IT Security Manager

  • Job Reference: 768604
  • Date Posted: 14 September 2022
  • Recruiter: CliniSys
  • Location: Chertsey, Surrey
  • Remote Working: Some remote working possible
  • Salary: On Application
  • Sector: IT & Technical
  • Job Type: Permanent
  • Work Hours: Full Time
  • Contact: Stephen Mann
  • Email: stephen.mann@evolutionjobs.co.uk

Job Description

Job Summary:

  • To lead the design, implementation, testing and administration of security tools and system that provide both administrative and technical controls in support of security policies and procedures.
  • To help develop and deliver the cyber security strategy and framework for the business, ensuring best practises for all aspects of information security, risk and governance.
  • To work closely with leadership and staff to support the maintenance and evolution of a secure corporate environment and make recommendations for new security-related procedures and/or revisions.

 

Primary Responsibilities:

  • Work with and follow the guidance of the Infrastructure Manager and CIO
  • To help develop and deliver the cyber security strategy and frameworks for the business, ensuring best practises for all aspects of information security and governance
  • Actively contribute to the overall risk management framework, ensuring consistency in the advice we provide to the business
  • Provide oversight and guidance during security incidents and investigations, ensure root cause analysis is undertaken and input suggested approaches to deal with lessons learned
  • Have responsibility for scoping penetration testing activities to identify security weaknesses within the company’s technology environments.
  • Performing vulnerability and security scans, identifying, and defending against threats, and developing disaster recovery plans
  • Participate and/or lead internal and external security compliance engagement activities in company-wide security audits (internal and external)
  • Work with management and the change control board to verify all security related production modifications are properly approved
  • To lead the design, implementation, testing and administration of security tools and system
  • Determines security violations and inefficiencies by conducting periodic audits
  • Ensure compliance with all ICT security and regulatory requirements including but not limited to ISO27001, GDPR, Cyber Essentials Plus, NHS Digital
  • Develop, maintain and update documentation and processes relating to the management of Information Security within the organisation.
  • Evaluate, implement, manage and maintain all cyber security systems and protective measures against malware and misuse of systems or services
  • Performing vulnerability and security scans, identifying, and defending against threats, and developing disaster recovery plans
  • Comply with the CliniSys codes of conduct and guidelines
  • Promote and support correct GDPR best practice within the workplace
  • To be responsive to reasonable requests from your line manager
  • To behave as a role model: for delivering results; for enthusiasm and enjoyment of your work; for teamwork; for coaching and mentoring of colleagues and team members and for professional standards of behaviour

     

    Team Leadership Responsibilities:

  • To be responsible for the team’s environment, including line management of all team members and organising all activity.
  • To be responsible for team activity ensuring the management of all incidents to appropriate resolution or escalation as required within defined service level agreements.
  • To develop and manage or input into the internal systems which facilitate and aid the function of the team.
  • To focus on the development of all team members advancing cyber security skills and developing diagnosis, analytical, problem solving and technical skills, ensuring risks understood and appropriately manager through ongoing mentoring / coaching and personal development plans.
  • To organise, attend and run team meetings in line with the CliniSys communications policy,
  • Continually review all team members’ skills, working practises and procedures to ensure ongoing service improvement and high levels of focus on customer services.
  • Using key performance indicators or objectives appropriate to the team, manage performance through coaching, education and adherence to standard processes.

 

Knowledge, Skills, Abilities:

  • A committed and highly motivated individual who is assertive and has sound judgement
  • Ability to make sound decisions and analyse problems based off the information captured through risk assessments of the infrastructure and business
  • Excellent analytical skills, with an ability to translate business needs into practical security posture
  • Ability to present security topics to a non-technical audience and presenting the business value of security
  • Solid knowledge of different security frameworks as applied to current network, server infrastructure and storage technologies
  • Adaptable / flexible to changing demands with an ability to implement and manage change.
  • High degree of attention to detail as it pertains to security policies and security alerts.
  • Excellent decision making / problem solving skills
  • High levels of commitment and ability to act when necessary
  • Excellent interpersonal skills with the ability to build and influence teams; and self-motivated
  • Proficiency with a wide range of security products

     

     

     

    Education and Experience:

  • 5 years of experience in information security industry
  • CISSP, CISM, CISA or other security related certifications
  • Experience with security information and event management platforms and other security tools
  • Experience with vulnerability scanning solutions and secure configuration
  • In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform
  • Familiarity with ISO 27001, GDPR and other security frameworks