Security Manager (CF-33921906)
On-site Security Manager
The Site Security Manager will be responsible for the following:
- Attend a monthly Security Review meeting, led by the Clients Security Team to review service performance, recent IT incidents, trends in support calls, service improvement opportunities of the SOC service,
- Ensure the on-site Security Manager pro-actively provides documented recommendations that mitigate identified risks to Client This will also include providing on-going advice on application architecture, technology selection, methodologies and tools, applications design and implementation relating to any system, software, process, routine, or data in terms of creation, development, manipulation, enhancement, and replacement. The on-site Security Manager is expected to proactively recommend technology and service improvements to drive down costs and gain efficiencies.
- Reviews all change. This includes all project designs, as well as new or enhanced services, such as Business as Usual (BAU) change. It is the responsibility of the on-site Security Manager to review the changes and approve or deny change from a security perspective, based on Client's security requirements and industry Best Practice.
- Provides assistance to Client's Cyber Security Team in developing business cases and implementation plans for deployment of new technologies, or modification of existing technologies. The on-site Security Manager is expected to be able to advise on strategic direction of the service.
- Provide a service that ensures risk assessments are undertaken on projects to identify threats and weaknesses in the IT and OT environments and submit reports to Client's Cyber management. The on-site Security Manager must be aware and knowledgeable with regards to security best-practice and regulations, including ISO27001, ISA62443, PCI compliance, GDPR and the NIST Cyber Security Framework.
- Provide support/expertise to the ISTP with their six-month review of firewall rules, as well as the review of all firewall changes to ensure they do not increase the risk profile of Client..
- Be required to provide advice and recommendations to the Client's Water Cyber Security resources in the creation of, planning, execution, and implementation of Information Security or Operational Technology related initiatives/ projects/ programmes. This may include advice on improvements to processes, methodologies, architecture, technologies and tools, system configuration or other activities to mitigate security risks to Client.
Skills & Experience Required
- Intrusion Detection and Prevention Service (IDPS).
- Advanced Persistent Threat protection (APT).
- E-mail sandbox technology.
- Management of the Public Key Infrastructure (PKI) infrastructure.
- Vulnerability Scanning and remediation.
- Real-time metrics portal, as well as monthly and ad-hoc reporting.
- Threat Intelligence.
- Forensic capability.
Please click here to find out more about our Key Information Documents. Please note that the documents provided contain generic information. If we are successful in finding you an assignment, you will receive a Key Information Document which will be specific to the vendor set-up you have chosen and your placement.
To find out more about Computer Futures please visit www.computerfutures.com
Computer Futures, a trading division of SThree Partnership LLP is acting as an Employment Business in relation to this vacancy | Registered office | 1st Floor, 75 King William Street, London, EC4N 7BE, United Kingdom | Partnership Number | OC387148 England and Wales