OT Cyber Security Testing Manager
Posted a month ago
- Crawley, West Sussex
- Any
- External
- Expires In 2 months
Title: Cyber Security Testing Manager
Location: Crawley (On site for the first 6 months in post, flexible working 2-3 days a week thereafter);
Sector: Renewable Energy
Salary: £80,000-100,000 per year plus package (annual 10% bonus, car allowance, healthcare and 8-10% pension).
Please note that to apply for this opportunity, you must be a British passport holder, and have resided in the UK permanently for 5 years continuously. Unfortunately, the client cannot provide sponsorship for this position.
InfoSec People are partnered with a leading client in the renewable energy space, who have a new Cyber Security Testing Manager opportunity to support the current Head of Cyber Security.
This is a managerial role within cyber security, working across a brownfield project to build the penetration testing team for our client. The successful candidate will have a background in Critical National Infrastructure, Operational Technology, and will previously have worked either as a Penetration Tester or Ethical Hacking within a relevant sector (e.g. renewable energy, oil and gas, aviation and aerospace, defense or government).
About the role:
The successful placeholder will be working with the Cyber Security Architecture Manager, Cyber Security Operations Manager, Cyber Security Governance, Risk and Compliance Manager, and Cyber Security Portfolio Manager.
They will also support the wider Information Systems team, IT Service Providers and partners to implement and optimise cyber security technical assurance capabilities across four main services; Technical Security Compliance, Product Security Assurance, Vulnerability Management (VM), and Disaster Recovery and Business Continuity.
Key responsibilities:
Define and deliver the cyber security technical assurance strategy, setting out clear policies and technical standards, modelling best practices and measuring success against defined measurement metrics (KPIs).
Manage the cyber security technical assurance team, to ensure the quality and timeliness of services and deliverables to meet our requirements, reviewing performance, driving improvements, optimisation and automation of the cyber security assurance capabilities across a variety of technologies and platforms.
Ensure the IT estate is compliant with The Client's policies and technical standards to protect company assets having management responsibility for driving the necessary remediation actions and countermeasures to mitigate identified weaknesses and vulnerabilities.
Establish and improve a regular red and purple team penetration testing program aligned to main threat information and industry cyber security intelligence.
Establish a Vulnerability Management process to ensure that all known security vulnerabilities and weaknesses are identified, contextually assessed, prioritised and tracked to remediation against The Client's policy.
Ensure that an IT Disaster Recovery and Business Continuity strategy and plans are established with appropriate testing performed to demonstrate it works.
Collaborate with the wider IT, application and Team members to devise assurance objectives and to ensure appropriate mitigation actions are considered and delivered.
Help develop and implement The Client's Cyber Security Strategy ensuring understanding to the company vision, values and strategic objectives.
Deputise for the Head of Cyber Security and Technology Risk for certain pre-agreed tasks and activities.
Preferred Skills and Experience for Success:
Experience leading a Cyber Security Assurance function or similar, such as Cyber Security Integration function, Cyber Security Engineering function with some experience of assurance testing techniques and methodologies.
Track record leading a security team or function where you have had to collaborate across partners with differing levels of technical security competency.
Advanced knowledge and an understanding of operational excellence in Cloud Security Posture Management and Vulnerability Management programs.
Understanding risk, resource availability and business objectives at a group level is necessary.
An understanding of compliance and regulatory frameworks such as National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and ISA/IEC 62443, ISO/IEC 27001/27002, GDPR.Working knowledge of security technologies including SIEM, SOAR, EDR, AV, IDS/IPS, NAC, AD, DLP, Web Filtering, Email Filtering, Behavioural Analytics.Knowledge of adversarial tactics, techniques, procedures (TTPs) and industry standard frameworks (Mitre ATT&CK).
Experience working within a regulated environment, preferably Energy sector Critical National Infrastructure (CNI)
Desirable:
Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, related field or equivalent training and/or experience.
Professional Information Security certification by a recognised professional body such as Certified in Information Security Management (CISM), Certified Information Systems Security Professional (CISSP), certified Ethical Hacker (CEH), Global Information Assurance Certification (GIAC), or CompTIA Advanced Security Practitioner (CASP+).
As dedicated recruitment professionals, we prioritize confidentiality. InfoSec People values diversity, equity, and inclusion (DE&I). Please share any information or accessibility needs to aid your process; we’ll do our best to cater to specific requirements.
