This role is ideal for an experienced security professional with a wide experience of many technical domains and with a deep experience in key areas such as software development and architecture, cloud and enterprise architecture and IT infrastructure and networking. The role is also ideally suited to a ‘people person’ who is an approachable individual who is passionate about technology, passionate about Information Security but who is also pragmatic in their approach and prides themselves on being an agent of change and getting the job done!
The ideal person will be comfortable leading from the front with the support of the CISO to drive best practices and continuous improvement and will make decisions based on data trends, metrics and KPIs.
We pride ourselves on our ability to engage the business and educate them; as such the candidate must have a high level of technical ability and share our passion for information security and be able to work with all departments across all levels, from R&D and IT & Cloud Infrastructure through to Operations, Delivery and Field Engineering.
We pride ourselves in being a customer focused security team and as such the candidate must have a high degree of customer facing skills and prowess to help ensure we fully support our customers with their security requirements.
Your Key Responsibilities will be
- Be an ambassador for security best practices by diligently applying these to how you work and how you demonstrate these to the wider business
- Use measures and KPIs to track your activities and initiatives, providing the CISO with regular reports
- Oversee all software development initiatives ensuing security best practices are baked into all aspects of the software development lifecycle. This will include working with architects to design secure solutions, working with developers to ensure code meets our security standards and coaching as required, working with other areas of product and development to ensure security is a first-class citizen in all of our products
- Oversee all infrastructure development and cloud initiatives ensuring defined security best practices and principles are designed and implemented appropriately with technical teams
- Using metrics and appropriate KPIs to ensure vulnerabilities in software, networks and infrastructure are remediated based on priority SLAs and never reintroduced, using these as coaching opportunities where required
- Be the technical owner with key security suppliers, such as our external SOC and external penetration testers
- Take ownership of security incident management responding to all incidents and SOC alarms, taking appropriate action to contain and resolve the incident, analysing and documenting RCA and implementing preventative measures
- Take ownership of external vulnerability scanning and penetration testing, planning all penetration testing within the approved budget with external penetration testers, ensuring penetration tests happen smoothly and all required teams have had sufficient notice to prepare environments and collating results into actionable and measurable reports for you to then drive remedial action via the appropriate team or department
- Conduct your own technical security audits and assessments and “mini penetration tests” as required
- Oversee the security arrangements with our partners and key suppliers, ensuring they are meeting our required security standards
Key Skills
- Experience working within the controls of an ISMS certified to ISO27001 and attending and contributing to internal and external audits
- Interpersonal skills, communication skills, approachability, resilience and pragmatism are an absolute must for this role. You need to win hearts and minds to be an effective agent of change
- Leadership skills as a subject matter expert in Cyber Security
- Successful track record of effective coordination, prioritization, collaboration, organisation and project delivery.
- Knowledge of relevant IT Security related hardware, software and vendor solutions.
- An overall understanding of source code programming languages, such as C#, C++, .NET, Java, Perl, PHP, Delphi, ColdFusion etc. that our teams use.
- Experience of secure software development best practices and the ability to use your experience to coach others in secure development
- Practical experience surrounding the security architecture of IT networks, firewalling best practices and applying and designing the correct security controls in a Windows domain and the ability to coach others in network and IT teams on best practices
- Practical experience surrounding the security architecture aspects of public and private facing hosted software in virtualised co-lo data centre environments and cloud networks in Azure
- Deep thinking analytical mind with the ability to quickly get to the root cause of issues.
- You will need to be organised, efficient and able to work unsupervised under your own initiative.
- Ability to lead security incidents, take command and remain under control even when under pressure
- Technical knowledge of conducting network security audits and penetration testing with a good knowledge of ethical hacking
- You will be motivated by getting things done, and getting them done in the right way, first time; you are laser focussed on achieving the best outcome.
- Using your communication skills, you will keep key stakeholders aware of progress against plans and help mitigate risks. You will understand that the identification of risks and issues is not enough – when escalating you will provide recommendations and solutions.
We are Disability Confident and neurodiverse aware. If you have a disability, please tell us if there are any reasonable adjustments we can make to assist you in your application or with your recruitment process