The following job is no longer available:
Cyber Security Technical Assurance Manager
Cyber Security Technical Assurance Manager
Cyber Security Technical Assurance Manager
Posted 16 days ago
- Crawley, West Sussex
- Any
- External
- Expired - 2 months ago
Cyber Security Technical Assurance Manager
Reference Number - 78651
This Cyber Security Technical Assurance Manager will report to the Head of Cyber Security and Technology Risk and will work within the Information Systems directorate based in either our Crawley, London or Ipswich offices. You will be a permanent employee.
You will attract a salary of £80,000.00 and a bonus of 10%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote
Close Date: 19/04/#####
We also provide the following additional benefits
Annual Leave
Personal Pension Plan - Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)
Tenancy Loan Deposit scheme
Tax efficient benefits: cycle to work scheme
Season ticket loan
Occupational Health support
Switched On - scheme providing discount on hundreds of retailers products.
Discounted access to sports and social clubs
Employee Assistance Programme.
JOB PURPOSE:
You will support the Head of Cyber Security and Technology Risk in ensuring that UK Power Networks (UKPN) network systems and customer data are adequately protected from cyber threats.
You will help maintain a strong cyber security posture across the UK Power Networks (UKPN) IT estate, by ensuring that cyber security weaknesses and vulnerabilities are identified and guiding actions to mitigate the risks and avoid disruption to the IT services that are crucial to delivering UKPN services to customers.
DIMENSIONS:
People - Direct management of circa 8 permanent and temporary cyber security testing and assurance resources.
Financial - Shared annual budget responsibility for circa £1-3m covering resources, tools and 3rd Party professional services and suppliers.
Suppliers - Management and oversight of 3rd Party suppliers commissioned for meeting specialist testing and assurance requirements.
Communication - articulate the cyber security risks and implications to important partners with sufficient information, and recommendations for action, which enable senior leaders to make decisions.
Partners - Create relationships with all partners, third party providers, suppliers, and partners to improve outcomes and create agreement around a vision or course of action.PRINCIPAL ACCOUNTABILITIES:
Define and deliver the cyber security technical assurance strategy, setting out clear policies and technical standards, modelling best practices and measuring success against defined measurement metrics (KPIs).
Manage the cyber security technical assurance team, to ensure the quality and timeliness of services and deliverables to meet our requirements, reviewing performance, driving improvements, optimisation and automation of the cyber security assurance capabilities across a variety of technologies and platforms.
Ensure the IT estate is compliant with UKPN policies and technical standards to protect company assets having management responsibility for driving the necessary remediation actions and countermeasures to mitigate identified weaknesses and vulnerabilities.
Establish and improve a regular red and purple team penetration testing program aligned to main threat information and industry cyber security intelligence.
Establish a Vulnerability Management process to ensure that all known security vulnerabilities and weaknesses are identified, contextually assessed, prioritised and tracked to remediation against UKPN policy.
Ensure that an IT Disaster Recovery and Business Continuity strategy and plans are established with appropriate testing performed to demonstrate it works.
Collaborate with the wider IT, application and Team members to devise assurance objectives and to ensure appropriate mitigation actions are considered and delivered.
Help develop and implement UK Power Networks' Cyber Security Strategy ensuring understanding to the company vision, values and strategic objectives.
Deputise for the Head of Cyber Security and Technology Risk for certain pre-agreed tasks and activities.
NATURE AND SCOPE:
The Information Systems Department works across UK Power Networks, supporting us in the achievement of our vision to become the best performing DNO. The team achieve this through the provision of technology solutions and the optimisation of current solutions to improve how we operate. Continuous improvement, customer service and seamless delivery is at the heart of this ethos and are therefore strongly underpinned by effective cyber security.
You will work with the Cyber Security Architecture Manager, Cyber Security Operations Manager, Cyber Security Governance, Risk and Compliance Manager, and Cyber Security Portfolio Manager. Also, you will support the wider Information Systems team, IT Service Providers and partners across UK Power Networks to implement and optimise cyber security technical assurance capabilities across four main services:-
Technical Security Compliance - to check and validate that the various IT hardware, software and application components (including Cloud) across the IT estate are compliant with defined technical security policies and will run the process for documenting, risk assessing, remediating, exception handling.
Product Security Assurance - ensure that all IT hardware and software products (including Cloud and 3rd Party services) are securely configured to meet the relevant UKPN functional and non-functional security requirements.
