Back to Job Search

IT CyberSec Manager

Job Description

The IT Cyber Security Manager will need to lead and provide expert advice on the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability, and relevant compliance of information systems.

You should provide effective management that will contribute to the continuous improvement of the business, actively contributing to company-wide and departmental initiatives to meet corporate objectives and user needs.

You will lead, promote, and assist in the implementation, where practicable, of procedures designed to attain compliance of the NIS Regulations, GDPR, ISO27001 (BS7799), ICFR (ISAE3402) and other relevant standards. This will involve establishing security processes that can ensure compliance and accreditation with ICT security best practice. The fulfilment of this role supports compliance with the Department for Transport Single Consolidated Direction (Aviation) - CAA's Cyber Security Oversight process (CAP1753).

Major Duties will involve the following:
* To carry out technical vulnerability assessments of IT systems and processes, identifying potential vulnerabilities, to make recommendations to control any risks identified and to ensure they are implemented.
* To respond rapidly and effectively to IT security incidents, managing them in a professional manner, including computer forensics for evidence gathering and preservation.
* Appropriate and sensitive handling of effected staff and efficient liaison with external and law enforcement / regulatory agencies when required.
* Develop policies and processes in conjunction with IT Manger for cyber security, incident management, IT risk management, incident response, endpoint security, network security and business continuity
* To be responsible for the coordination of regular Information Security Reviews in the business and with partner organisations, by conducting assessments of systems, processes and infrastructure and making recommendations to minimise risks identified.
* To work closely with the leadership to assist and provide input to ensure that policies and procedures for Information Security are effective are adhered to. To be proactive in making recommendations for updates to policies & procedures as required.
* To provide high quality Information Security guidance documentation and training within the IT Team.
* Lead the efforts in end-user cyber security awareness training.
* Manage the insider threat and APT detection, pro-active monitoring of all systems for IOC, and IOA.
* To lead by example and provide good security guidance and advice on best practice to service managers, staff at all levels and partner organisations.
* To provide high quality guidance and assistance to departmental staff in projects with challenging information security requirements.
* To be the definitive point of contact for all members of the business seeking advice on information security.
* To liaise with external agencies where required and ensure that any information requested is provided on a timely and secure basis, to represent the business in information security committees.
* To lead and manage the IT Cyber-Security team spanning .
* To keep up to date with security trends, threats and control measures, to be an active member of the Information security manager communities (particularly those working within aviation).
* To develop and maintain an excellent working relationship with NCSC, CAA and the supply chain
*To maintain high levels of professional conduct, including but not limited to: co-operative engagement in tasks set; the exercising of initiative to suggest, through line managers, improvements to the service provided; and clear and professional styles of communication at all times.
* To manage other activities that may arise through evolution, growth or restructuring.
* Such duties appropriate to the grade, as may be directed by the Head of IT or nominated representative

Essential Experience
* All relevant permits to work in the UK and security clearances (up to or over CTC).
* Extensive knowledge of IT (IT governance, disaster recovery, IT investigation and all things GDPR and Compliance)
* A very well organized and structured approach to work planning, time allocation to tasks, and a flexible approach to daily routines to deliver the desired results.
* An ambition to constantly learn new skills and develop knowledge, with an understanding that study time outside of working hours may be required for career development.
* Credible knowledge/experience of managing all areas of corporate / public Cyber-Security with Experience of implementing policies from scratch following ISO27001.
* Credible knowledge/experience of implementing new Cyber-Security measures in mid-large scale operations.
* Capable of effectively multi-tasking, prioritizing work, and handling competing interests
* Capable of investigating & analysing information technology logs and events sources preferred
* Advanced knowledge of security tooling, its purpose and capabilities and how they can be configured to implement company policy (Anti-Malware, IDS/IPS, CASB, email security gateways, security analysis tools, web security tools, next generation firewall/UTMs)
* A very good team working ethic, communicating with colleagues in a clear and professional manner, whilst maintaining a customer-service based approach. The ability to work alone using own initiative and managing support calls to a high standard
* Contribute credibly to IT department's delivery of SLAs and other support targets
* Self-motivated to advance own knowledge & gain formal qualifications

Desirable
* IT Qualifications / Certifications such as CompTIA CySA+, CASP, BCS CISMP, CCSP, SSCP, CISSP or CISM qualification or similar or equivalent experience/qualifications
* Project management certification such PRINCE2, APM, PMP etc.