Senior Security & Business Engagement Manager
On site
Reading, United Kingdom
Full Time
31-10-2024
Job Specifications
MBNL (Mobile Broadband Network Ltd) is owned equally by EE and Three, two of the UK's most recognisable and innovative mobile operators. They are our shareholders, but to us they are also our customers. Our mission is to create maximum value for our Shareholders, by delivering and managing their best network experiences at the lowest cost.
Context:
The IT, Data and Cyber Security function is a critical enabler for the MBNL business. Acting as a centre of excellence providing services to the business, the function is accountable for translating the business strategy into solutions to improve service, efficiency, and overall business performance.
Reporting to the Head of Information Security, the Senior Security and Business Engagement Manager is a critical role in planning, tracking, and communicating the effectiveness of the security remediations, operations and risk management and aligning the security function to the business.
What you can expect to be doing:
Take accountability for identifying, managing and co-ordinating the Information Security team demand, activities and business engagement. Ensuring the security team proactively manage the security business outcomes.
Proactively manage and successfully orchestrate large, complex security activities, solutions and remediations, to achieve agreed business outcomes and performance targets.
Establish and maintain the alignment of the security function to MBNL and shareholder security requirements, maximising the delivery of benefit to the shareholders and MBNL stakeholders
Engage with the business to understand and manage demand into the security team
Understand the key business activities in the wider organisation and ensure security requirements are built into these programmes
Manage dependencies between the business and the security functions
Manage budget and resource of the security team
Define and manage the operating rhythm of the security team, the security team activities, and actions and risks arising from these activities
To manage budget demand and ensure funding is secured for the security activities
Ensure governance and reporting are managed and of good quality
Promote the awareness and training delivery into the business
What we are looking for:
Understanding and experience of key Information Security frameworks and industry standards/regulations (CSF 2, CAF, ISO27001, TSA)
Significant and extensive experience of initiating, directing and managing the delivery of large scale, complex security projects and portfolios.
Significant experience of supervising and managing teams of retained resource and key partners to deliver large and highly complex projects and portfolios to agreed time, cost and quality.
Extensive experience of formal Project/Programme Management in a technology industry (mobile telecommunications desirable but not essential, other industries experience will also be recognised).
Experience working in telco or related environment such as, SCADA and ICS or similar background also applicable
Experience delivering security solutions and services such as SIEM, IDS, SOC, IAM, PAM, TVM.
A proven track record of bringing industry best practice into an organisation and using this to drive continuous improvement.
Experience of managing remotely located, cross-functional teams.
Nice to have
Demonstrable experience of process development and optimisation
Project People is acting as an Employment Agency in relation to this vacancy.
About the Company
Project People provides complete talent acquisition and management solutions at a global level whilst maintaining a flexible and localised approach. Founded in 1995 as a specialist information technology and telecommunications recruitment company, we have evolved into a leading provider of global recruitment service programmes. We work in partnership with 200 of the world's most respected organisations including Fujitsu, Ericsson, Huawei, Three, GSMA, Nokia and many others. Our key aim is to help businesses meet growth tar... Know more
Related Jobs
- Company Name
- Scope AT Limited
- Job Title
- Security Analyst - Monitoring, Incident response, Scripting, Troubleshooting, SIEM
- Job Description
- Responsible for supporting Security Operations - Monitoring, incident response and various security platforms. Key requirements: - 5+ experience in Security role - Strong communication skills as you will be speaking to users directly - Possesses at least one security certification (Security+, OSCP, CISSP, CEH, GCIA, GCIH). - Scripting in Python or Powershell - CrowdStrike& Defender - Troubleshooting - Vulnerability Scan - Worked within Financial Services - Technical understanding of what a Firewall does, how to determine common phishing types (malware, credential phishing, BEC) - Understand the concept of SIEM and have used if possible Permanent, Fully onsite By applying to this job you are sending us your CV, which may contain personal information. Please refer to our Privacy Notice to understand how we process this information - scopeat.co.uk/data-protection-docs/. In short, in order to supply you with work finding services, we will hold and process your personal data, and only with your express permission we will share this personal data with a client (or a third party working on behalf of the client) by email or by upload to the Client/third parties vendor management system. By giving us permission to send your CV to a client, this constitutes permission to share the personal data that would be necessary to consider your application, interview you (Phone/video/face to face) and if successful hire you. Scope AT acts as an employment agency for Permanent Recruitment and an employment business for the supply of temporary workers. By applying for this job you accept the Terms and Conditions, Data Protection Policy, Privacy Notice and Disclaimers which can be found at our website scopeat.co.uk .
