Security Operations Manager in City of London, London

Security Operations Manager
6 Month Contract
£635 p/d (Inside IR35)
Hybrid - 2-3 times per month on site in Central London

The Security Operations Manager is primarily responsible for ensuring the security controls (people, process, technology) are in place and operating as designed. The primary aim is the design, development, test and evaluation of information security throughout its lifecycle. This is to ensure the business purpose of the system is enabled in a safe and secure manner based on the alignment of identified risks to the acceptable risk posture of the business.

***The ideal candidate must have at least one of the following certifications- CISSP, CCSP, CISM, CISA***

Responsibilities in this role-

• Develops and maintains Information Security Management practice and process to ensure certification to required industry standards (e.g., ISO 27001) within relevant geographic boundaries.
• Develops, proposes and seeks sponsorship for changes to policies, procedures and controls to ensure the integrity of our IT service and effective management and control of HO information assets. Facilitates the implementation of these controls.
• Provides cyber security support and guidance across the service, informing key stakeholders of the impact of changes in industry practice and regulation on the use of technology/data in the delivery of our services.
• Performs focused information risk assessments of existing or new services and technologies, alongside the Operational/Service Management team and technology subject matter experts.
• As required, will extend the assessment of existing and proposed services to third party suppliers, including the facilitation of IT Security checks during the supplier onboarding process.
• Coordinate audit, ITHC and risk assurance activities to evidence compliance with established regulatory and governance requirements
• In collaboration with Learning and Development, advises on the content of HO mandatory training for IT Security, Information Risk Management and related subject matter (as it becomes relevant to our business) involved in the delivery and support of the service
• Maintains strong working relationships with individuals and groups involved in managing information risk across the HO and 3rd parties
• Chairs and co-ordinates the Security Working Group and actively participates in supporting/governing forums
• Responds to information security requirements to support client queries
• Contribute to the analysis of data protection risks
• Monitors information security incidents, contributing to incident response and root cause analysis. Will own resulting actions as required where they relate to required changes in IT Security and Information Risk Management policy and controls (within HO or 3rd party systems and services)

Skills, knowledge and experience required

• In-depth knowledge of modern security concepts, such as common attack vectors, malware, security analytics and threat intelligence and a sound understanding of underlying technologies (including networking, server hardening, virtualisation, AD)
• A good understanding of security testing and vulnerability management is important (including pen testing/ITHC, CVSS/CVE)
• Knowledge of products and understanding of their capabilities including EndPoint Management, Vulnerability Management, SIEM
• Understanding of major regulatory and industry standards/guidelines such as NIST and MITRE ATT&ACK frameworks
• Stakeholder Management: ability to create and maintain strong relationships with stakeholders in order to drive outcomes and create alignment around a vision or course of action
• Communication for technical Leadership: Ability to communicate technical ideas and strategies effectively to non-technical audiences, including senior leadership team

Specific or specialist qualifications and experience required

• Strong work experience in roles with responsibility for the delivery and management of Information Security, preferably as an information security or risk analyst.
• Some experience in a role with accountability for regulatory compliance and information security management frameworks (e.g., International Organisation for Standardization [IS0] 27000, National Institute of Standards and Technology [NIST] 800).
• Demonstrable experience in facilitating IT Control audit activities.