IT Security Manager
Role details
Job location
Tech stack
Job description
This is a remote role provided you have the means to attend Leeds, or Liverpool and possibly other sites when operational demands require and as the business expands its footprint., They currently have an exciting opportunity for an IT Security Manager. The main purpose of the role is to work in collaboration with the Global Security Manager to implement, maintain and continually enhance a robust cyber security maturity program to meet the organisation's strategic direction, legal, regulatory and compliance objectives, * The implementation of physical IT and logical security controls and governance practices aligned to corporate strategy and business objectives
- To manage and maintain compliance activities and maintain accreditations:
- PCI DSS
- ISO27001
- Cyber Essentials Plus
- IT Healthcheck
- To conduct regular internal audits and control reviews of compliance activities
- To manage and support Business Resilience and Continuity, overseeing evaluations of continuity plans
- To develop and maintain a security dashboard for management reporting
- To oversee monthly vulnerability scans and scheduled penetration testing activities along with subsequent remediation activities as appropriate
- To respond and assist managing and resolving information security incidents, completing post incident root cause analysis and remediation activities
- To work alongside other operational and functional leads to promote consistency and continuity of security practices
- To work in close cooperation with the Head of IT
- To engage all areas of the business to promote and enhance security awareness and required behaviours to reduce risks and exposures
Requirements
Do you have experience of carrying out information security risk assessments and maintaining security risk register? Do you have a strong technical background with familiarity with key IT security concepts? Are you looking to work for a world leading organisation in their field?, * Experience of carrying out information security risk assessments and maintaining security risk register
- Information security risk frameworks to influence security controls
- Knowledge and experience of key IT security concepts:
- Firewalls - ability to conduct firewall ruleset reviews
- Basic networking concepts - WAN / LAN / VLANs
- Familiarity of role-based access controls and access rights review process
- Familiarity with vulnerability monitoring tools
- Experience of Security Incident and Event Management (SIEM) tools
- Experience of PCI DSS compliance
- Knowledge of UK Data Protection act, data privacy concepts
- Knowledge of Cyber Essentials Plus
- Familiarity with business continuity concepts (resilience, redundancy, backup & restore)
- Implementing and/or maintenance of ISO27001 programs
- Business process development and mapping
- Technical testing methodologies and techniques
