Senior IT Security Manager – CISSP / ISO 27001 / PCI-DSS
My Edinburgh based client are looking for a Senior IT Security Manager to join their team. As Senior IT Security Manager, you will be responsible for managing the IT Security tools, processes and implementing the required security controls to protect customers, assets, systems and organisational data against threats.
Knowledge of ISO 27001, PCI-DSS, CISSP COBIT, Privileged Access Management (CyberArk) and Firewall Rules / Firewall Assurance (SkyBox) highly desirable for this role
• Drafting and maintaining procedures and documentation for IT Security.
• Monitoring the application and compliance of security operations procedures and reviewing information systems for actual or potential breaches in security.
• Ensuring that all identified breaches are promptly and thoroughly investigated, updating process documentation where required.
• Lead coaching and managing a team of Security Analysts and Specialists.
• Ensuring that any system changes required to maintain security are implemented.
• Ensuring that security records are accurate and complete.
• Reporting on identified vulnerabilities, articulating the associated risks.
• Managing IT Security 3rd party Suppliers, ensuring they perform to the required SLAs and selecting appropriate suppliers through a rigorous review process to deliver quality security services and solutions
• Providing assurance for projects prior to implementation to ensure all security requirements, including security testing,
Required skills/ experience:
• Previous experience in an operations technical management position and an interest in the Security field or previous experience in IT Security management positions.
• Thorough knowledge of IT Security tools and processes, CISSP certification.
• Industry knowledge of IT risks and solutions.
• Working knowledge of IT Security tools such as SIEM, WAF, IDS.
• Experience in providing effective MI and reporting IT Security issues in an understandable manner to senior management.
• Ability to lead or take responsibility for task(s) as part of project or functional activities.
• Management of operational IT Security systems.
• 3rd party engagement and supplier management.
• Incident management and leading incidents.
• Strong communication and stakeholder management skills.
• Previous line management experience.
• ISO 27001, PCI-DSS, CISSP COBIT, Privileged Access Management (CyberArk) and Firewall Rules / Firewall Assurance (SkyBox)