Information Assurance Security Manager ( IASM)

Location: Gloucester - on site 5 days per week

Security Clearances: UK National eligible for security clearance

At DXC Technology, delivering excellence for our customers and colleagues is more than just a motto; it’s something we strive towards constantly through our work. Every day we deliver mission‑critical services in a secure environment whilst promoting our people‑first agenda, a real sense of community and a healthy work‑life balance.

The role involves working within multiple teams and being innovative and analytical with a good eye for detail. Your role will include implementing standards, policies, and procedures for continual service improvement. We are looking for someone who has all‑round skills in information security risk management.

• Working closely with service delivery teams, monitor compliance of existing services with defined security controls, identifying non‑compliances, determining the preferred route to remediation, and monitoring and reporting on the progress of associated actions.
• Advise risk owners as to the severity of the risks associated with any such non‑compliances, and where necessary discussing potential mitigation strategies (and their impacts) to enable them to make informed risk management decisions.
• Monitor implementation and ongoing maintenance of agreed risk management BAU activities (e.g. patching).
• Maintain the risk assessment and related artefacts such as the risk register and security‑specific documentation such as Security Operating Procedures through‑life.
• Assess the security impact of changes to the service, reflecting agreed changes in security documentation.
• Create and deliver regular reports regarding the security posture of the service being delivered.
• Assist the Account Security Lead with creating and maintaining security‑related processes, policies and guidance.
• Proactively identify areas for improvement in security across the account, both to improve security, and make good security easier.

• Several proven years experience in a similar or related role with desirable additional qualifications to include CISM or CISSP / IISP or other professional body membership.
• Experience of working to HMG (e.g. NCSC guidance, DSIT Secure by Design, GovS 007) best practices.
• Desire to improve processes, looking for the root cause of a problem.
• Willingness to both share your knowledge and learn from others.
• A proactive approach towards looking for risks and problems, and solving them.
• A strong team working ethic, with a "customer first" focus and a thirst for knowledge.

• A good knowledge and understanding of information and cyber security risk management.
• Knowledge of threat modelling utilising STRIDE or Attack Trees.
• Knowledge of the NIST Cyber Security Framework.
• Knowledge of various technology stacks including Cloud (AWS, MS Azure), M365, VMWare, Redhat Openshift or other container orchestration platforms, Windows and Linux operating systems.
• Knowledge of industry security guidance provided by the likes of OWASP and CIS.
• Aware of security champions programmes.

• Competitive compensation.
• Pension scheme.
• DXC Select - Our comprehensive benefits package (includes private health/medical insurance, childcare vouchers, gym membership and more).
• Perks at Work (discounts on technology, groceries, travel and more).
• DXC incentives (recognition tools, employee lunches, regular social events etc).

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritises in‑person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf.