Cyber Security Manager

Posted 07 November 2024
LocationLondon
Job type Permanent
Reference51565
Contact NameAmaan Khan

Job description

 

Role: Cyber Security Manager

Location : Office location London, Hybrid (3 days Onsite - 2 days remote) 

Permanent Role 

 

Company Description: “Working with some of the biggest names in the industry, this exciting pioneer of the
Insurance industry has made it very clear that there rapid expansion is not over- For this reason theres a fantastic
progression opportunity for a Cyber Security Manager to come into the business and work  end to end to implement and deliver the project”

 

 

Important: 

More on a strategy side
Governance, Compliance with overall security
Working with Third Parties 

 

Duties and accountabilities

  • Develop and communicate corporate information security policies, standards and guidelines and updating these in line with the evolving threat landscape across company.

  • Create and update the cyber security strategy to ensure that it is aligned to the business objectives and IT strategy respectively.

  • Develop and assess organisational strategies that address information control requirements. Identifies and monitors environmental and market trends and proactively assesses impact on business strategies, benefits and risks.

  • Build and maintain a cyber security risk management framework linked to enterprise risk and ICT risk. This should include working across Company to identify any cyber security risks and presenting them to the Head of Technology.

  • Ensures architectural principles and privacy by design principles are applied to new projects and initatives across Company. Drives adoption and adherence to policy, standards and guidelines that are created.

  • Working in close conjunction with compliance to ensure that cyber security across company complies with cyber security frameoworks such as NIST CSF, ISO27001 and ensuring that regulatory requirements for cyber security are adhered to.

  • Support external audits and internal audits that are independently carried out, alongisde undertaking maturity assessments and any spot checks to ensure that cyber security policies, standards and requirements are being adhered to.

  • Leads the provision of authoritative advice and guidance on the requirements for security controls in collaboration with subject matter experts.

  • Oversee a small team including a security analyst and cyber security third party resources as and when required including providing guidance, training and mentorship to enhance the teams skills and knowledge.

  • Lead the business response to security incidents, including data breaches, cyber-attacks, and other security-related events including coordinating with internal and external stakeholders and third party services during incident investigations and remediation efforts.

  • Ensuring that lessons are learned from any incidents or near misses and that these are fed into the annual crisis management exercises that will be undertaken with relevant stakeholders.

  • Continually develop and deliver a cyber security awareness program across Company continually educating staff on the latest threats and vulnerabilities to the organisation and externally.

  • Chair the monthly security group with the relevant business stakeholders and regularly report on the state of the organisations security posture to senior and executive leaders, determining the appropriate metrics to report on.

  • Working with the Operations Manager and leading the response from IT on Operational Resilience (OR).  Ensuring quality and effectiveness, while overseeing end-to-end OR testing, including budgeting, test type determination, severity assessment, IT-focused testing, review of deliverables, and maintenance.

  • Ownership of the Business Continuity Process (BCP) on behalf of the organisation.

  • Managing the cyber security Third Party Risk Management program, reviewing our key third parties on a regularly basis from a cyber security perspective and ensuring any risks are identified. This includes the development of cyber risk metrics and reports that are required from AEGIS London’s key suppliers, in line with our policies, processes and security frameworks and providing these to the Third Party Risk Management team.

  • Population of the cyber metrics dashboard and relevant reports to the relevant stakeholders to provide an overview of the cyber security posture for Company.

 

Skills, knowledge and experience

The successful candidate will have/be:

  • Relevant industry certifications such as CISSP, CISM or similar

  • Demonstrable experience in leading a Cyber Security function with a hands-on approach

  • Held an Information Security role in a regulated environment (Insurance or Financial Services desired)

  • Familiarity with cybersecurity frameworks and standards (e.g., NIST Cybersecurity Framework, CIS Controls, ISO27001, SOC2, etc)

  • In-depth knowledge of current and emerging cyber threats, vulnerabilities, and attack vectors and how to protect company from these

  • Experience of deploying identity and access management projects

  • Experience of working in a Azure native environment with some experience in multi-cloud environments

  • Experience in managing third-party vendors for security services such as SOC, Threat Intelligence, Vulnerability Management, etc

  • Strong leadership and team management skills

  • Experience of working closely with IT teams to achieve security outcomes

  • Experience in building security business cases for leadership to consider

“If you are interested in this opportunity, feel free to contact Amaan Khan on + 44 (0) 203 375 9263  or alternatively reach by email on [email protected]