Full-Time Cyber Security Manager

As the Security Manager, you will be part of an InfoSec team that manage the delivery of security & accreditation to the NEC business and our customers. Interacting with the wider InfoSec team as well as other departments across NEC, the Security Manager will support the InfoSec team to deliver its objectives. Communication and collaboration are paramount to this role, the Security Manager will work with the architecture team, the wider technology teams and the Data Protection Officer to ensure that processes, procedures and policies are created, updated and adhered to as part of keeping us and our customers secure.

The Security Manager will produce the required security assurance documentation that is required for the accreditation of our customers, together with the Security Architects. An accreditation programme of work is in place within NEC which ensures that our accreditations are maintained, the role will contribute to this by supporting the arrangement of security testing, producing remediation plans and driving the remediation of identified vulnerabilities with the wider business support teams to improve the security posture of our environments.

The Security Manager will also provide written contributions to the procurement bids and security questionnaires that are sent to us by our customers, describing the technical and procedural controls that we have in place to protect our network and our customers’ data, and how we meet the required industry standards.

The Security Manager will support the wider InfoSec team in responding to security incidents, ensuring that they are closed and actioned in a swift manner and that lessons are learnt via detailed root cause analysis. You will also be expected to issue security advice and guidance to the rest of the business, in line with our policies and procedures. You will support initiatives working with team members to develop content for use within the team and to be published to the wider business.

Responsibilities will include:

• Work within the InfoSec team to support the key activities: Provide consistent and qualified responses to tenders and assurance questionnaires from customers
• Produce and maintain security assurance documentation required for accreditation
• Ensure compliance with relevant security standards, service management procedures, regulations, and industry best practices
• Schedule security testing and create remediation plans from the test reports- seeing remediation through to completion.
• Contribute to process documentation and policy review.
• Conduct security assessments and audits on people, process and technology within NEC.
• Assist in security incident management and vulnerability management.

Essential:

• Proven experience working in an IT security role
• Strong knowledge of cybersecurity frameworks, standards, and regulations.
• A good understanding of an approach to risk management – knowing that context is key
• Experience in writing comprehensive responses to security questionnaires or bids
• A strong focus on business outcomes

Desirable:

• Delivering pragmatic security assurance documentation aligned to varying degrees of risk appetite
• Exposure to security testing process and reports such as penetration testing
• Experience working within a shared environment with multiple tenants and requirements.
• Experience in working on solutions or projects that require formal independent accreditations.
• Working knowledge of Cyber Essentials Plus

Essential attributes

• Strong and demonstrated team working experience
• High degree of personal motivation and ability to self-manage
• Ability to communicate security and technical solutions to non-technical or security resources internally and external to NEC
• Comfortable with collaboration, open communication and reaching across a range of functions and teams.
• Excellent verbal and written communication skills.
• Candidates must be security cleared (or able to gain clearance) to MOD SC and Non-Police Personnel Vetting Level 3 (NPPV).

What is the last date for applying to the job?

Which countries are accepted for this remote job?