Information Security Manager
Advanced | Operations (Managed Services) | Slough, England
Main Purpose of the Job
The Information Security Manager will support OneAdvanced and its clients, acting as a consultant and SME to provide end-to-end security support and assist in delivering Advanced’s Managed Security Services. You will be advising Professional Services teams, including Security Architects, Technical Designers and Service Delivery mangers to ensure that IT solutions are managed securely. Working collaboratively with a range of people to support the Information Security and wider Business Strategies.
Main Duties and Responsibilities
- Consult on the security of customer solutions.
- Ensure contractual security related obligations and requirements are met for clients.
- Assist the delivery of Advanced’s Managed Security Services to clients and provide the client point of contact for security issues or advice.
- Provide reporting to clients for Advanced’s Managed Security Services and act as the liaison between clients and internal teams for any security related issues.
- Provide security input and oversight to projects for new or existing clients and internally for Advanced.
- Consult on the most appropriate security controls for clients.
- Perform security risk assessments and reviews of systems, designs and/or implementations as required.
- Manage vulnerability and penetration testing and any required remediation work for Advanced or its clients’ environments.
- Maintain awareness of current and emerging cyber security threats and vulnerabilities that could affect Advanced or its clients.
- Manage security risks associated with Advanced, its systems or its clients.
- Maintenance and development of policy, procedures, standards and services.
- Conduct audits to ensure compliance.
- Assist in the delivery of security awareness training to Advanced staff.
- Scope and manage Penetration Testing including the production of a plan to remediate vulnerabilities identified during any tests in a timely manner.
- Ability to work without supervision and to delivery to clients.
- Work with a range of people in a collaborative environment.
- Proven ability to work creatively and analytically in a problem-solving environment.
- Self-motivated – personal drive and enthusiasm to continually improve and provide the best in all situations and able to readily embrace change.
- Capability and willingness to accept and adapt to a dynamic and changing environment.
- Confidence to accomplish job requirements and positively welcomes feedback for continuous improvement.
Knowledge and Experience
- Demonstrates knowledge of good security practice ensuring that all aspects of Confidentiality, Integrity and Availability are adhered to.
- An Information Security certification (CISM, CISSP or similar).
- Proactively takes responsibility, owns any issues arising, follows through to resolve them, recognising how individual responsibility impacts team delivery.
- Ability to think methodically and logically and have well-honed communication skills.
- A good all-round knowledge of IT systems, platforms and networking technologies.
- Working in a fast-paced operational environment requiring a degree of change tolerance.
- Experience in implementing and managing ISO 27001:2013 or similar frameworks.
- Knowledge of methods and techniques for risk management.
- Desire to work in an information and compliance team.
- Good knowledge of auditing in relation to technology platforms, customer service delivery, service desk, procurement, asset management, project delivery, data centres etc.
- Good knowledge of security and auditing in relation to technology platforms such as Microsoft Active Directory, UNIX/Linux, Network Security (Cisco), Databases (SQL/Oracle).
- Good knowledge of networking products (IDS/IPS, Firewalls, Routers).
- Having exposure to a broad range of organisational functions and gained some experience in an end-to-end business environment, particularly a Managed Security Services environment.
- Experience of operating within the ITIL framework for service delivery.