Cyber Assurance Manager
Location: London/Remote
Division/Team: Cyber Security
Type of Contract: Full-time
You will be an innovative problem-solver, who can adapt quickly to new circumstances. This requires from multiple different assurance objectives – including legislation, regulation, standards and frameworks. You will be capable of using your knowledge and intuition to identify real-world security risks and helping stakeholders understand the best options they have available.
This position will suit somebody with a methodical and hands-on approach to assurance. You will need to be a good listener and confident communicator with a consultative approach. You will be looking to gain experience in operational assurance in a fast-paced business. You will have been a subject matter expert in security management with a broad understanding of other cyber security domains – including architecture, engineering and operations. Service delivery and project management experience is desirable, particularly experience with agile delivery methods and DevOps models.
Role and responsibilities
- Identifying and analysing cyber security risks and providing advice to risk owners.
- Conducting assurance reviews against standards-based compliance requirements.
- Conducting Privacy Impact Assessments.
- Management of continuous assurance lifecycle processes within operational environments.
- Production of assurance evidence and reports for stakeholders.
- Production and implementation of cyber security policies.
- Evaluating the business impact of security incidents.
- Providing advice and guidance on meeting security related statutory and regulatory requirements.
- Assessment of security control designs and configurations for effectiveness in risk management.
- Developing trusted relationships with security stakeholders.
- Implementation and maintenance of security policies and processes.
- Managing the delivery of security assurance services for projects.
- Analysing security industry trends.
Requirements
Essential
- Excellent working knowledge of the security risk management life cycle, preferably working with continuous assurance methods in Agile delivery – such as secure SDLC.
- Excellent knowledge on a variety of different security technologies; such as cryptography, host intrusion, network and application firewalls.
- Expert knowledge of cyber security policies and process.
- Expert knowledge of security awareness campaigns.
- Comprehensive understanding of threat and vulnerability management systems.
- Comprehensive understanding of security information and event management systems.
- Comprehensive understanding of common approaches to requirements definition, system design and engineering.
Desirable
- Familiarity with major Cloud technologies, preferably working experience of a least one major PaaS provider – such as Azure or AWS.
- A natural collaborator with a genuine desire to help your team achieve a common goal.
- Knowledgeable when it comes to industry standards and good practice for information security risk, preferably working experience of ISO standards.
- An understanding of designing and implementing security management systems.