At a Glance
- Tasks: Lead cyber security efforts to protect sensitive data and ensure compliance with regulations.
- Company: Join IBCA, a compassionate organisation dedicated to supporting the blood community.
- Benefits: Competitive salary, flexible working hours, and opportunities for professional growth.
- Other info: Collaborative environment focused on integrity and transparency.
- Why this job: Make a real difference by safeguarding privacy and trust in a vital sector.
- Qualifications: Experience in secure development, incident response, and managing security tools.
The predicted salary is between 48000 - 72000 € per year.
As the Cyber Security Lead at IBCA, you will play a vital role in upholding our commitment to the infected, affected, and deceased blood community. We are an organisation built on the principles of integrity, compassion, and transparency, and your work is the foundation that keeps our services secure and reliable. You are not just protecting a network; you are safeguarding the privacy and trust of individuals who have waited decades for recognition and support.
Responsibilities
- Technical Design & Secure Engineering: Act as the primary security design authority for the compensation services architecture. Collaborate with Solution Architects and Developers to implement Secure by Design principles at the code and infrastructure level, ensuring robust identity management (e.g., MFA, RBAC), data encryption at rest and in transit, and secure API integrations across the digital service.
- Security Automation and Tooling: Lead the integration of security into the Software Development Lifecycle (SDLC) by implementing and overseeing DevSecOps practices. This includes managing automated security testing tools—such as Static and Dynamic Application Security Testing (SAST/DAST) and Software Composition Analysis (SCA)—to identify and remediate code vulnerabilities and insecure dependencies in real-time.
- Compliance and Regulatory Oversight: Ensure that all security practices, policies, and systems are fully compliant with relevant regulations, including the Data Protection Act, GDPR, and UK government security standards such as CAF and Secure by Design.
- Cybersecurity Management: Oversee the security of the IT systems and infrastructure used to manage compensation claims, ensuring the implementation of best practices in cybersecurity. Work with IT teams to safeguard against data breaches, hacking attempts, and insider threats.
- Incident Response: In the event of a security breach or data incident, lead the response efforts, including investigating the breach, implementing remedial actions, and liaising with the Information Commissioner’s Office (ICO) and other regulatory bodies.
Person specification
- Solid understanding of secure development frameworks (such as the OWASP Top 10 or SANS Top 25) and the ability to apply them within a cloud-native environment.
- Experience reviewing system architectures and code to ensure the implementation of technical controls like Zero Trust principles, robust API security, and secure identity/access management (IAM).
- Practical experience in implementing and managing automated security tools within a CI/CD pipeline.
- Proven experience of conducting security assurance activities, including providing security assurance for suppliers, ensuring compliance with relevant security regulations and standards, and implementing comprehensive security policies and procedures to align with UK government standards and best practice.
- Ability to support the development and delivery of security awareness training programs and experience of promoting a security first culture in the workplace.
- Proven ability and experience of building and managing effective stakeholder relationships to shape the outcomes of a project.
- Influential, and able to communicate in a straightforward, honest, and engaging manner.
- Demonstrated experience in managing security projects within a sensitive data environment, ideally within a public sector or government agency.
- Ability to identify, assess, and manage security and compliance risks.
- Knowledge of audit processes, security certifications, and risk management strategies.
- Familiarity with cybersecurity confidentiality, integrity and availability principles, and protection of IT systems used for sensitive data storage and processing.
- Ability to respond quickly to challenges and security incidents, providing practical solutions and guidance to teams and senior management.
- Security Certifications: CompTIA Security+, CC – Certified in Cybersecurity, or other relevant security certifications would be advantageous.
- Incident Response Experience: Experience managing or responding to data breaches or cyber incidents, with a focus on minimizing impact and ensuring regulatory compliance.
Additional information
A minimum 60% of your working time should be spent at your principal workplace. Although requirements to attend other locations for official business will also count towards this level of attendance.
Cyber Security Lead employer: Infected Blood Compensation Authority
At IBCA, we pride ourselves on being an exceptional employer dedicated to making a meaningful impact in the lives of the infected, affected, and deceased blood community. Our work culture is rooted in integrity, compassion, and transparency, fostering an environment where employees are encouraged to grow and develop their skills in cybersecurity. With a strong commitment to employee well-being and professional development, we offer unique opportunities to lead innovative security initiatives while ensuring compliance with vital regulations, all within a supportive and collaborative team atmosphere.
Contact Detail:
Infected Blood Compensation Authority Recruiting Team
StudySmarter Expert Advice🤫
We think this is how you could land Cyber Security Lead
✨Tip Number 1
Network like a pro! Attend industry events, webinars, and meetups to connect with fellow cyber security enthusiasts. You never know who might be looking for someone just like you!
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your projects, certifications, and any relevant experience. This will give potential employers a clear picture of what you bring to the table.
✨Tip Number 3
Don’t shy away from reaching out directly! If you see a role that excites you, drop a message to the hiring manager or recruiter on LinkedIn. A personal touch can make all the difference.
✨Tip Number 4
Apply through our website! It’s the best way to ensure your application gets noticed. Plus, we love seeing candidates who are genuinely interested in joining our mission.
We think you need these skills to ace Cyber Security Lead
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the Cyber Security Lead role. Highlight your experience with secure development frameworks and any relevant certifications. We want to see how your skills align with our mission!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Share your passion for cybersecurity and how it relates to our commitment to the blood community. Let us know why you’re the perfect fit for this role.
Showcase Your Technical Skills:Don’t hold back on showcasing your technical expertise! Mention your experience with automated security tools, compliance regulations, and incident response. We love seeing candidates who can hit the ground running.
Apply Through Our Website:We encourage you to apply through our website for a smoother application process. It helps us keep track of your application and ensures you don’t miss out on any important updates from us!
How to prepare for a job interview at Infected Blood Compensation Authority
✨Know Your Stuff
Make sure you brush up on secure development frameworks like OWASP Top 10 and SANS Top 25. Be ready to discuss how you've applied these principles in a cloud-native environment, especially when it comes to identity management and API security.
✨Showcase Your Automation Skills
Be prepared to talk about your experience with DevSecOps practices and automated security tools. Highlight specific instances where you've integrated security testing into the CI/CD pipeline and how you’ve tackled vulnerabilities using SAST/DAST tools.
✨Compliance is Key
Familiarise yourself with relevant regulations like GDPR and the Data Protection Act. During the interview, demonstrate your understanding of compliance and how you've ensured that security practices align with these standards in previous roles.
✨Communicate Effectively
Since this role involves managing stakeholder relationships, practice articulating your thoughts clearly and engagingly. Think of examples where you've successfully communicated complex security concepts to non-technical audiences, ensuring everyone understands the importance of cybersecurity.
