Information Security Officer - Maternity Cover 12 months FTC

at  Manchester United

Technical Skills & Accreditations

• CISSP accreditation is mandatory.
• Familiarity with frameworks such as ISO 27001 or NIST

THE PURPOSE:

We are seeking a Senior IT Cyber Security Specialist to develop and maintain our comprehensive IT Cyber Security strategy, ensuring a holistic and long-term approach to safeguarding all solutions. Your work will be benchmarked against NIST and relevant cloud frameworks, driving the development and deployment of consistent and integrated cyber security system designs.

The Role:

• Minimise breaches to our networks (external and internal) and business systems.
• Stay abreast of the latest threats and intelligence, providing guidance and updates to the team.
• Collaborate closely with IT colleagues to ensure robust processes that incorporate cyber security risk assessments for new business initiatives, systems, upgrades, or changes.
• Select and manage third-party suppliers for cyber security advice, projects, and support, ensuring they deliver the highest standards of service.

Key Responsibilities

• Evaluate all cyber risks and engineer effective mitigations/solutions.
• Assess new supplier technology responses as part of the MU IT due diligence assessment process.
• Cultivate a “best practice” cyber security culture across all business areas.
• Manage Microsoft patching requirements and schedules, including third-party software (Adobe, Google, Mozilla).
• Oversee the monitoring of all cyber security platforms (cloud, third party, on-prem).
• Organise penetration testing across our platforms and internal network testing.
• Audit external third-party IT suppliers.
• Lead the development and implementation of a new identity management system for MU staff.
• Educate departments on cyber security matters.
• Promote and provide ongoing user IT security awareness and training.
• Ensure change management procedures incorporate cyber security considerations.
• Contribute to internal Data Protection (DP) meetings.
• Produce monthly cyber status reports.
• Lead incident response exercises and maintain relevant documentation.
• Gather intelligence, perform threat analysis, and manage security threats and mitigation measures.
• Develop a robust process for regularly updating IT Cyber status and project roadmaps.
• Ensure key cyber security projects are delivered on time and within budget.
• Update the organisation’s IT security and user policies.
• Develop relationships with key cyber technology suppliers for strategic advice, intelligence, and risk assessment.
• Regularly audit and assess the performance of cyber security suppliers, making recommendations on their continued involvement.

The Person:

• Ability to influence business leaders on risk awareness and solutions, building strong investment cases.
• Expertise in leading major incident responses, earning the trust and confidence of business leaders.
• In-depth knowledge of cyber security in cloud systems, on-premises systems, and third-party providers.
• Comfort with scrutiny from independent auditors and reporting to Riskco/Audit Committees.
• A strong commitment to the cyber security field.
• Proven ability to lead cyber security, delivering improvements within a large ideally 1,000+ employee, consumer driven organisation, with public brand, effectively removing risks.

Competencies

• Ability to integrate with business leaders, avoiding technical jargon and articulating cyber security concepts in layman’s terms.
• Striving to exceed business expectations.
• Comfort in challenging requirements where necessary.
• Effective time and activity planning, with a strong ability to prioritise work.
• Commitment to risk reduction, balanced with a pragmatic approach to change management and communication.
• Strong communication skills, teamwork, self-motivation, enthusiasm, and ability to perform under pressure.
• Pragmatic approach to problem-solving.
• Ability to work with minimal supervision.
• Composure and control in high-pressure situations.
• Discretion and openness.
• Strong team player.
• Confidence in their expertise and decisions.

Technical Skills & Accreditations

• CISSP accreditation is mandatory.
• Familiarity with frameworks such as ISO 27001 or NIST.

Sound interesting? If you’d like to submit your application, please do so by Wednesday 24th July 2024
Manchester United endeavour to respond to all job applications, however, please consider that we receive a high volume of applications, and this may not always possible.