For further details, please send the most current version of your CV and a good time to speak to Becca at InfoSec People, or please click apply or get in touch with Becca for an open, honest, and confidential conversation;
01242 507109
#####
Location: Crawley (On site for the first 6 months in post, flexible working 2-3 days a week thereafter);
Sector: Renewable Energy
Salary: £80,000-100,000 per year plus package (annual 10% bonus, car allowance, healthcare and 8-10% pension).
Please note that to apply for this opportunity, you must be a British passport holder, and have resided in the UK permanently for 5 years continuously. Unfortunately, the client cannot provide sponsorship for this position.
InfoSec People are partnered with a leading client in the renewable energy space, who have a new Cyber Security Testing Manager opportunity to support the current Head of Cyber Security.
This is a managerial role within cyber security, working across a brownfield project to build the penetration testing team for our client. The successful candidate will have a background in Critical National Infrastructure, Operational Technology, and will previously have worked either as a Penetration Tester or Ethical Hacking within a relevant sector (e.g. renewable energy, oil and gas, aviation and aerospace, defense or government).
About the role:
The successful placeholder will be working with the Cyber Security Architecture Manager, Cyber Security Operations Manager, Cyber Security Governance, Risk and Compliance Manager, and Cyber Security Portfolio Manager.
They will also support the wider Information Systems team, IT Service Providers and partners to implement and optimise cyber security technical assurance capabilities across four main services; Technical Security Compliance, Product Security Assurance, Vulnerability Management (VM), and Disaster Recovery and Business Continuity.
Key responsibilities:
Define and deliver the cyber security technical assurance strategy, setting out clear policies and technical standards, modelling best practices and measuring success against defined measurement metrics (KPIs).
Manage the cyber security technical assurance team, to ensure the quality and timeliness of services and deliverables to meet our requirements, reviewing performance, driving improvements, optimisation and automation of the cyber security assurance capabilities across a variety of technologies and platforms.
Ensure the IT estate is compliant with The Client's policies and technical standards to protect company assets having management responsibility for driving the necessary remediation actions and countermeasures to mitigate identified weaknesses and vulnerabilities.
Establish and improve a regular red and purple team penetration testing program aligned to main threat information and industry cyber security intelligence.
Establish a Vulnerability Management process to ensure that all known security vulnerabilities and weaknesses are identified, contextually assessed, prioritised and tracked to remediation against The Client's policy.
Ensure that an IT Disaster Recovery and Business Continuity strategy and plans are established with appropriate testing performed to demonstrate it works.
Collaborate with the wider IT, application and Team members to devise assurance objectives and to ensure appropriate mitigation actions are considered and delivered.
Help develop and implement The Client's Cyber Security Strategy ensuring understanding to the company vision, values and strategic objectives.
Deputise for the Head of Cyber Security and Technology Risk for certain pre-agreed tasks and activities.
Preferred Skills and Experience for Success:
Experience leading a Cyber Security Assurance function or similar, such as Cyber Security Integration function, Cyber Security Engineering function with some experience of assurance testing techniques and methodologies.
Track record leading a security team or function where you have had to collaborate across partners with differing levels of technical security competency.
Advanced knowledge and an understanding of operational excellence in Cloud Security Posture Management and Vulnerability Management programs.
Understanding risk, resource availability and business objectives at a group level is necessary.
An understanding of compliance and regulatory frameworks such as National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and ISA/IEC 62443, ISO/IEC 27001/27002, GDPR.Working knowledge of security technologies including SIEM, SOAR, EDR, AV, IDS/IPS, NAC, AD, DLP, Web Filtering, Email Filtering, Behavioural Analytics.Knowledge of adversarial tactics, techniques, procedures (TTPs) and industry standard frameworks (Mitre ATT&CK).
Experience working within a regulated environment, preferably Energy sector Critical National Infrastructure (CNI)
Desirable:
Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, related field or equivalent training and/or experience.
Professional Information Security certification by a recognised professional body such as Certified in Information Security Management (CISM), Certified Information Systems Security Professional (CISSP), certified Ethical Hacker (CEH), Global Information Assurance Certification (GIAC), or CompTIA Advanced Security Practitioner (CASP+).
As dedicated recruitment professionals, we prioritize confidentiality. InfoSec People values diversity, equity, and inclusion (DE&I). Please share any information or accessibility needs to aid your process; we’ll do our best to cater to specific requirements.
For further details, please send the most current version of your CV and a good time to speak to Becca at InfoSec People, or please click apply or get in touch with Becca for an open, honest, and confidential conversation;
01242 507109
#####
.webp "Apply4U | Sign Up")
.webp "Apply4U | Contact Us")
.webp "Apply4U | Sign up")
