Information Security Operations Manager

Job Ref: 50200268
Sector: Business Change
Job Type: Contract
Date Added: 12 April 2019
  • Reading, Berkshire, England, UK Reading Berkshire GBR EC3A 4AF
  • £450 - £500 per Day
  • Daniyal Bashir
  • 0203 910 0030

Quick Apply

Submitting application, please wait..

Request a callback

Send To A Friend

My client is a global pharmaceutical business and technology company based around the Reading area. They have thousands of employees with multiple manufacturing sites around the world. They are also a listed FTSE 100 company.

They are looking to appoint an Information Security Operations Manager on an initial 6 month contract. This will be a direct report into the Director of Information Security.

There will be some travel with this role. The expected travel is to be between 5 and 10%. Travel will mainly be to the US, in the New Jersey area and European manufacturing sites.

You will be responsible for leading the development and ongoing operation of security controls and management of the security threats. You will be doing hands on security task such as eDiscovery.

You will have technical skills in the following areas:

  • IT Security Controls design, implementation and operation
  • eDiscovery and litigation hold
  • Malware analysis, and ability to effectively manage incidents.
  • Privileged access management
  • Security incident management and response
  • IT security risk identification and management
  • Security reporting

Duties and Responsibilities

eDiscovery and Litigation Hold:

  • Setup of and maintenance of a eDiscovery and Litigation hold capability
  • Execution of eDiscovery and litigation hold requests
  • Management reporting

Vulnerability Management:

  • Responsible for the security vulnerability management programme
  • Provide oversight and guidance to ensure the ongoing remediation of vulnerabilities
  • Manage 3rd party testing of cyber security posture
  • Responsible for understanding and reporting cyber risk profile

Ensuring ongoing effectiveness of security capability:

  • Enhance the cyber security prevention program.
  • Privileged access is managed and monitored on critical IT systems
  • Endpoint protection and malware detection tools remain effective
  • Security Incident Response process and procedures are understood and followed and to and conduct security incident response table top exercises
  • Regular assurance and reporting as to the effectiveness of key IT security controls

Security Operations:

  • Manage Security Operations partners.
  • Point of contact for IT security matters for Internal Audit
  • Responsible for the effective response and resolution to IT security incidents
  • Support / Perform security investigations including effective use of tools to identify and report the outcomes of incidents to senior management
  • Technical SME around security events and activities
  • Ensure changes to services do not introduce unplanned security risks
  • Oversee monitoring controls operation related to key electronic data access, data movement, data storage and data use
  • Monitor IT security control remediation action plans to ensure effective and timely completion

Person Profile

  • IT Security experience required
  • Certified Information Systems Security Professional (CISSP, Certified Information Systems Auditor (CISA) and/or Certified Information Security Manager (CISM) certification or similar certification preferred but not required
  • Assess and/or manage assessment of compliance and security gaps, providing remediation recommendations based on cost and other pertinent factors
  • Lead cross functional Computer Security Incident Response Team (CSIRT) in the resolution of security related incidents
  • Experience with security-related systems and applications, especially mainstream OS's (e.g. Microsoft Windows and Linux), network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance and desktop security tools
  • Knowledge of network infrastructure, including routers, switches, firewalls and associated network protocols and concepts
  • Strong verbal and written communication skills
  • Ability to facilitate cross-functional teams and translate business requirements into control objectives
  • Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls

We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation, gender reassignment, marriage and civil partnerships, pregnancy or maternity or age.

12/05/2019 15:45:36
GBP 450 450