This website stores cookies on your computer. These cookies are used to improve our website and provide more personalised services to you, both on this website and through other media. To find out more about the cookies we use, and information on how to block or delete cookies, please see our Privacy Policy. If you continue to use this site, you are consenting to our use of cookies.

Choose Language:

Information Security Manager

An exciting opportunity has arisen to join our Information Technology Department

The Person:

We are looking for an individual with a passion for IT Security to drive the Security strategy and implementation across the business. The ideal candidate must have hands-on experience with common security tools, processes and security frameworks. The individual must be self-motivated and driven to help improve all aspects of security across the business. They will evaluate and provide recommendations for technology and help the technical teams with effective deployment and monitoring.

 The Role:

The Information Security Manager will be responsible for driving security best practices across the CSL Group. They will manage our Information Security Management System (ISMS) and lead the effort to achieve compliance with the relevant standards (i.e. ISO27001, Cyber Essentials Plus). They will help to implement security controls, operating procedures/policies, and oversee the security of both our hosted server environment and our own internal IT infrastructure. This will include ensuring the technical teams are operating with a ‘security first’ mindset and providing them with the necessary support and training. The individual will work with our development teams to institute secure development practices through tooling and training programmes.

 Duties & Responsibilities:

This role will encompass a range of responsibilities including but not limited to:

  • Championing best practice security across the CSL business.

  • Driving security activities within the Infrastructure team, both challenging and supporting for the team to improve.

  • Ensure the confidentiality, integrity and accessibility of our Customer supporting and Internal IT Infrastructure & Systems in line with business requirements and best practice

  • Compliance – work toward compliance with ISO 27001, Cyber Essentials Plus and SOC2 standards

  • Provide remediation of security vulnerabilities highlighted in audits, working with other teams as required.

  • Respond rapidly and effectively to IT security incidents, managing them in a professional manner including computer forensics for evidence gathering and preservation.

  • Audit – ensure that adequate event logs are generated, retained and reviewed periodically to identify anomalous activities.

  • Engage in presales activities, supporting the sales team (e.g. completing Customer security questionnaires).

  • Project Delivery - implement security-related projects to agreed timescales, minimising risk and downtime to Customer and internal systems

  • Change Management - assess the risk associated with change and implement this in a way that ensures minimal / zero downtime or in any way impacts negatively on the Customers service.

  • Keep up to date with developments in security trends, threats and control measures – both technical and procedural.

  • Provide security related guidance and assistance to other teams including Development, Infrastructure and Project Delivery.

  • Use of tools to identify Vulnerabilities within hosted systems and manage testing and remediation.

 Key Skills & Qualifications Required:

  • ISO 27001, SOC2 & Cyber Essentials Plus certification experience

  • Experience securing an Azure-hosted environment would be highly advantageous.

  • Microsoft Windows Server – 2008, 2012, 2016, 2019 and associated technologies – DNS, DHCP, DFS, WDS, WSUS, File Shares & NTFS permissions

  • Active Directory including Group Policy & Domain Trusts.

  • Office 365 - Security & administration of all components including Sharepoint & MS Teams

  • System Monitoring – Log and Event Management and SIEM solution.

  • Network Security – Firewalls (Cisco), VPNs, Secure WiFi including config review and auditing.

  • Encryption fundamentals including HTTPS, SSL, AES-256, PGP

  • Installing, monitoring and managing AntiVirus & Web Security products

  • Secure system maintenance including requirements for patching & backups

  • Implementing Multi-Factor Authentication

  • Single Sign On – ADFS & SAML.

  • Desirable – MCSA Windows Server or equivalent

  • Desirable – CCNA/P or equivalent networking or security qualification

  • Desirable – CISSP or similar / Azure certification

 If you have the above skills please apply now with an indication of your salary expectations for the role. With regret, due to the high volume of applications we are currently receiving, only successful candidates will be contacted.

 CSL operates as an equal opportunities employer and we welcome all applications regardless of gender, race, disability, sexual orientation, religion or belief, age, gender reassignment, marital or civil partnership status, pregnancy or maternity.