Cyber Threat - Reading, United Kingdom - Thames Water Utilites

Thames Water Utilites

Verified Company

Reading, United Kingdom

2 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

In Team Digital, we're planning for a future where the technology solutions we co-create and design enable us to achieve our goal of protecting our greatest natural resource and allow our customers, communities and the environment to thrive.

As a team, our vision is to create an everyday digital experience for the people we serve - our customers - by putting them at the heart of everything we do.

As part of our award-winning team you'll help the business become an intelligent, connected organisation in order to deliver our digital transformation and turnaround.

We seek a Cyber Threat & Vulnerability Lead
to be responsible for designing, implementing, and maintaining TVM (Cyber Threat & Vulnerability Management) solutions, controls and processes across Thames Water.

This role requires a deep understanding of TVM concepts, technologies, and best practices, as well as the ability to collaborate effectively with cross-functional teams.

What you will be doing as a Cyber Threat & Vulnerability Lead

Lead vulnerability management across the enterprise, ensuring that a framework for identification, categorisation and mitigation exists and is implemented and maintained. Responsible for ensuring the operating model for vulnerability management is defined, shared, agreed and operates effectively across the business.
Collaborate with stakeholders to understand business requirements and develop threat assessment and vulnerability management (TVM) strategies and controls that align with organisational goals.
Develop and maintain TVM documentation, policies, and procedures.
Evaluate and recommend technologies, tools, and vendors to meet business needs.
Investigate newly identified cyber security vulnerabilities and provide appropriate mitigation actions.
Liaise and coordinate with technology and business stakeholders about cyber security patching and vulnerability management issues/actions.
As this role sits within Security Operations, there is a possible need to be on call for major incidents only (not a static weekly/monthly on call rota). More details will be in the employment contracts once successful.
Maintain a cyber threat assessment methodology, align to evolving industry standards and integrate into BAU and projectbased business processes.
Perform proactive threat hunting for new and emerging cyber threats.
Develop and maintain dashboards with cyber security threat and vulnerability metrics.
Ensure compliance with relevant industry standards, regulations, and best practices, such as GDPR, NIS and ISO 2700
Monitor, analyse and optimise TVM tool performance, identify potential issues, and implement proactive solutions.
Provide technical leadership and guidance to junior team members.
Establish and maintain relationships with vendors and service providers.
Stay current on industry trends, emerging technologies, and best practices to continuously improve security operations.

What you should bring to the role?
We want to bring together a team of brilliant tech minds with game-changing ideas.

We're looking for people who will help us re-imagine the way we work and the way we get things done:

A truly digital mindset. Open to collaboration. Open to risk. Open to new ways of doing things.
Obsessed with data. Obsessed with excellence.
People who think and behave differently to the way we do. People who don't want to just be another cog in the machine.

Essential Experience

You will ideally have a degree in Cyber Security, Computer Science, Information Technology, Engineering, or a related field.
Strong analytical and problemsolving abilities, and good decisionmaking skills.
Ability to display strong innovation, planning and organising skills.
Ability to display strategic thinking.
Minimum of 3 years of experience in Threat and Vulnerability Management process and control design, implementation, and management, preferably in an enterprise environment.
Experience in remediating cyber risks in the everchanging digital estate.
Ability to line manage one security professional towards a set of common goals.
A generic cyber security industry certification(s) such as CISSP, CISM, or CCSP.
Understanding of different patching management techniques and approaches for different technology stacks. (e.g. SaaS, IaaS, End-User Computing, Server Estate, etc.)

Desirable Experience

Preferred previous experience within the water utility industry or large, complex infrastructurebased enterprises.
Experience managing and remediating risks surrounding operational technology (OT) environments.
Familiarity with managing vulnerabilities on a legacy and ageing technology estate.
TVMspecific certification(s) e.g. Certified Threat Intelligence Analyst (CTIA) or Certified Vulnerability Assessor (CVA).

What's in it for you?