WHO ARE WE:

In 2019, our founders were working as engineers solving complex cross domain problems within government organisations
TwinStream was formed to consolidate their collective expertise and experience into one business, providing technical excellence and exceptional service to their clients. We have teams working both on-site with clients and remotely from home.

DESIRED SKILLS:

• Ability to work effectively in a flexible, fast-paced environment.
• Must have a focus on accuracy and precision, with no tolerance for overlooking security-related details.
• Proactively challenge business approaches to ensure security-centric decisions are made.
• Demonstrated experience in managing security incidents and leading incident response teams.
• Ability to present and be the focal point for security matters across the business.
• Experience in supporting the security controller role in various security frameworks.
• Understanding of insider threat operational and governance requirements and experience in applying them.

Qualifications:

• CISSP (preferred but HIGHLY desirable), CISM, or CRISC.
• ISO 27001 Lead Implementor.
• Security Controller (DISA).
• Technical Security Proficiency (CompTIA or similar).
• Risk Management Proficiency (NIST or similar).

ABOUT THE ROLE:

The Security Manager will be responsible for maintaining and enhancing our ISO 27001 Certification and will be the focal point for all security requirements within the organisation. Working closely with internal and external stakeholders, this role will ensure that TSL’s security posture aligns with best practices, compliance standards and contractual obligations. The successful candidate will also be responsible for driving security governance, advising on security requirements, and ensuring the smooth running of security-related projects.

KEY RESPONSIBILITIES:

• Ensure TSL’s continued compliance with ISO 27001, Cyber Essentials, Cyber Essentials + and DCPP CSM, working closely with relevant teams to implement and maintain security controls.
• Lead the implementation and maintenance of information security policies and procedures to address security risks and compliance requirements.
• Provide security-related subject matter expertise to help identify, assess, and mitigate information security risks, with an understanding of ISO 27005 and NIST Cyber Security Framework (CSF).
• Coordinate with internal and external audit representatives to ensure security governance is being followed.
• Collaborate closely with internal teams, including the Senior Leadership, Finance and People Teams and IT to ensure the successful adoption and execution of information security policies and standards.
• Lead and facilitate security policy training and awareness programs to drive a strong security culture.
• Lead incident response and management efforts, providing expertise in handling security incidents efficiently.
• Align ISO 27001 standards with Government frameworks, such as the Defence Cyber Protection Partnership’s Cyber Security Models (v3 and v4), ensuring full compliance.
• Respond to DCPP evidence requirements, oversee CIP remediation activities, and build policies and procedures as necessary, ensuring continued compliance through time.
• Engage with project Security Assurance Coordinators and support the development of contractual and projects-specific documentation, with an understanding of Secure by Design (SbD) Assurance activities.
• Oversee the implementation of protective security controls at the TwinStream premises in North Bristol and take an ongoing lead in setting and maintaining security policies and processes there.
• Serve as the key advisor to internal and external stakeholders with regards to assurance with Government Protective and Personnel Security standards and guidelines.