The primary focus of the role is to support the company strategic vision and lead/guide a team of IT security professionals in the maintenance of the confidentiality, integrity, availability and accountability of company and client information and information systems, ensuring the smooth running of security mechanisms and processes in daily business activities. You will work with a variety of stakeholders at operational, tactical and strategic levels.
National Security Vetting (SC) is required. While primarily based in the Swindon Office, some UK and international travel may be required.
- line manage a team of IT security Officers, being responsible for resource planning, task management, dealing with day-to day management issues and ensuring that the team are highly motivated, trained and supported to do their job
- be aware of the business strategy, supporting its development and assessing the operation of business information systems and services against defined Information Assurance requirements. Highlighting areas for improvement and leading improvement activities
- evaluate and implement all-source intelligence information flows regarding new threats, risks and vulnerabilities, assessing the likelihood of impact on IT systems and recommending updates to security protection measures as appropriate
- lead protective monitoring, forensic vulnerability scanning and malware analysis, capturing information and developing/implementing toolsets to produce metrics, reports, dashboards and alerting
- lead on the identification, analysis and investigate system security incidents, conducting and leading on investigations as required and recommending appropriate security improvements. Factoring lessons learned into policies and processes, proactively pursuing, validating and reporting system security loopholes, infringements or other security issues of concern
- inform and implement the Company IT Security Management System, demonstrating effective governance and compliance and contributing to the development of security policies and plans to protect IT services and systems
- pro-actively promote a security aware culture that helps the company and its clients/customers become more security mature
- be the Company Communications Security Officer, ensuring compliance with applicable cryptographic requirements
- ensure regular reviews of information risks through assessments of physical, personnel, procedural and technical controls and advise on the effectiveness of those controls in line with the Information Security Management System and ISO 27001 or the appropriate framework or standard
- lead on assurance that systems are operated within defined technical security requirements throughout their entire lifecycle
- recommend business change and configurations to ensure that the appropriate and proportionate controls are in place and that all risks are understood and managed within the business risk appetite
- lead the IT Security element of the Cyber Response Team as part of Business Continuity Measures
- ensure compliance with the Companies commitments to stakeholders, partners, suppliers and clients
- define and maintain all necessary records and audit trails contributing to compliance
- undertake all appropriate and reasonable tasks as directed by senior management.