Job Description

You will be working with the businesses across critical areas of infrastructure, technology and applications to apply policy and procedural alignment against central ISO27001 standards. Responsibilities will include:

• Lead security risk assessments at business, technical architecture reviews
• Undertake gap analysis across projects and programmes using mature methodologies such as NIST (National Institute of Standards and Technology) CSF (Cyber Security Framework).
• Interpreting and applying appropriate standards, policies and legislation, e.g. SOX, DPA, HMG SPF, NCSC IA Portfolio, ISO27001, etc.
• Produce gap RTP (risk treatment plan) remediation plans for projects and programmes and report findings with recommendations to customers. RTPs must incorporate were possible relevant (current) threats to new systems that are being deployed along with highlighting internal, external vulnerabilities along with likelihood of exploitation
• Assist with the continual implementation and improvement of governance procedures within business units whilst adhering to centrals processes
• Collaborate with the wider cyber teams to ensure full coverage of implementation of best practice and IA across the group
• Evaluate new technologies for potential adoption in accordance with IA and good practice guides such as NCSC, CNI GPG's, IA architectural patterns
• Support the development of junior IA professionals (apprentices) across the business
• Support CTO, IT and business units with conformance against (as applicable) NIS Directive, PSN CoCo, re-certifications against schemes such as Cyber Essentials

Excellent employee benefits:

Company is committed to ensuring that we offer industry leading career opportunities, salary and benefits packages. Join us and you can expect to receive:

• 33 days holiday, including public holidays, plus the option to buy or sell five days each year
• Company pension scheme
• A range of family friendly policies including childcare vouchers
• An employee-funded car leasing scheme
• Occupational health support

Required Knowledge, Skills, and Abilities

Experience and knowledge to apply NIST, CSF, HMG SPF, ISO27001 standards and frameworks. Experience of undertaking and leading risk assessments, risk treatment and implementing practice countermeasures for pragmatic remediation. Strong knowledge and experience of IT security. Security qualifications, preferably NCSC certified (minimum Practitioner level), CISSP, CISM, CompTIA CASP+. High documentation standards. Penetration testing / ethical hacking experience. Experience of running vulnerability scans and understanding the security risk review process. Knowledge and understanding of the current and developing strategic information requirements of a Technology Services business. Strong interpersonal and communication skills. Skill in organizing resources and establishing priorities. Ability to steer on regulatory and compliance matters. ISO27001 internal auditor or other CISA an advantage. Working knowledge of List X, List N, IEC62443-3-3 related standards advantageous. Eligible for Security Clearance (successful appointment will be subject to being granted Security Clearance).