Cyber Security Manager

Please note - this role can be Hybrid or Remote, subject to location.

As the Security Manager, you will be part of an InfoSec team that manage the delivery of security & accreditation to the NEC business and our customers. Interacting with the wider InfoSec team as well as other departments across NEC, the Security Manager will support the InfoSec team to deliver its objectives. Communication and collaboration are paramount to this role, the Security Manager will work with the architecture team, the wider technology teams and the Data Protection Officer to ensure that processes, procedures and policies are created, updated and adhered to as part of keeping us and our customers secure.

The Security Manager will produce the required security assurance documentation that is required for the accreditation of our customers, together with the Security Architects. An accreditation programme of work is in place within NEC which ensures that our accreditations are maintained, the role will contribute to this by supporting the arrangement of security testing, producing remediation plans and driving the remediation of identified vulnerabilities with the wider business support teams to improve the security posture of our environments.

The Security Manager will also provide written contributions to the procurement bids and security questionnaires that are sent to us by our customers, describing the technical and procedural controls that we have in place to protect our network and our customers’ data, and how we meet the required industry standards. The Security Manager will support the wider InfoSec team in responding to security incidents, ensuring that they are closed and actioned in a swift manner and that lessons are learnt via detailed root cause analysis. You will also be expected to issue security advice and guidance to the rest of the business, in line with our policies and procedures. You will support initiatives working with team members to develop content for use within the team and to be published to the wider business.

The successful candidate will report to the Cyber Assurance Manager and join a diverse InfoSec team comprising of Security Analysts, Security Engineers, Security Managers and work closely with our Security Architects and Data Protection Officer. The role is primarily home based with an expectation that travel to NEC offices will be required on an ad-hoc basis.

Responsibilities will include:

• Work within the InfoSec team to support the key activities.
• Provide consistent and qualified responses to tenders and assurance questionnaires from customers.
• Produce and maintain security assurance documentation required for accreditation.
• Ensure compliance with relevant security standards, service management procedures, regulations, and industry best practices.
• Schedule security testing and create remediation plans from the test reports- seeing remediation through to completion.
• Contribute to process documentation and policy review.
• Conduct security assessments and audits on people, process and technology within NEC.
• Assist in security incident management and vulnerability management.

Pre-employment checks required Baseline Standard and Disclosure Scotland (BPSS). On employment the candidate must be able to achieve and maintain NPPV L3+SC clearance.

Qualifications

Demonstrable Experience in an IT role, with a strong understanding of security concepts/fundamentals.

Essential:

• Proven experience working in an IT security role.
• Strong knowledge of cybersecurity frameworks, standards, and regulations.
• A good understanding of an approach to risk management – knowing that context is key.
• Experience in writing comprehensive responses to security questionnaires or bids.
• A strong focus on business outcomes.

Desirable:

• Delivering pragmatic security assurance documentation aligned to varying degrees of risk appetite.
• Exposure to security testing process and reports such as penetration testing.
• Experience working within a shared environment with multiple tenants and requirements.
• Experience in working on solutions or projects that require formal independent accreditations.
• Working knowledge of Cyber Essentials Plus.

Essential attributes:

• Strong and demonstrated team working experience.
• High degree of personal motivation and ability to self-manage.
• Ability to communicate security and technical solutions to non-technical or security resources internally and external to NEC.
• Comfortable with collaboration, open communication and reaching across a range of functions and teams.
• Excellent verbal and written communication skills.

Candidates must be security cleared (or able to gain clearance) to Non-Police Personnel Vetting Level 3 (NPPV)+SC.

Additional Information

We pride ourselves in offering an excellent benefits package, including an above average pension scheme. When you join the team at NEC Software Solutions, you are provided with the following:

• Private Medical Cover funded by NEC for Employees (with the option to add family members at an additional cost).
• 25 days paid holiday with the option to buy/sell.
• 4 x basic salary life assurance cover funded by NEC (with the option to increase cover at an additional cost).
• A Group Pension Plan with fantastic employer contributions up to a maximum of.
• A selection of flexible benefits to suit your individual needs.