Cyber Security Manager

Central London (hybrid)

Up to £80,000 per annum

A leading, acquisitive, £500m turnover construction engineering business (with revenues expected to double in the coming years), is undergoing a significant period of digital transformation and growth.

They are seeking an experienced Cyber Security Manager to act as the principal point of contact for all security matters across a rapidly expanding enterprise.

Genuine opportunity to have significant input and influence into the shape and future of the business by leading vital security initiatives.

Key Responsibilities

• Own and maintain all Security related policies and procedures, implementing "Security by Design", driving a culture of IT and Cyber Security awareness and responsibility.
  
  
• Develop and maintain the Information Security Strategy.
  
  
• Conduct ongoing security threat, risk, capability &/or maturity assessments.
  
  
• Oversee an outsourced Security Operations Centre (SOC) and Managed Security Services Provider (MSSP), managing performance reviews, ensuring service levels and effective incident management.
  
  
• Ensure alignment with NIST, NCSC, ISO27001, GDPR, and Cyber Essentials Plus standards.
  
  
• Drive the completion of ISO27001 implementation and certification, working with external partners and internal stakeholders.
  
  
• Lead upcoming security initiatives including such as; Qualys rollout, supporting completion of Sophos Endpoint Protection deployment.
  
  
• Developing business frameworks and templated responses for tender processes.
  
  
• Provide security oversight for new office locations and integration points, ensuring secure network ingress through firewalls and switches into third-party SOC systems.
  
  
• Develop, implement, and maintain comprehensive security policies and frameworks.
  
  Qualifications and Experience:
  
  
• Proven track record in managing security operations, compliance and third-party security providers.
  
  
• Experience required from both a strategy / framework management level and security controls deployment oversight.
  
  
• Ability to oversee technical solutions and remediate issues when required, with an excellent understanding of underlying systems. Technical background is a must.
  
  
• Advanced knowledge Industry Information Security Standards such as NIST, NCSC, ISO 27001, GDPR, and Cyber Essentials Plus.
  
  
• Management of 3rd party SOC / MSSP including service reviews, ensuring adherence to SLAs, and effective SOC governance.
  
  
• Experience delivering key security projects within tight deadlines.
  
  
• Professional Security Qualifications, for example CISSP, CISM, Security+ etc.
  
  Note: All potential candidates must be eligible for basic level Security Clearance