IT Security Manager - Birmingham

Coburg Banks Limited
70000.00 - 75000.00 GBP Annual
02 Oct 2019
28 Oct 2019
Job Type
Contract Type

Position: IT Security Manager

Location: Birmingham, West Midlands

Rate: GBP70,000 to GBP75,000

Benefits: 10% Bonus, Pension, Healthcare

Due to a promotion we are looking for an experienced and hands-on IT Security Manager with experience in PCI-DSS and ISO 27001 to join an International FTSE 250 company based in Birmingham close to New Street and Moor Street Stations.

The successful candidate will play a key role in the operation of IT Security for the UK entities of the business. A hands-on role that is paramount to maintain IT Security processes operating to the required standard and liaising with multiple stakeholders, internal teams and suppliers. The IT Security Manager will bring a wealth of knowledge to apply it on a daily basis, be responsible for the correct operation of key processes and act as the key point of contact for all IT Security matters.

The IT Security Manager will:

  • Assess and evaluate third party suppliers through defined instruments to establish their IT security position, identify associated risks and communicate the outcome to relevant stakeholders
  • Support activities concerning IT security assessment of prospective acquisitions of companies to determine any gaps that require mitigation and communicate risks to the appropriate stakeholders
  • Evaluate IT security advisories and determine actions to assign them to an appropriate team
  • Supervise and coordinate the penetration testing and vulnerability scanning activities executed by a third-party provider
  • Provide advice to projects and initiatives in the form of IT security requirements
  • Respond to IT security incidents, suspicious activity or alerts to prevent adverse impact to users, processes, systems or data
  • Support current IT security initiatives in-flight to successfully take them to completion
  • Own and advise on IT security in corporate forums such as Change Advisory Board (CAB), Technical Design Authority (TDA) and ISO27001 committees as applicable
  • Advise business functions on compliance requirements for relevant frameworks (such as PCI DSS, GDPR and ISO27001)
  • Review and provide input on corporate documents concerning IT security, such as policies, supplier contracts, service contracts and data processing agreements
  • Participate in meetings where IT security support is required, including project, debrief, catch-up, supplier, security testing and any other as applicable
  • Appraise IT security risks, manage the IT security risk register and, where applicable, support and coordinate ISO27001 compliance activities
  • Act as a point of contact for ad-hoc enquiries, troubleshooting issues and general support concerning IT security
  • Communicate proactively and effectively with all stakeholders, internal teams, suppliers and any other involved party in the IT security processes
  • Liaise with the wider IT security representatives at a Group level to exchange knowledge and contribute to the wider strategic and tactical initiatives

Key Experience Required

  • A recognised certification in IT Security (e.g. CISSP, CISM or equivalent)
  • Strong understanding of ISO27001, CIS controls, NIST, PCI DSS and GDPR
  • Ability to analyse from a technical point of view an IT solution to identify appropriate IT security controls
  • Ability to identify potential weaknesses on a given IT solution (e.g. through threat modelling and/or risk assessment)
  • Knowledge of Penetration Testing and Phishing.
  • Ability to define or assess IT security requirements for an IT solution in a written format for consumption of other stakeholders of the development or deployment process
  • Ability to assess IT security incidents, IT security advisories and IT security issues collating technical and functional information to define mitigating actions
  • Ability to communicate technical findings or vulnerabilities in plain language to varied audiences across the organisation
  • Ability to support conversations with a broad set of stakeholders, including but not limited to, project managers, third party suppliers, technical teams and functional teams
  • General technical knowledge including networks, operating systems, databases, application servers, web servers, cloud security (e.g. multi-tenancy, public/private implementations, SaaS, PaaS, IaaS), end-point security (e.g. hardening, anti-malware), web application security (e.g. OWASP), network security (e.g. IDS/IPS, SIEM, DDOS mitigation and WAF) and penetration testing

Coburg Banks IT specialise in recruiting in a variety of areas including: Development, IT Support, Programme and Project Management, Business Analysts and Testing as well as mid to senior level IT appointments. We would welcome the opportunity of helping you in your career, so please send a copy of your CV to us