An exciting opportunity has arisen to join our Information Technology Department
We are looking for an individual with a passion for IT Security to drive the Security strategy and implementation across the business. The ideal candidate must have hands-on experience with common security tools, processes and security frameworks. The individual must be self-motivated and driven to help improve all aspects of security across the business. They will evaluate and provide recommendations for technology and help the technical teams with effective deployment and monitoring.
The Information Security Manager will be responsible for driving security best practices across the CSL Group. They will manage our Information Security Management System (ISMS) and lead the effort to achieve compliance with the relevant standards (i.e. ISO27001, Cyber Essentials Plus). They will help to implement security controls, operating procedures/policies, and oversee the security of both our hosted server environment and our own internal IT infrastructure. This will include ensuring the technical teams are operating with a ‘security first’ mindset and providing them with the necessary support and training. The individual will work with our development teams to institute secure development practices through tooling and training programmes.
Duties & Responsibilities:
This role will encompass a range of responsibilities including but not limited to:
Championing best practice security across the CSL business.
Driving security activities within the Infrastructure team, both challenging and supporting for the team to improve.
Ensure the confidentiality, integrity and accessibility of our Customer supporting and Internal IT Infrastructure & Systems in line with business requirements and best practice
Compliance – work toward compliance with ISO 27001, Cyber Essentials Plus and SOC2 standards
Provide remediation of security vulnerabilities highlighted in audits, working with other teams as required.
Respond rapidly and effectively to IT security incidents, managing them in a professional manner including computer forensics for evidence gathering and preservation.
Audit – ensure that adequate event logs are generated, retained and reviewed periodically to identify anomalous activities.
Engage in presales activities, supporting the sales team (e.g. completing Customer security questionnaires).
Project Delivery - implement security-related projects to agreed timescales, minimising risk and downtime to Customer and internal systems
Change Management - assess the risk associated with change and implement this in a way that ensures minimal / zero downtime or in any way impacts negatively on the Customers service.
Keep up to date with developments in security trends, threats and control measures – both technical and procedural.
Provide security related guidance and assistance to other teams including Development, Infrastructure and Project Delivery.
Use of tools to identify Vulnerabilities within hosted systems and manage testing and remediation.
Key Skills & Qualifications Required:
ISO 27001, SOC2 & Cyber Essentials Plus certification experience
Experience securing an Azure-hosted environment would be highly advantageous.
Microsoft Windows Server – 2008, 2012, 2016, 2019 and associated technologies – DNS, DHCP, DFS, WDS, WSUS, File Shares & NTFS permissions
Active Directory including Group Policy & Domain Trusts.
Office 365 - Security & administration of all components including Sharepoint & MS Teams
System Monitoring – Log and Event Management and SIEM solution.
Network Security – Firewalls (Cisco), VPNs, Secure WiFi including config review and auditing.
Encryption fundamentals including HTTPS, SSL, AES-256, PGP
Installing, monitoring and managing AntiVirus & Web Security products
Secure system maintenance including requirements for patching & backups
Implementing Multi-Factor Authentication
Single Sign On – ADFS & SAML.
Desirable – MCSA Windows Server or equivalent
Desirable – CCNA/P or equivalent networking or security qualification
Desirable – CISSP or similar / Azure certification
If you have the above skills please apply now with an indication of your salary expectations for the role. With regret, due to the high volume of applications we are currently receiving, only successful candidates will be contacted.
CSL operates as an equal opportunities employer and we welcome all applications regardless of gender, race, disability, sexual orientation, religion or belief, age, gender reassignment, marital or civil partnership status, pregnancy or maternity.