Vulnerability Management (VM) - ensure a robust end to end VM service to identify, contextualise, rank and prioritise security vulnerabilities and weaknesses across the IT estate and to drive and track remediation actions to mitigate the risks.
Disaster Recovery and Business Continuity - plan, schedule, organise and perform Crisis Management, Disaster Recovery and Business Continuity tests across senior partners and technical operations teams, testing ability to withstand and recover from a cyberattack or data breach within agreed objectives and timescales, and to minimise business disruption.Your principal challenge is to maintain a strong cyber security posture across the UKPN IT estate whilst ensuring that the numerous daily operational changes and multiple project deliverables re-enforce and strengthen the posture rather than undermine it and risk our information assets.
Qualifications:
Minimum 5 years+ experience leading a Cyber Security Assurance function or similar such as Cyber Security Integration function, Cyber Security Engineering function with some experience of assurance testing techniques and methodologies.
Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, related field or equivalent training and/or experience.
Professional Information Security certification by a recognised professional body such as Certified in Information Security Management (CISM), Certified Information Systems Security Professional (CISSP), certified Ethical Hacker (CEH), Global Information Assurance Certification (GIAC), or CompTIA Advanced Security Practitioner (CASP+).
Track record leading a security team or function where you have had to collaborate across partners with differing levels of technical security competency.
Advanced knowledge and an understanding of operational excellence in Cloud Security Posture Management and Vulnerability Management programs.
Understanding risk, resource availability and business objectives at a group level is necessary. Putting our customers interests at the heart of everything we do must always come first.
An understanding of compliance and regulatory frameworks such as
Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and ISA/IEC 62443, ISO/IEC 27001/27002, GDPR.
Working knowledge of security technologies including SIEM, SOAR, EDR, AV, IDS/IPS, NAC, AD, DLP, Web Filtering, Email Filtering, Behavioural Analytics.
Knowledge of adversarial tactics, techniques, procedures (TTPs) and industry standard frameworks (Mitre ATT&CK).
Experience working within a regulated environment, preferably Energy sector Critical
Infrastructure (CNI)
We are committed to equal employment opportunity regardless of , , ancestry, , ,
,
, , citizenship, marital status, , ,
or expression, or veteran status. We are proud to be an equal opportunity workplace
#J-18808-Ljbffr
Reference Number - 78651
This Cyber Security Technical Assurance Manager will report to the Head of Cyber Security and Technology Risk and will work within the Information Systems directorate based in either our Crawley, London or Ipswich offices. You will be a permanent employee.
You will attract a salary of £80,000.00 and a bonus of 10%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote
Close Date: 19/04/#####
We also provide the following additional benefits
Annual Leave
Personal Pension Plan - Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)
Tenancy Loan Deposit scheme
Tax efficient benefits: cycle to work scheme
Season ticket loan
Occupational Health support
Switched On - scheme providing discount on hundreds of retailers products.
Discounted access to sports and social clubs
Employee Assistance Programme.
JOB PURPOSE:
You will support the Head of Cyber Security and Technology Risk in ensuring that UK Power Networks (UKPN) network systems and customer data are adequately protected from cyber threats.
You will help maintain a strong cyber security posture across the UK Power Networks (UKPN) IT estate, by ensuring that cyber security weaknesses and vulnerabilities are identified and guiding actions to mitigate the risks and avoid disruption to the IT services that are crucial to delivering UKPN services to customers.
DIMENSIONS:
People - Direct management of circa 8 permanent and temporary cyber security testing and assurance resources.
Financial - Shared annual budget responsibility for circa £1-3m covering resources, tools and 3rd Party professional services and suppliers.
Suppliers - Management and oversight of 3rd Party suppliers commissioned for meeting specialist testing and assurance requirements.
Communication - articulate the cyber security risks and implications to important partners with sufficient information, and recommendations for action, which enable senior leaders to make decisions.
Partners - Create relationships with all partners, third party providers, suppliers, and partners to improve outcomes and create agreement around a vision or course of action.PRINCIPAL ACCOUNTABILITIES:
Define and deliver the cyber security technical assurance strategy, setting out clear policies and technical standards, modelling best practices and measuring success against defined measurement metrics (KPIs).
Manage the cyber security technical assurance team, to ensure the quality and timeliness of services and deliverables to meet our requirements, reviewing performance, driving improvements, optimisation and automation of the cyber security assurance capabilities across a variety of technologies and platforms.
