No more applications are being accepted for this job

OT Cyber Security Testing Manager - Crawley, West Sussex, United Kingdom - InfoSec People Ltd

InfoSec People Ltd Crawley, West Sussex, United Kingdom

1 month ago

Description

Cyber Security Testing Manager Location:
Crawley (On site for the first 6 months in post, flexible working 2-3 days a week thereafter);
Renewable Energy

Salary:
£80,000-100,000 per year plus package (annual 10% bonus, car allowance, healthcare and 8-10% pension).

Please note that to apply for this opportunity, you must be a British passport holder, and have resided in the UK permanently for 5 years continuously.

InfoSec People are partnered with a leading client in the renewable energy space, who have a new Cyber Security Testing Manager opportunity to support the current Head of Cyber Security.

This is a managerial role within cyber security, working across a brownfield project to build the penetration testing team for our client.

The successful candidate will have a background in Critical National Infrastructure, Operational Technology, and will previously have worked either as a Penetration Tester or Ethical Hacking within a relevant sector (e.g. renewable energy, oil and gas, aviation and aerospace, defense or government).

The successful placeholder will be working with the Cyber Security Architecture Manager, Cyber Security Operations Manager, Cyber Security Governance, Risk and Compliance Manager, and Cyber Security Portfolio Manager.

They will also support the wider Information Systems team, IT Service Providers and partners to implement and optimise cyber security technical assurance capabilities across four main services; Define and deliver the cyber security technical assurance strategy, setting out clear policies and technical standards, modelling best practices and measuring success against defined measurement metrics (KPIs).

Manage the cyber security technical assurance team, to ensure the quality and timeliness of services and deliverables to meet our requirements, reviewing performance, driving improvements, optimisation and automation of the cyber security assurance capabilities across a variety of technologies and platforms.

Ensure the IT estate is compliant with The Client's policies and technical standards to protect company assets having management responsibility for driving the necessary remediation actions and countermeasures to mitigate identified weaknesses and vulnerabilities.

Establish and improve a regular red and purple team penetration testing program aligned to main threat information and industry cyber security intelligence.

Establish a Vulnerability Management process to ensure that all known security vulnerabilities and weaknesses are identified, contextually assessed, prioritised and tracked to remediation against The Client's policy.

Ensure that an IT Disaster Recovery and Business Continuity strategy and plans are established with appropriate testing performed to demonstrate it works.

Collaborate with the wider IT, application and Team members to devise assurance objectives and to ensure appropriate mitigation actions are considered and delivered.

Help develop and implement The Client's Cyber Security Strategy ensuring understanding to the company vision, values and strategic objectives.

Deputise for the Head of Cyber Security and Technology Risk for certain pre-agreed tasks and activities.

Experience leading a Cyber Security Assurance function or similar, such as Cyber Security Integration function, Cyber Security Engineering function with some experience of assurance testing techniques and methodologies.

Understanding risk, resource availability and business objectives at a group level is necessary.

An understanding of compliance and regulatory frameworks such as National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and ISA/IEC 62443, ISO/IEC 27001/27002, GDPR.Working knowledge of security technologies including SIEM, SOAR, EDR, AV, IDS/IPS, NAC, AD, DLP, Web Filtering, Email Filtering, Behavioural Analytics.

Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, related field or equivalent training and/or experience.

Professional Information Security certification by a recognised professional body such as Certified in Information Security Management (CISM), Certified Information Systems Security Professional (CISSP), certified Ethical Hacker (CEH), Global Information Assurance Certification (GIAC), or CompTIA Advanced Security Practitioner (CASP+).

InfoSec People values diversity, equity, and inclusion (DE&I).