Requirement for Multiple Service Management Security Managers – UK Wide/Home based
Base Salary up to £65k
Homebased with flexible travel
Grade D car (no cash allowance available)
25 days holiday plus statutory holiday
6% matched pension contribution
My client is currently recruiting for an Information Technology (IT) Security Manager covering the IT security aspects of their service contracts. The core function of this role is to provide operational IT security risk, assurance and IT security incident management for the contract, advising and guiding contract management and maintaining and accurate and effective information security risk register.
The candidate will be required to provide security assurance and guidance within the contract’s IT environments, as well as being the key IT security advisor on a number of core projects. The successful candidate must have a good technical and security background, demonstrable experience in managing tasks, projects or contracts, and the ability to manage the production of deliverables. This is an operational role, not consultancy. As such the candidate should have experience of operating security management processes – specifically IT Security Incident management.
The successful candidate will have demonstrable experience with the operational aspects of information security. This should include an understanding of the capabilities and appropriate use of tools for protective monitoring, malware prevention, log analysis, and vulnerability detection, and the ability to interpret and summarise the output of such tools into reports that are meaningful to customers and other stakeholders.
Prior experience working in the Local or Central Government sector would be advantageous. The candidate will need to possess a good knowledge of security standards, and have demonstrable ability in the operation and maintenance of an ISMS.
The IT Security Manager will be required to take operational ownership of all IT security management processes, including:
- IT Security Risk Management
- IT Security Incident Management
- IT Security assurance activities
- Support a variety of projects and design activities, including:
- security factors such as HMG policy and good practice,
- assurance requirements,
- technical requirements,
- selection of security technologies and controls,
- physical security requirements,
- Personnel and / or procedural requirements.
- Be responsible for maintaining compliance with legal, regulatory, and contract-specific security standards – specifically ISO27001, PCI-DSS, and the Data Protection Act.
- Adopt a proactive approach to security management and security assurance coordination, ensuring smooth running of scheduled activities (penetration tests, security documentation review) and gaining the trust of key stakeholders (including customer representatives and accreditors).
- Engage with external audit and assurance providers, including IT Security Health Check suppliers, scoping test plans and helping stakeholders interpret the results of the tests and audits, as well as supporting the implementation of any remedial actions, where required.
- Create and implement a comprehensive Information Security Policy and related processes and procedures in line with ISO27001 and Government policies. Undertake gap analyses against formal security frameworks (particularly ISO27001), reporting on areas of deficiency and producing remedial action plans (where appropriate).
- Manage security incident responses and conduct investigations to understand the source of security breaches, assess and contain damage and devise measures to protect against future breaches.
The candidate should have a broad Information Security knowledge, ranging from developing and reviewing security architectures through to risk assessment and certification. Excellent communications skills (written and oral) are essential, as is knowledge and experience of ISO 27001 and PCI-DSS.
- Certified Information Security Manager (CISM)
- And / or
- Certified Information Systems Security Professional (CISSP)
- And / or
- Qualified ISO27001 Lead Auditor and / or Implementer
- Certificate in Information Security Management Principles (CISMP)
Knowledge and understanding of multiple Information Security-related requirement sources/standard, examples:
- The Government Security Policy Framework (SPF), along with HMG and CESG security standards, memoranda and guidelines
- PCI-DSS, PA-DSS (Payment Card Security)
- ISO27001 (Information Security Management)
- N3/NHS codes of connection
- PSN connectivity and codes of connection
- Data Protection Act
- BS 25999 / ISO22301 (Business Continuity Management)
- UK Government Cyber Essentials Scheme
In return we offer a competitive salary, contributory pension, 25 days annual leave plus bank holidays and the chance to develop your skills and experience in a challenging yet rewarding role.
For more information please contact Sam Page.
01908 88 60 37