Security Operations Manager (CCP SIRA, CISM) is required by this well known, multi-national, leading applications and communications technology Services Company.
You will be joining a wider Security Practice with a specific purpose of managing a high profile, key central Government client platform.
You will be responsible for Information security, risk and asset ownership of their platform. This forms a key role in the day-to-day contact from a security perspective of the service delivery of the platform.
As the responsible S.O.M., you will be required to be articulate, technically aware from a security point of view and able to converse in the correct terms and at the right level with their security personnel as well as business owners, stakeholders and the Security Team.
Key Responsibilities, include:
- Ensuring that the Information Assurance levels for the service are maintained at all times across the physical, technical, personnel and procedural aspects of the service delivery. Whilst the S.O.M. will have responsibility for this it does not necessarily mean that they will perform all of these functions. Other personnel may be responsible for delivering some aspects of these functions but the S.O.M. will have overall ownership.
- Maintaining awareness of any changes in the standards, compliance and governance that might affect the systems overall Information Assurance levels
- Maintaining awareness requirements for compliance with the Security Aspects Letter for the service
- Ensuring that any new or arising threats to the service are dealt with in a pragmatic and effective way to maintain the existing assurance levels in terms of confidentiality, integrity and availability
- Maintaining an awareness and having evidence of access controls employed in the service at the physical and logical layers
- Ensuring new personnel or 3rd parties are appropriately briefed on the security aspects of the service
- Ensure that periodic IT Health Checks (ITHC’s) are carried out and reports are maintained in a secure manner for audit purposes
- Ensure that periodic Vulnerability Scans are carried out and reports are maintained in a secure manner for audit purposes
- Be the primary point of contact with the customer for any P1 and P2 related security incidents
As Risk and Asset Owner, responsibilities include:
- Understand what information is being held , who has access to it and why, in order to properly understand the risks
- ensuring that assets are inventoried
- ensuring that assets are appropriately classified and protected
- define and periodically review access restrictions and classifications to important assets, taking into account applicable access control policies
- ensure proper handling when the asset is deleted or destroyed.
- As a minimum annually review the security plan and update accordingly
- Suggest improvements in measuring the effectiveness of controls
- Ensure that Anti-Virus and other malware preventative measures are maintained on the service
- Assess and advise on security implications for Change Requests. Advise of any changes that may have implications for Workplaces PSN Accreditation.
- Be responsible for SyOPS for service
- Liaise with Group Standards and the Compliance team and the portfolio team regarding general security improvement requirements
- Be responsible for maintaining the service RMADS (Risk Management Accreditation Document Set) and reviewing at least annually.
Essentially, you will hold:
- CISM Certification
- Hold CCP SIRA (Practitioner) Certification or be former CLAS
- Proven experience in security risk management
- Strong skills in Problem Management
- Excellent interpersonal and communication skills (particularly Customer relationship management, Team working, Report writing and Time management)