Position: IT Security Manager
Location: Birmingham, West Midlands (Hybrid)
Salary: £70,000 to £75,000 plus 10% Bonus, Pension, Healthcare
This is a fantastic opportunity for an experienced IT Security Manager with strong knowledge and experience of delivering IT Security services utilizing 3rd party suppliers to join a global organization based in Birmingham.
You will play a key role in the ownership and coordination of IT security related supplier management activities as part of the continued centralisation of group IT security services.
This will include leveraging IT security services to support activities concerning IT security assessment of
prospective acquisitions of companies to determine any gaps that require mitigation and communicate risks to the appropriate stakeholders.
We are looking for an IT Security professional that has significant experience in corporate IT security in large and diverse organisations with knowledge of managing suppliers providing IT Security related services.
The IT Security Manager will bring a wealth of IT Security knowledge to apply on a daily basis. You will be responsible for the correct operation of key services and act as the key point of contact for Group IT security matters.
You will be responsible for the following:
- Own and review operational documents concerning IT security, such as procedures and technical guidelines
- Provide input to improve IT security governance, policies and procedures from observations made on a day-to-day basis in collaboration with the Group divisions
- Respond to IT security incidents, suspicious activity or alerts reported by the Group divisions to support investigation, detection, containment or verification activities with the assistance of suppliers
- Own and coordinate supplier management activities, including but not limited to, contract reviews and service reviews as applicable
- Act as a liaison between suppliers and the Group divisions to facilitate execution of the IT security services
- Support IT security initiatives and efforts across the Group concerning the IT security services
- Advise Group divisions on execution of the IT security services
- Own and produce operational Group IT security KPIs on a periodic basis with support of the IT security services suppliers
- Act as a Group point of contact for ad-hoc enquiries, troubleshooting issues and general support concerning the IT security services
- Liaise with the Group IT security representatives to exchange knowledge and promote Group wide strategic and tactical initiatives
- Own and coordinate IT security service meetings held on a periodic basis with Group representatives
- Appraise IT security risks associated to the IT security services and provide input to the Group IT security risk register
Key Experience Required
- We are looking for a pragmatic, experienced IT Security Services Manager with at least three years’ experience in corporate IT Security Services within large, diverse organisations.
- You will have an understanding of industry standards and methodologies associated with information security, including ISSO27001/2, CIS Controls, PCI-DSS NIST and GDPR
- We would expect you to have a recognised Information Security certification e.g. CISSP, CISM, ISEB Certificate in Information Security Management to support your experience
- Extensive knowledge of penetration testing, vulnerability scanning, phishing testing, security training and awareness, with emphasis on outsourcing and supplier management.
- Ability to plan, direct and control the functions and operations of managed IT security services
- Ability to define service descriptions, contract clauses, KPIs, service level agreements and other aspects of supplier management
- Ability to challenge suppliers and ensure compliance of contractual agreements for IT security services
- We would also expect you to have general IT technical knowledge including but not limited to networks, operating systems, databases, application servers, web servers, cloud security (e.g. multi-tenancy, public/private implementations, SaaS, PaaS, IaaS), end-point security (e.g. hardening, anti-malware), web application security (e.g. OWASP), network security (e.g. IDS/IPS, SIEM, DDOS mitigation and WAF) and penetration testing. We do not expect this experience to be hands-on, but a good general knowledge is required.
Coburg Banks Limited is acting as an Employment Agency in relation to this vacancy.