Technical Security Manager
Actively Interviewing
This organisation is scheduling interviews as applications come in. They're ready to hire as soon as they find the right person. Don't miss your opportunity, apply now!
Job Title: Technical Security Manager
Reporting to: Director of IT and Security
Contract: Six-month fixed term contract
Hours: Full-time
Salary: £60 - £65k FTE depending on experience
Base: Hybrid, home and minimum two days per week in London office
Job purpose: To operate our information security management system and maintain Mental Health Innovations’ ISO 27001 certification
Closing Date: 8th November 2024, 5pm
Key Responsibilities
- Building and maintaining excellent relationships with team leads across the organisation to raise awareness of security and work through issues
- Deputising for the Director in security matters as required
- Operation of the ISMS and Data Protection processes
- Managing risk register, preparing for management review meetings
- Developing/maintaining controls and ensuring they are implemented across the organisation
- Refining our security KPIs and maintaining them
- Proposing actions from KPIs, events and incidents and coordinating resultant work
- Working with the Director to track threats and vulnerabilities, evaluate risk levels and progress treatment plans
- Ensuring secure endpoint and cloud posture
- Working with the team to plan consultancy days; e.g. work items requiring deep knowledge of a specific security domain or a technical specialist
- Monitoring our processes and suggesting improvements Proposing and progressing other continuous improvement work
- Feeding into training and awareness programmes and improving security culture
- Preparing for audits and carrying out remediation work
- Working with the Director to create, maintain and manage policies and ensure compliance
- Planning and participating in incident response exercises
- Managing major incidents and conducting post mortems/reviews
Person Specification
Essential
- Experience of risk management
- Working knowledge of security standards and frameworks, particularly ISO 27001
- Knowledge (and preferably experience) of GDPR and DPA 2018
- Experience of incident management
- Excellent knowledge of high level security concepts and best practice
- Excellent documentation skills, including policies and standards
- Knowledge of the following areas (deeper experience of one or more preferred):
- Endpoint security
- Network security
- Cloud security
- Application security
- Identity and access management
- Secure distributed working practices
- Excellent written and verbal communicator
- Ability and desire to learn new tools, skills and consider other perspectives
- Growth mindset. Comfortable performing a wide range of activities, including stretching to new skill/experience areas
- Ability to manage own time, confirm priorities and expectations
- Independent worker who knows when to ask questions
- Comfortable working with the wider team and organisation
- Comfortable dealing with ambiguous situations and objectives
Desirable
- Professional qualifications, such CompTIA+, CISSP, CCSP, ISO 27001 Auditor
Exposure to ITIL (ITIL Foundation or higher preferred) - Experience in one or more of the following:
- Cloud (AWS preferred)
- Salesforce
- SSO & federated identities
- Network security, SASE & VPNs
- Endpoint security
- Infrastructure security and best practices
- Working knowledge of encryption technologies
- Password management and access control
- Security training and awareness
- Secure distributed working practices
- Securing domains
- Detection and response, with excellent troubleshooting skills
- Working knowledge of one or more of these tools/products:
- Salesforce
- JIRA & Confluence
- Mac/iOS & ChromeOS
- Windows/Office365
- Google Workspace
- Creative thinker, but understands the importance of seeing a piece of work through to the end and on time
- Decisive, proactive, knows when to check the boundaries
We will be interviewing on a rolling basis and reserve the right to close the job advert early if we receive a high number of applicants.
The client requests no contact from agencies or media sales.