and actioning highly confidential requests quickly and with integrity Support in the management of 3rd party security (supplier) relationships and assist in the development of existing relationships and the competitive selection of new suppliers Provide cover and support to IT Security Operations Centre (SOC) Engineer and IT Security Engineering team Typical Outputs Optimally configured technical security controls Documentation supporting delivery of security technologies Security Key Performance Indicators (KPIs) Thought leadership and technical expertise Experience, Skills And Attributes Team leadership and people management experience. With proven ability to motivate and develop team members to reach their full potential To have a genuine passion for Cyber Security and its technology, and a drive to continually develop professional and personal knowledge in this fast-moving area Be self-motivated and able to work to a high standard under own initiative Able to pay and maintain close attention to detail Have sound analytical skills; able to think laterally and challenge existing concepts Be a good and confident communicator at all levels; an ability to assert and defend a point of view that can be balanced with pragmatism at times Have the ability to understand technical complexities and issues, and be able to explain and translate these to a less technical audience Must be able to operate as a member of the wider IT team, contributing to a wide range of Information Security risks and issues, to provide joint outcomes Have a good understanding of security threats, attack scenarios, intrusion detection techniques and incident management Awareness of information risk, assurance and information security strategy programs, within large corporate environments is desirable Awareness of information security principles (Confidentiality, Integrity, Availability) Awareness of communication channels and methods of influence (Awareness, Behavior, Culture) Awareness of enterprise technologies including associated security vulnerabilities and exploits Awareness of web apps design, development and deployment across different platforms A Good Understanding Of The Following Endpoint security (CrowdStrike) SIEM platforms PAM, PIM & IAM principles Windows Server technologies, Active Directory and Azure AD Networking concepts (DNS, IP, segregation techniques) Email and web security technologies Cloud computing concepts and service models IaaS/PaaS/SaaS (Azure / AWS) Authentication concepts (Windows, AAD, Managed Identity) Microsoft 365 security and compliance MITRE ATT&CK Framework Cyber Essentials/Essentials Plus, GDPR, ISO 27001, NIST CSF and other information security-related regulatory and compliance standards Our Commitment Our people are our most important asset and as such we are continuously expanding our capability programs to provide you with opportunities to build and extend your professional, functional, and management skills. Your development through coaching is our priority. Continuous learning takes place through a broad variety of opportunities and types of engagements. Access to the latest technological innovations in the logistics and supply chain industry, as well as Wincanton’s deep knowledge and expertise in our field, constitute a superb platform for your professional development