Ensure the IT estate is compliant with UKPN policies and technical standards to protect company assets having management responsibility for driving the necessary remediation actions and countermeasures to mitigate identified weaknesses and vulnerabilities.
Establish and improve a regular red and purple team penetration testing program aligned to main threat information and industry cyber security intelligence.
Establish a Vulnerability Management process to ensure that all known security vulnerabilities and weaknesses are identified, contextually assessed, prioritised and tracked to remediation against UKPN policy.
Ensure that an IT Disaster Recovery and Business Continuity strategy and plans are established with appropriate testing performed to demonstrate it works.
Collaborate with the wider IT, application and Team members to devise assurance objectives and to ensure appropriate mitigation actions are considered and delivered.
Help develop and implement UK Power Networks' Cyber Security Strategy ensuring understanding to the company vision, values and strategic objectives.
Deputise for the Head of Cyber Security and Technology Risk for certain pre-agreed tasks and activities.
NATURE AND SCOPE:
The Information Systems Department works across UK Power Networks, supporting us in the achievement of our vision to become the best performing DNO. The team achieve this through the provision of technology solutions and the optimisation of current solutions to improve how we operate. Continuous improvement, customer service and seamless delivery is at the heart of this ethos and are therefore strongly underpinned by effective cyber security.
You will work with the Cyber Security Architecture Manager, Cyber Security Operations Manager, Cyber Security Governance, Risk and Compliance Manager, and Cyber Security Portfolio Manager. Also, you will support the wider Information Systems team, IT Service Providers and partners across UK Power Networks to implement and optimise cyber security technical assurance capabilities across four main services:-
Technical Security Compliance - to check and validate that the various IT hardware, software and application components (including Cloud) across the IT estate are compliant with defined technical security policies and will run the process for documenting, risk assessing, remediating, exception handling.
Product Security Assurance - ensure that all IT hardware and software products (including Cloud and 3rd Party services) are securely configured to meet the relevant UKPN functional and non-functional security requirements.
Vulnerability Management (VM) - ensure a robust end to end VM service to identify, contextualise, rank and prioritise security vulnerabilities and weaknesses across the IT estate and to drive and track remediation actions to mitigate the risks.
Disaster Recovery and Business Continuity - plan, schedule, organise and perform Crisis Management, Disaster Recovery and Business Continuity tests across senior partners and technical operations teams, testing ability to withstand and recover from a cyberattack or data breach within agreed objectives and timescales, and to minimise business disruption.Your principal challenge is to maintain a strong cyber security posture across the UKPN IT estate whilst ensuring that the numerous daily operational changes and multiple project deliverables re-enforce and strengthen the posture rather than undermine it and risk our information assets.
Qualifications:
Minimum 5 years+ experience leading a Cyber Security Assurance function or similar such as Cyber Security Integration function, Cyber Security Engineering function with some experience of assurance testing techniques and methodologies.
Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, related field or equivalent training and/or experience.
Professional Information Security certification by a recognised professional body such as Certified in Information Security Management (CISM), Certified Information Systems Security Professional (CISSP), certified Ethical Hacker (CEH), Global Information Assurance Certification (GIAC), or CompTIA Advanced Security Practitioner (CASP+).
Track record leading a security team or function where you have had to collaborate across partners with differing levels of technical security competency.
Advanced knowledge and an understanding of operational excellence in Cloud Security Posture Management and Vulnerability Management programs.
Understanding risk, resource availability and business objectives at a group level is necessary. Putting our customers interests at the heart of everything we do must always come first.
An understanding of compliance and regulatory frameworks such as
Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and ISA/IEC 62443, ISO/IEC 27001/27002, GDPR.
Working knowledge of security technologies including SIEM, SOAR, EDR, AV, IDS/IPS, NAC, AD, DLP, Web Filtering, Email Filtering, Behavioural Analytics.
Knowledge of adversarial tactics, techniques, procedures (TTPs) and industry standard frameworks (Mitre ATT&CK).
Experience working within a regulated environment, preferably Energy sector Critical
Infrastructure (CNI)
We are committed to equal employment opportunity regardless of , , ancestry, , ,
,
, , citizenship, marital status, , ,
or expression, or veteran status. We are proud to be an equal opportunity workplace
#J-18808-Ljbffr
.webp "Apply4U | Sign Up")
.webp "Apply4U | Contact Us")
.webp "Apply4U | Sign up")
