Security Engineering Manager
When it comes to innovation and achievement there are few organisations with a better track record. Join us and you’ll be able to play a big part in the success of our highly successful, fast-paced business that opens up Europe so people can exercise their get-up-and-go. With over 250 aircraft flying over 700 routes to more than 30 countries, we’re the UK’s largest airline, the fourth largest in Europe and the tenth largest in the world. Flying over 70 million passengers a year, we employ over 10,000 people. Its big-scale stuff and we’re still growing.
The Security Engineering Manager is responsible for protecting our organisation's information and information systems from loss and compromise through the delivery and effective management of a security engineering team.
- Manage, lead and develop a high-performing team of security technical architects and security engineers with associated security domain specialisms.
- Accountable for ensuring the team is adequately resourced and skilled to meet demand.
- Accountable for the delivery of a security engineering capability and ensuring security architecture and engineering elements are included in projects.
- Ensure that a mechanism is in place for security knowledge transfer within the engineering team delivering assurance of consistent secure designs and services across the team.
- Ensure clear strategies are in place for embedding relevant security policies and technical standards in projects and service.
- Define security tools, systems and solutions, aligned to IT strategy and security standards.
- Produce and disseminate management information in relation to the performance of technical security controls, technical assurance activities and service improvements.
- Build and subsequently maintain the capability of security services, including technology roadmaps that define Security-centric platforms and associated working practices.
- Lead the management, maintenance and service improvement of security engineering systems.
- Prepare material for periodic security groups.
- Create, introduce and embed new technical standards and controls through continuous improvement.
- Lead the development, maintenance and compliance of security technical standards and procedures.
- Provide IT teams with security technical architecture and engineering focused support, training and consultancy to ensure compliance with security policies, standards, compliance and regulations.
- Accountable for ensuring that technical aspects of systems and services are ‘Secure by Design’.
- Develop and operate procedures that counteract potential threats and vulnerabilities, maintaining the integrity and capability of security systems.
In line with the Competency Framework for job family M&P (Management & Professional) which cover:
Ownership and Delivery. Has a clear focus to deliver results, working to targets, reviewing progress and adapting their plans accordingly, motivating themselves/the team to achieve.
Business Performance. Understands business and external environment, is cost conscious and understands the longer term perspective and implications of decisions.
Innovation and Change. Is open to new ways of doing things and questions existing approaches, views change as an opportunity, comfortable working in a dynamic and ambiguous environment.
Building Relationships. Expresses ideas confidently and clearly, builds positive and constructive relationships with others, gets to know colleagues within their own team and supports them to ensure team goals are achieved.
Requirements of the Role
- The jobholder must have a thorough understanding of the security threat landscape, significant risks, technical developments and directions.
- Strong interpersonal and management skills are essential, as the jobholder must be able to lead a team and operate effectively at all levels within and outside of the company.
- Depth of experience in IT Technical Security, some of which must be as a principle practitioner.
- Experience of managing a managed security service provider.
- Experience of multiple security systems from technical configuration, implementation and operational perspectives including, vulnerability management, SIEM, IDS/IPS, Web Content Filtering, NAC, WAF, DLP, IAM.
- Proven experience of providing technical assurance of application, network and host security.
- Direct experience of leading security architecture and engineering teams.
- Demonstrable experience in the identification and implementation of security technical controls.
- Excellent written and oral communication skills.
- Ability to present ideas in ‘non-technical’ business-friendly accessible language.
- Ability to effectively prioritise and execute tasks in a high-pressure environment.
- Be a business-focussed, creative, innovative pragmatic and positive team player.
- One or more of the following qualifications are highly desirable.
- Masters in Information Security (MSc)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- TOGAF Certified
- Certified Information Security Architecture Professional (CISSP-ISSAP)
- Certified Secure Software Lifecycle Professional (CSSLP)
- Certified Cloud Security Professional (CCSP)
If you are interested in hearing more about this opportunity or want to apply then please contact Jonny Duggan on 01908 886 038 or email firstname.lastname@example.org.