Cyber Security Manager
Central London (hybrid)
Up to £80,000 per annum
A leading, acquisitive, £500m turnover construction engineering business (with revenues expected to double in the coming years), is undergoing a significant period of digital transformation and growth.
They are seeking an experienced Cyber Security Manager to act as the principal point of contact for all security matters across a rapidly expanding enterprise.
Genuine opportunity to have significant input and influence into the shape and future of the business by leading vital security initiatives.
Key Responsibilities
Own and maintain all Security related policies and procedures, implementing “Security by Design”, driving a culture of IT and Cyber Security awareness and responsibility. Develop and maintain the Information Security Strategy. Conduct ongoing security threat, risk, capability &/or maturity assessments. Oversee an outsourced Security Operations Centre (SOC) and Managed Security Services Provider (MSSP), managing performance reviews, ensuring service levels and effective incident management. Ensure alignment with NIST, NCSC, ISO27001, GDPR, and Cyber Essentials Plus standards. Drive the completion of ISO27001 implementation and certification, working with external partners and internal stakeholders. Lead upcoming security initiatives including Qualys rollout and support completion of Sophos Endpoint Protection deployment. Develop business frameworks and templated responses for tender processes. Provide security oversight for new office locations and integration points, ensuring secure network ingress through firewalls and switches into third-party SOC systems. Develop, implement, and maintain comprehensive security policies and frameworks. Qualifications and Experience:
Proven track record in managing security operations, compliance and third-party security providers. Experience required from both a strategy/framework management level and security controls deployment oversight. Ability to oversee technical solutions and remediate issues when required, with an excellent understanding of underlying systems. Technical background is a must. Advanced knowledge of Industry Information Security Standards such as NIST, NCSC, ISO 27001, GDPR, and Cyber Essentials Plus. Management of 3rd party SOC/MSSP including service reviews, ensuring adherence to SLAs, and effective SOC governance. Experience delivering key security projects within tight deadlines. Professional Security Qualifications, for example CISSP, CISM, Security+ etc. Note: All potential candidates must be eligible for basic level Security Clearance
#J-18808-Ljbffr
Own and maintain all Security related policies and procedures, implementing “Security by Design”, driving a culture of IT and Cyber Security awareness and responsibility. Develop and maintain the Information Security Strategy. Conduct ongoing security threat, risk, capability &/or maturity assessments. Oversee an outsourced Security Operations Centre (SOC) and Managed Security Services Provider (MSSP), managing performance reviews, ensuring service levels and effective incident management. Ensure alignment with NIST, NCSC, ISO27001, GDPR, and Cyber Essentials Plus standards. Drive the completion of ISO27001 implementation and certification, working with external partners and internal stakeholders. Lead upcoming security initiatives including Qualys rollout and support completion of Sophos Endpoint Protection deployment. Develop business frameworks and templated responses for tender processes. Provide security oversight for new office locations and integration points, ensuring secure network ingress through firewalls and switches into third-party SOC systems. Develop, implement, and maintain comprehensive security policies and frameworks. Qualifications and Experience:
Proven track record in managing security operations, compliance and third-party security providers. Experience required from both a strategy/framework management level and security controls deployment oversight. Ability to oversee technical solutions and remediate issues when required, with an excellent understanding of underlying systems. Technical background is a must. Advanced knowledge of Industry Information Security Standards such as NIST, NCSC, ISO 27001, GDPR, and Cyber Essentials Plus. Management of 3rd party SOC/MSSP including service reviews, ensuring adherence to SLAs, and effective SOC governance. Experience delivering key security projects within tight deadlines. Professional Security Qualifications, for example CISSP, CISM, Security+ etc. Note: All potential candidates must be eligible for basic level Security Clearance
#J-18808-Ljbffr
