IT Security Manager
6-month contract Remote / Edinburgh
One of my clients in the public sector are working on transforming the way the organisation facilitates Cloud hosting across the wider public sector, with a long-term vision to design a continually improving and reliable shared service.
The post-holder will be involved specifically in the design and development of Cloud Platform service, to provide a specific security perspective. The post-holder will collaborate with technical architects, developers, testers, and business areas, working closely with delivery partners and internal administrative teams.
The post-holder will play a key role in managing the Programme's security assurance roadmap and relationship with security teams across public sector organisations and suppliers involved in developing, testing, auditing, and supporting the service.
The post-holder will collaborate with technical architects, developers, testers, and business areas, working closely with delivery partners and internal administrative teams.
Specifically, the role holder will:
- Deploy, manage, and maintain the security tooling for use within the Cloud Programme and ensure it is utilising an Industry best practice, that procedural controls are effective, and documentation is appropriate and complete.
- Review IT Security Policy, Standards and Guidelines in line with best practise, providing recommendations for improvement to the Lead Technical Architect and Digital Information Security Officer and support agreed actions regarding the Cloud Platform and Cloud Migration services
- Plan and manage an ongoing schedule of security control testing
- Engage with the relevant teams to gather evidence of the controls that are currently in place and report on the effectiveness of each control
- Ensures the maintenance of security risks on the project risk register
- Deliver assessments of information security risks to confidentiality, integrity, availability, accountability and relevant compliance in line with business impact, risk appetite and overarching policies.
- Contribute to development of Security Operating Procedures (SyOPs) and Security Operations Centre (SOC)
- Support the assessment of the Cloud Platform and Cloud Migration services against the required security standards, including but not limited to Cyber Resilience Framework, NIS Regulations, ISO27001, CSA STAR, to effectively document and measure the effectiveness of security controls.
- Report the findings of the security control assessments to the Lead Technical Architect and Digital Information Security Officer detailing recommended improvements and support agreed actions
- Work with external suppliers to assure the level of their security practises fall in-line with requirements
- Support the development and remediation activity planning of security testing
- Initiate investigations into IT security incidents in accordance with cyber incident response plans
- Assess the current security awareness training and engagement, providing recommendations to improve effectiveness and roll out an ongoing security awareness solution
- Provide direction and advice in technical projects to implement or enhance security enforcing functions or capabilities within divisional services
- Manage relationships with key stakeholder groups such as users, project managers, IT service providers, Information Asset Owners, technical architects and procurement staff to gain compliance with policy
Essential Skills, Competences, Relevant Qualifications, and previous Experience required
- High level knowledge and understanding of the internal and external cyber security risks to Cloud hosted IT systems, services, and data storage.
- Significant and demonstrable experience of cyber security tools and techniques such as protective and transaction security monitoring, vulnerability scanning, security testing, privilege access management, cryptography, etc. This experience MUST be with AWS native tools (e.g., AWS Config, AWS Guard Duty, AWS KMS, etc) and ideally Azure equivalents when that platform is operational. AWS professional certification in a security space is required, and ideally Azure equivalent for certification also held.
- Knowledge and understanding Industry security standards, e.g. HMG Security Policy Framework, Cyber Resilience Framework, ISO27001, CSA STAR and NIS Directive.
- Awareness of data protection legislation (e.g., UK Data Protection Act and UK GDPR) regarding security requirements
- Experience of engaging with, and managing, a wide range of internal and external stakeholders, including senior officials, customers, and suppliers.
We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation, gender reassignment, marriage and civil partnerships, pregnancy or maternity or age
your application has been submitted