IT Security Manager
Bristol - Fully Remote Working
£50,000 - £70,000 + benefits
Fantastic new permanent opportunity for an experienced IT Security Manager for this large financial services company based in Bristol. The position will initially be 100% fully remote with the opportunity to remain fully remote longer term.
Reporting into the Head of Architecture & Governance you will be at the forefront of security strategy, ensuring the confidentiality, integrity and availability of the businesses information and information systems.
This role will focus on three key areas:
- The assessment of information risk and facilitate remediation of identified vulnerabilities within the company's network, systems and applications.
- The strategy, road mapping and planning of security in the organisation.
- The management of the security team and SOC.
You will report on findings and apply recommendations for corrective & preventative action, and will identify opportunities to reduce security risks. You will also document remediation options regarding acceptance or mitigation of risk scenarios as well as facilitating and monitoring performance of risk remediation tasks, changes related to risk mitigation & will report on findings. This role will help the company understand security threats and help create strategies to protect assets and interests.
The role will include strategic and hands-on work as well as managing a small team, driving the IT Security strategy, leading projects, co-ordinating the team's work and mentoring, coaching & developing them.
- A proven background of working within a similar IT Security Manager or Lead position.
- Demonstrate a good understanding of information security frameworks, standards and security best practice (ISO27001, NIST CSF, Cyber Essentials, OWASP).
- Knowledge and adherence to data protection legislation and regulatory requirements (eg GDPR, FCA SYSC, PCI DSS).
- Extensive experience and understanding of security analysis tools, defensive technologies and other security technologies (eg SIEM, VAS, IDS/IPS, Firewalls, IAM, NAC, patch management, anti-malware).
- Solid understanding of security incident management and incident response processes and activities.
- Strong working knowledge of authentication technologies (eg two-factor, multifactor).
- Good knowledge of "BeyondCorp" principles (eg limiting access to confidential information, limiting remote access to applications, differentiating between corporate and personal devices, trusted endpoints).
- Knowledge of endpoint security solutions (eg HIDS, anti-malware, file integrity, DLP).
- Skilled in conducting vulnerability scans and identifying vulnerabilities in systems.
- Good awareness of the current Threat Landscape.
- Good understanding of modern malware: execution methods, persistence, detection, delivery mechanisms and entry points.
- Experience delivering presentations and supporting messaging to leadership teams.
- Strong communication skills both written and verbal.
For any further queries regarding the role, please contact Danny Palmer by phone or at (see below)