Security Engineering Manager - Luton

IT/Information/Cyber Security
Ref: 45 Date Posted: Monday 20 Jan 2020
LinkedIn ShareShare
Reference No:         2052/38
Salary:                     £61,000 - £84,000
Benefits:                  Generous bonus + benefits

The Role

The security engineering manager is responsible for protecting our organisation's information and information systems from loss and compromise through the delivery and effective management of a security engineering team.
  • Manage, lead and develop a high-performing team of security technical architects and security engineers with associated security domain specialisms
  • Accountable for ensuring the team is adequately resourced and skilled to meet demand
  • Accountable for the delivery of a security engineering capability and ensuring security architecture and engineering elements are included in projects
  • Ensure that a mechanism is in place for security knowledge transfer within the engineering team delivering assurance of consistent secure designs and services across the team
  • Ensure clear strategies are in place for embedding relevant security policies and technical standards in projects and service
  • Define security tools, systems and solutions, aligned to IT strategy and security standards
  • Produce and disseminate management information in relation to the performance of technical security controls, technical assurance activities and service improvements
  • Build and subsequently maintain the capability of  security services, including technology roadmaps that define Security-centric platforms and associated working practices
  • Lead the management, maintenance and service improvement of security engineering systems
  • Prepare material for periodic security groups
  • Create, introduce and embed new technical standards and controls through continuous improvement
  • Lead the development, maintenance and compliance of security technical standards and procedures
  • Provide IT teams with security technical architecture and engineering focused support, training and consultancy to ensure compliance with security policies, standards, compliance and regulations
  • Accountable for ensuring that technical aspects of systems and services are ‘Secure by Design’
  • Develop and operate procedures that counteract potential threats and vulnerabilities, maintaining the integrity and capability of security systems
  • Ownership and Delivery. Has a clear focus to deliver results, working to targets, reviewing progress and adapting their plans accordingly, motivating themselves/the team to achieve.
  • Business Performance. Understands business and external environment, is cost conscious and understands the longer term perspective and implications of decisions.
  • Innovation and Change. Is open to new ways of doing things and questions existing approaches, views change as an opportunity, comfortable working in a dynamic and ambiguous environment.
  • Building Relationships. Expresses ideas confidently and clearly, builds positive and constructive relationships with others, gets to know colleagues within their own team and supports them to ensure team goals are achieved.  
Requirements of the Role
  • The jobholder must have a thorough understanding of the security threat landscape, significant risks, technical developments and directions.  
  • Strong interpersonal and management skills are essential, as the jobholder must be able to lead a team and operate effectively at all levels within and outside of the organisation
  • Depth of experience in IT Technical Security, some of which must be as a principle practitioner
  • Experience of managing a managed security service provider
  • Experience of multiple security systems from technical configuration, implementation and operational perspectives including, vulnerability management, SIEM, IDS/IPS, Web Content Filtering, NAC, WAF, DLP, IAM
  • Proven experience of providing technical assurance of application, network and host security.
  • Direct experience of leading security architecture and engineering teams
  • Demonstrable experience in the identification and implementation of security technical controls
  • Excellent written and oral communication skills
  • Ability to present ideas in ‘non-technical’ business-friendly accessible language
  • Ability to effectively prioritise and execute tasks in a high-pressure environment
  • Be a business-focussed, creative, innovative pragmatic and positive team player
One or more of the following qualifications are highly desirable.
  • Masters in Information Security (MSc)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Security Professional (CISSP)
  • TOGAF Certified
  • Certified Information Security Architecture Professional (CISSP-ISSAP)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • Certified Cloud Security Professional (CCSP)
  • ITIL