Security Operations Manager (SC Cleared)
6 Month Contract
£635 p/d (Inside IR35)
Hybrid - 2-3 times per month on site in Central London
***Please note- The selected candidate MUST HAVE ACTIVE SC Clearance***
The Security Operations Manager is primarily responsible for ensuring the security controls (people, process, technology) are in place and operating as designed. The primary aim is the design, development, test and evaluation of information security throughout its lifecycle. This is to ensure the business purpose of the system is enabled in a safe and secure manner based on the alignment of identified risks to the acceptable risk posture of the business.
***The ideal candidate must have at least one of the following certifications- CISSP, CCSP, CISM, CISA***
Responsibilities in this role-
Develops and maintains Information Security Management practice and process to ensure certification to required industry standards (e.g., ISO 27001) within relevant geographic boundaries.
Develops, proposes and seeks sponsorship for changes to policies, procedures and controls to ensure the integrity of our IT service and effective management and control of HO information assets. Facilitates the implementation of these controls.
Provides cyber security support and guidance across the service, informing key stakeholders of the impact of changes in industry practice and regulation on the use of technology/data in the delivery of our services.
Performs focused information risk assessments of existing or new services and technologies, alongside the Operational/Service Management team and technology subject matter experts.
As required, will extend the assessment of existing and proposed services to third party suppliers, including the facilitation of IT Security checks during the supplier onboarding process.
Coordinate audit, ITHC and risk assurance activities to evidence compliance with established regulatory and governance requirements
In collaboration with Learning and Development, advises on the content of HO mandatory training for IT Security, Information Risk Management and related subject matter (as it becomes relevant to our business) involved in the delivery and support of the service
Maintains strong working relationships with individuals and groups involved in managing information risk across the HO and 3rd parties
Chairs and co-ordinates the Security Working Group and actively participates in supporting/governing forums
Responds to information security requirements to support client queries
Contribute to the analysis of data protection risks
Monitors information security incidents, contributing to incident response and root cause analysis. Will own resulting actions as required where they relate to required changes in IT Security and Information Risk Management policy and controls (within HO or 3rd party systems and services)Skills, knowledge and experience required
In-depth knowledge of modern security concepts, such as common attack vectors, malware, security analytics and threat intelligence and a sound understanding of underlying technologies (including networking, server hardening, virtualisation, AD)
A good understanding of security testing and vulnerability management is important (including pen testing/ITHC, CVSS/CVE)
Knowledge of products and understanding of their capabilities including EndPoint Management, Vulnerability Management, SIEM
Understanding of major regulatory and industry standards/guidelines such as NIST and MITRE ATT&ACK frameworks
Stakeholder Management: ability to create and maintain strong relationships with stakeholders in order to drive outcomes and create alignment around a vision or course of action
Communication for technical Leadership: Ability to communicate technical ideas and strategies effectively to non-technical audiences, including senior leadership teamSpecific or specialist qualifications and experience required
Strong work experience in roles with responsibility for the delivery and management of Information Security, preferably as an information security or risk analyst.
Some experience in a role with accountability for regulatory compliance and information security management frameworks (e.g., International Organisation for Standardization [IS0] 27000, National Institute of Standards and Technology [NIST] 800).
Demonstrable experience in facilitating IT Control audit activities.
Disclaimer:
This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission. Where the role is marked as Outside IR35 in the advertisement this is subject to receipt of a final Status Determination Statement from the end Client and may be subject to change