Cyber Security Manager

at  Openwork

THE OPPORTUNITY

As Cyber Security Manager, you’ll take responsibility for leading a team of Cyber Security Engineers and Analysts who carry out security engineering and security operations activities within Openwork, as part of a wider Information Security team.
You and the team will be accountable for protecting the organisation’s information systems and infrastructure from cyber threats, ensuring the confidentiality, integrity, and availability of data.
The team supports the ongoing operation and improvement of Cyber and Information Security systems, implements security policies, standards, and procedures and coordinates with other departments to ensure the security of the organization’s information assets.
You’ll be passionate about leading a dynamic cyber security team, ensuring robust security measures, and fostering a culture of continuous improvement in the organisation’s security posture.
This is a hybrid role, with 2 days per week in our Swindon office.

KEY ACCOUNTABILITIES:

• Team Management – Demonstrate effective team management to identify and drive capability maturity levels. Carry out performance management duties for direct reports and encourage, mentor and support team member development.
• Security Incident Response – Accountable for the security incident response function. Oversee the response to security incidents and breaches, ensuring timely resolution and mitigation. Act swiftly, with confidence and due diligence to high profile security incidents.
• Security Engineering – Accountable for the security engineering function and experienced with managing security toolsets to provide security protection and analytics.
• Security Controls – Responsible for implementing operational controls that will govern the security of company information assets and any threat to or unauthorised access to assets including customer and employee information.
• Communication - Responsible for ensuring engagement of key stakeholders and keeping them engaged and up to date with security incidents and risk mitigation activities.
• Supplier Management – Manage key supplier relationships, such as our managed Security Operations Centre (SOC) service. Identify opportunities for improvement and foster a good working relationship.
• Vulnerability Management - Deliver the Vulnerability Management Programme to proactively identify and mitigate risk.
• Threat Intelligence - Deliver appropriate and focussed Cyber Threat Intelligence (CTI) products and deliver an intelligence led Threat Hunting capability.
• Security Testing – Facilitate a programme of security testing, risk assessments and audits covering critical systems and services to identify, track and remediate vulnerabilities and risks.
• Risk Management – Take a lead role in the identification, prioritisation and treatment of risks and issues related to technology and information security. Provide support in proactive and effective oversight (and where appropriate challenge) of the technology and security risk management frameworks, methodologies, processes, assurance, remediation and reporting activities.
• Reporting - Establish, monitor, evaluate and report in a professional manner; clearly highlighting the current state of Security Operations and any associated risks.
• Threats – Keep abreast of emerging threat types, active threats, and ways to protect Openwork systems against these.
• Security Policies and Standards - Support the development and implementation of security policies, standards, and processes to protect the organization’s information systems and data.
• Business Change – Attend Change Assessment, Change Assessment Board, and the Technical Design Authority to assess risk, provide approval where necessary and to seek awareness of business change that could affect information security

QUALIFICATIONS:

• BA/BS degree, practitioner-level qualifications, or equivalent experience in the field of Information / Cyber Security.
• Professional certifications such as CISSP, CISM, Microsoft or vendor-specific security qualifications or equivalent are desirable.

EXPERIENCE:

• Established management experience across a variety of cyber security disciplines
• Excellent communication and leadership skills.
• Strong knowledge of information security principles and practices.
• Proven track record of deploying, managing and utilising security tools.
• Proven track record of managing security incidents.
• Experience managing 3rd Party vendor relationships.
• Lead and participate in audits, assurance reviews and risk assessments across complex environments.
• Experience working in financial services or with financial services clients that were subject to regulatory requirements such as FCA and GDPR would be advantageous.

KNOWLEDGE:

• Knowledge of cybersecurity frameworks and standards (e.g., NIST, CIS, ISO27001, OWASP, Cyber Essentials).
• Familiarity with security technologies and tooling (e.g., Microsoft Defender 365, vulnerability management, threat intelligence and web proxy tooling).
• Knowledge of security incident response processes and best practice.
• Understanding of risk management principles and methodologies.
• Strong leadership and team management skills.
• Excellent communication and interpersonal skills.
• Ability to think strategically and make informed decisions.
• Highly organised to manage your own and the teams’ workload.
• Be a Security advocate and work with other technology teams to embed security in day-to-day operations, designs, and implementations.
• Sufficient confidence and gravitas to speak up when risk are identified or to provide challenge and direction during the management of security incidents and in other high-pressured scenarios.

Please refer the Job description for details