Cyber Security Technical Assurance Manager

at  UK Power Networks

Reference Number - 78651
This Cyber Security Technical Assurance Manager will report to the Head of Cyber Security and Technology Risk and will work within the Information Systems directorate based in either our Crawley, London or Ipswich offices. You will be a permanent employee.
You will attract a salary of £80,000.00 and a bonus of 10%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote
Close Date: 19/04/2024
We also provide the following additional benefits
Annual Leave
Personal Pension Plan – Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)
Tenancy Loan Deposit scheme
Tax efficient benefits: cycle to work scheme
Season ticket loan
Occupational Health support
Switched On – scheme providing discount on hundreds of retailers products.
Discounted access to sports and social clubs
Employee Assistance Programme.

QUALIFICATIONS:

Minimum 5 years+ experience leading a Cyber Security Assurance function or similar such as Cyber Security Integration function, Cyber Security Engineering function with some experience of assurance testing techniques and methodologies.
Bachelor’s Degree in Cybersecurity, Computer Science, Information Systems, related field or equivalent training and/or experience.
Professional Information Security certification by a recognised professional body such as Certified in Information Security Management (CISM), Certified Information Systems Security Professional (CISSP), certified Ethical Hacker (CEH), Global Information Assurance Certification (GIAC), or CompTIA Advanced Security Practitioner (CASP+).
Track record leading a security team or function where you have had to collaborate across partners with differing levels of technical security competency.
Advanced knowledge and an understanding of operational excellence in Cloud Security Posture Management and Vulnerability Management programs.
Understanding risk, resource availability and business objectives at a group level is necessary. Putting our customers interests at the heart of everything we do must always come first.
An understanding of compliance and regulatory frameworks such as National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and ISA/IEC 62443, ISO/IEC 27001/27002, GDPR.
Working knowledge of security technologies including SIEM, SOAR, EDR, AV, IDS/IPS, NAC, AD, DLP, Web Filtering, Email Filtering, Behavioural Analytics.
Knowledge of adversarial tactics, techniques, procedures (TTPs) and industry standard frameworks (Mitre ATT&CK).
Experience working within a regulated environment, preferably Energy sector Critical National Infrastructure (CNI)
Health & Safety Responsibilities
Managers and supervisors carry both legal and company responsibilities for ensuring the health and safety of their employees, those under their control and those who might be affected by the work undertaken, i.e. public, visitors and employees of other organisations. This includes briefing individuals working for them and ensuring there is the necessary understanding, competence and application of requirements to work safely and without harming the environment.
Employees will ensure they understand the health and safety risks involved in their work activities and their responsibility to apply the controls needed to manage those risks to acceptable levels. Similarly where work activities can have an adverse impact upon the environment, and where there are legal requirements, employees will understand those impacts and the controls they must ensure are applied.
If in doubt ask!
We are committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace

JOB PURPOSE:

You will support the Head of Cyber Security and Technology Risk in ensuring that UK Power Networks (UKPN) network systems and customer data are adequately protected from cyber threats.
You will help maintain a strong cyber security posture across the UK Power Networks (UKPN) IT estate, by ensuring that cyber security weaknesses and vulnerabilities are identified and guiding actions to mitigate the risks and avoid disruption to the IT services that are crucial to delivering UKPN services to customers.

PRINCIPAL ACCOUNTABILITIES:

Define and deliver the cyber security technical assurance strategy, setting out clear policies and technical standards, modelling best practices and measuring success against defined measurement metrics (KPIs).
Manage the cyber security technical assurance team, to ensure the quality and timeliness of services and deliverables to meet our requirements, reviewing performance, driving improvements, optimisation and automation of the cyber security assurance capabilities across a variety of technologies and platforms.
Ensure the IT estate is compliant with UKPN policies and technical standards to protect company assets having management responsibility for driving the necessary remediation actions and countermeasures to mitigate identified weaknesses and vulnerabilities.
Establish and improve a regular red and purple team penetration testing program aligned to main threat information and industry cyber security intelligence.
Establish a Vulnerability Management process to ensure that all known security vulnerabilities and weaknesses are identified, contextually assessed, prioritised and tracked to remediation against UKPN policy.
Ensure that an IT Disaster Recovery and Business Continuity strategy and plans are established with appropriate testing performed to demonstrate it works.
Collaborate with the wider IT, application and Team members to devise assurance objectives and to ensure appropriate mitigation actions are considered and delivered.
Help develop and implement UK Power Networks’ Cyber Security Strategy ensuring understanding to the company vision, values and strategic objectives.
Deputise for the Head of Cyber Security and Technology Risk for certain pre-agreed tasks and activities.