Security Delivery Manager, Cyber Generalist
Our cyber practice is a fast-growing community of industry leading experts. The practice covers Assurance, Compliance, Security Operations, Offensive Security and Security Research.
We are looking for enthusiastic security professionals to join our fast-growing cyber practice. We work with both public and private sector clients, such as the UK central government and blue-chip companies, to deliver tailored solutions that meet their compliance and business requirements.
Job Description
Due to the nature of the client engagements, every employee needs to be able to achieve Security Clearance.
This means that you need to have the right to take up employment within the UK, do not have or require any visa to work, and have been resident in the UK for at least 5 years without any gap(s) totalling more than 6 months.
As an employer we believe in facilitating a flexible work pattern whilst taking into consideration operational requirements, client and individual needs. We are proud of our hybrid work pattern that typically sees employees in the office for a minimum of 2 days per week.
You should be able to easily commute to our Manchester office. For some roles/projects, travel to the clients offices will be required and the frequency is often determined by the client.
Diversity, equity and inclusion are integral to the success of 6point6. We welcome applicants with different perspectives, skills, life experiences and backgrounds, and are proud to have an organisational culture where employees can bring their authentic selves to work.
We are looking for a technical cyber security generalist consultant with experience in solving complex cyber security problems utilising your technical expertise and learned experience.
As a cyber generalist we expect you to demonstrate advanced skills and a high level of expertise across multiple facets of the cyber security domain, some examples of the types of experience that would be beneficial can be found below, we do not expect any candidate to have experience of all of these areas.
We expect a technical cyber security generalist consultant to align their work with SFIA Level 5 responsibilities, which include influencing policy, overseeing complex projects, and delivering high-quality security solutions.
Key responsibilities across our cyber roles:
Security Governance and Compliance
1. Develop and implement security policies, standards, and guidelines
2. Ensure compliance with relevant legal and regulatory requirements
3. Conduct security audits and risk assessments to identify vulnerabilities
4. Develop, implement, and maintain security policies, standards, and guidelines to ensure organisational security objectives are met
5. Conduct regular security audits and assessments to ensure compliance with internal policies and external regulatory requirements
6. Monitor and evaluate compliance with legal and regulatory requirements
7. Develop and oversee a comprehensive risk management program to identify, assess, and mitigate security risks
8. Ensure the organisation adheres to industry best practices and frameworks, such as ISO 27001, NIST, and COBIT
9. Prepare and deliver compliance reports to senior management, detailing the organisation’s compliance status and areas for improvement
10. Collaborate with internal and external stakeholders to ensure security policies are effectively communicated and understood
11. Provide guidance and support to business units on compliance-related issues and the implementation of security controls
12. Maintain documentation of all compliance-related activities, including risk assessments, audit findings, and remediation efforts
13. Stay current with evolving laws, regulations, and industry standards to ensure the organisation’s security posture remains compliant and up-to-date
