Scope of Job:
The IT Security Manager is the global owner for IT Security processes and procedures for technical IT security governance, risk management and compliance. The IT Security Manager will manage the day to day technical IT security compliance activities, (including PCI and GDPR) in accordance with the information security management framework.
Working to the Head of Information Security, the IT Security Manager will define, establish and implement technical IT Security policies, processes and procedures that enable’s the strategic vision and strengthens the organisations infrastructure and applications aligned to business threats and compliance requirements.
• Keep infrastructure, applications and data safe from cyber threats
• Work with the departments to assure IT security principles are applied to infrastructure, applications and programmes.
• Ensure IT continues to develop at a fast pace, incorporating security by design principles.
• Determine and strengthen the enterprise security architecture, ensuring IT security controls are optimised to the right level to achieve the strategic direction
• Design and implement technical policies and processes maintaining compliance across a matrix organisation
• Incorporate security by design into business systems and applications and strengthen the organisations ability to meet compliance requirements through applications and mitigate against cyber threats
• Review a multitude of IT projects in parallel, identifying and recommending efficiencies
• Implement and maintain technical IT Security risks, ensuring risks are continually reviewed, remediated and accepted
• Ensure compliance with the information security management framework through audit and assurance
• Manage the identity access management requirements
• Manage the threat and vulnerability management requirements
• Investigate, remediate and report (including lessons learned) on IT security incidents
• Assist with the development of the security awareness and training programmes
Skills, Experience & Qualifications:
• A track record and experience in technical enterprise security, with demonstratable technical IT security knowledge.
• Expert knowledge of IT security principles and technologies, including ability to develop policies and processes enabling compliance
• Experience of industry standards and frameworks such as NIST, ISO27001, SABSA
• Experience of designing and implementing IT security solutions
• Experience in Windows and IP intranet/internet security environments, including firewalls, intrusion detection, incident response, vulnerability testing (Trustwave) and operating system hardening
• Experience of relevant technologies (such as networks, LANs, WANs, Servers & Hosting, Applications)
• Experience of identity access management and privileged identity management.
• Experience and knowledge of managing SIEM’s platforms and developing threat management
• Experience of working through technical IT security constraints to achieve business goals
• Excellent stakeholder management and ability to work as part of a wider team, always promoting IT and information security
• Experience of compliance with industry regulations such as PCI-DSS and GDPR
• IT Security Manager with accreditations such as CISSP, GIAC.
• Some travel required to other business locations