Security Operations
1. Monitor security systems and develop alerting use cases
2. Provide best practice advice for SecOps/SOC teams
3. Support the establishment and delivery of SecOps strategies
4. Perform SOC Maturity Assessments via SOC-SMM framework
5. Perform threat hunting and vulnerability management
6. Manage and analyse security incidents, and provide recommendations for containment and resolution
7. Create and present incident and SecOps performance reporting
Security Assurance
1. Conduct security assessments and facilitate penetration testing
2. Provide assurance on the effectiveness of security controls
3. Develop and maintain security documentation and reports
4. Advise on full Policy Life Cycle Management
5. Apply standard Information Assurance models to new and existing client engagements
6. Conduct comprehensive security assessments to identify vulnerabilities in systems and networks
7. Develop and maintain security testing plans, procedures, and documentation
8. Ensure security measures are implemented effectively during system development and deployment
9. Review and assess the security posture of third-party vendors and partners
10. Validate the effectiveness of security controls through regular testing and audits.
11. Provide detailed reports on security assessment findings, including risk analysis and remediation recommendations
12. Collaborate with development and operations teams to ensure security requirements are met throughout the project lifecycle
13. Implement and manage security tools and technologies to enhance security posture
14. Stay up-to-date with the latest security trends, vulnerabilities, and regulatory requirements
15. Develop and deliver security training and awareness programs for clients
16. Perform incident response activities, including investigation, mitigation, and reporting
17. Ensure compliance with industry standards, such as ISO 27001, NIST, GDPR, and others
18. Support the development of security policies, procedures, and guidelines
19. Provide expert advice on security best practices to enhance overall security resilience
Security Architecture
1. Design and review security architectures for new and existing systems
2. Provide security input during project design and implementation phases
3. Ensure that security architecture aligns with business objectives and compliance requirements
4. Define the Security Architecture roadmap
5. Investigate and thoroughly understand applications and systems
6. Ensure that the scope, context and constraints are documented and accepted
7. Identify, engage and manage stakeholders
8. Facilitate the making of system-level security decisions, ensuring that they are made on the basis of the best information and are aligned with risk owner needs
9. Define and document strategies, standards and guidelines to direct the build and deployment of the system
10. Ensure that agreed upon architectural principles and standards are applied to the finished system or product
11. Provide security architecture and technical leadership
Offensive Security
1. Carry out broad-scope ethical hacking engagements typically encompassing all of the customer's digital assets
2. Execute penetration testing on web applications, networks, and systems to uncover vulnerabilities
3. Craft, refine, and deploy custom exploits
4. Record findings, generate penetration test reports, and convey results to both technical and non-technical stakeholders
5. Collaborate with the security team to provide insights and recommendations for security enhancements
6. Engage in red teaming exercises, emulating advanced adversarial tactics and techniques
7. Stay updated with the latest vulnerabilities, exploits, and industry best practices
8. Partner with the Blue Team and other security experts to hone detection and response capabilities
Security Strategy
1. Develop the security practice strategy in alignment with corporate strategy
2. Evolve current, retiring and developing new services in conjunction with practice owners and aligned to corporate strategy
3. Work with business development as the “voice of the customer”
4. Work with suppliers to maintain relationships and develop new services that complete the “kit list” that 6point6/ Accenture recommends to customers
5. Monitor emerging trends
6. Engage with industry bodies
7. Aligning and maintaining certification for the organisation with individual goals
8. Influence training plans to align with corporate goals
9. Maintain awareness of regulatory changes that will impact service and drive opportunity
10. Work with business development to respond to bids
Consultancy and Advice
1. Provide expert advice on security best practices to clients
2. Assist clients in developing and enhancing their security posture
3. Deliver security awareness training and workshops
Skills and Knowledge
This is a generalist role but some of the key skills we are looking for are:
1. Proven experience in a cyber security role, with a focus on consultancy
2. Comprehensive understanding of security principles, techniques, and technologies
3. Experience with security frameworks and standards (e.g., ISO 27001, NIST, GDPR, CAF)
4. Knowledge of Incident response and management frameworks such as NCSC, NIST, and CREST
5. Experience performing maturity assessments and utilising their outcomes to drive security strategy
6. Strong analytical and problem-solving skills
7. Excellent communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders
8. Proficiency in security tools and technologies, such as SIEM, IDS/IPS, and vulnerability scanners
9. Relevant certifications such as CISSP, CISM, or equivalent are highly desirable.
10. Autonomy: Works under broad direction. Work is often self-initiated
11. Influence: Influences organisation, customers, suppliers, partners, and peers on the contribution of their own specialism. Builds appropriate and effective business relationships
12. Complexity: Performs an extensive range and variety of complex technical and professional work activities. Work requires application of fundamental principles in a wide and often unpredictable range of contexts
13. Business Skills: Advises on the available standards, methods, tools, and applications relevant to own specialism and can make appropriate choices from alternatives. Analyses, designs, plans, executes, and evaluates work to time, cost, and quality targets. Communicates effectively, both formally and informally.
Qualifications
We will consider all applications but some of the qualifications we would like to see are:
1. Bachelor’s degree in Cyber Security, Information Technology, or a related field.
2. Professional certifications (e.g., CISSP, CISM, CEH, CompTIA Network+, CompTIA Security+, SANS certifications).
3. Professional memberships
Whilst having experience in a consultancy is beneficial, demonstrable experience in working with clients/external partners in other settings will always be considered.
During your career with us, we actively encourage and support employees to continually up-skill and develop their skills and knowledge.
#J-18808-Ljbffr