- Company Name
- EMEA resourcing
- Job Title
- Security Analyst
- Job Description
- Security Analyst Skills: One or more (NOT ALL OF THEM ONLY ONE) of the following certifications (CompTIA Security+ CompTIA Cybersecurity Analyst (CySA), GIAC Information Security Fundamentals. Microsoft Certified Systems Administrator: Security (Qualified or working towards certification) Associate of (ISC)2 Extensive experience with Infrastructure Administration. Experience with Build/configuration guidelines for Hardening of Systems. Working technical knowledge of Operational Security Procedures. Strong understanding of IP, TCP/IP, and other network administration protocols. Experience with of IPSec, SSL technologies. Familiarity with ISO 27001 Cyber Security Essentials, Gov functional standards 005,007. Familiar with working practice and guidelines of NCSC, CAF, GovAssure, for good principles in information security. Main Aims: Uphold the Company Corporate Technology security standards as established in policies, procedures, and guidelines, while continuously analysing and acting upon findings to reduce cybersecurity risks to the Company. Manage day-to-day operations of the in-place security solutions. Identify, investigate and swiftly remediate security breaches detected by those systems, and security incidents reported to the IT service desk. Implement new security solutions, participating in the creation and or maintenance of policies, standards, baselines, guidelines, and procedures as well as conducting vulnerability audits and assessments. Use a blend of structured and flexible best practices for providing excellent technology services that meets users' needs, including the ITIL framework, working collaboratively with our teams from across the T&DT department. Key Responsibilities: Strategy & Planning: Participate in the planning and design of Company Corporate Technology security architecture, under the direction of the Corporate Technology Head of Infrastructure & Security, where appropriate. Participate in the creation of Company Corporate Technology security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the Corporate Technology Head of Infrastructure & Security, where appropriate. Participate in the planning and design of Corporate Technology business continuity plan and disaster recovery plan, under the direction of the Corporate Technology Head of Infrastructure & Security, where appropriate. Acquisition & Deployment: Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors. Recommend additional security solutions or enhancements to existing security solutions to improve overall Company Corporate Technology security. Perform the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures. Operational Management Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (ie, security tools) or not (eg, workstations, Servers, network devices). Deploy, manage, and maintain all security systems and their corresponding or associated software, including Firewalls, intrusion detection systems, malware/anti-virus software, and so on. Maintain operational configurations of all in-place security solutions as per the established baselines. Monitor all in-place security solutions for efficient and appropriate operations. Review logs and reports of all in-place devices, whether they be under direct control (ie, security tools) or not (eg, workstations, Servers, network devices). Interpret the implications of that activity and devise plans for appropriate resolution. Participate in investigations into problematic activity. Participate in vulnerability assessments, penetration tests, and security audits, and undertake remediation tasks as directed by Corporate Technology Head of Infrastructure & Security. Provide support via the IT Service Desk to end users for all in-place security solutions. Provide Training to the Corporate Technology Team on Company Corporate Technology Security Solutions. Provide Security Build guidelines for Endpoints, Servers, and Network Devices to ensure only applicable services are configured. Work close with Corporate Technology teams to ensure security and Vendor security guidelines are adhered to. Skills & Approach Proven analytical and problem-solving abilities, with the ability to effectively prioritise and execute tasks in a high-pressure environment. Good communication skills, written and oral, with the ability to present ideas in business-friendly and user-friendly language. Ability to conduct research into IT security issues and products as required. Highly self-motivated and directed with keen attention to detail. Team-oriented and skilled in working within a collaborative environment. The aptitude to carry out all activities supporting and championing our culture drivers. Good organisational skills with the ability to prioritise and to manage and meet deadlines. A commitment to continual professional development. Working Conditions: 2/3 days on site City London, 2/3days remote (per week) Working for a well established organization Flexible start date (ie immediate to 3 months notice) (If this position do not fit within your experience or is of no interest to you we offer a recommendation fee for any consultant you refer we successfully make a placement with).
- Company Name
- Scope AT Limited
- Job Title
- Junior Security Analyst - Operations, incident response, OSCP, CISSP, CEH, Scripting, SIEM, Win
- Job Description
- Hedge Fund- Junior Security Analyst - Operations, incident response, OSCP, CISSP, CEH, GCIA, GCIH, Scripting, SIEM, Windows Ability to articulate and communicate well A few years cyber Soc role experience or strong cyber security or computing degree or SANs certs Interest in cyber, how are they staying up to date, bleepingcomputer, hackernews, podcast? Technical understanding of what a Firewall does, how to determine common phishing types (malware, credential phishing, BEC) Understand malware alerts and the concept of an EDR tool Understand the concept of SIEM and have used if possible. Candidate should also have the following : Possesses at least one security certification (Security+, OSCP, CISSP, CEH, GCIA, GCIH). Scripting in Python or Powershell CrowdStrike& Defender - Troubleshooting Tickets are triage - providing a negative SIEM Vulnerability Scan Financial Services Hedge Fund - Permanent Role - Central London based office By applying to this job you are sending us your CV, which may contain personal information. Please refer to our Privacy Notice to understand how we process this information. In short, in order to supply you with work finding services, we will hold and process your personal data, and only with your express permission we will share this personal data with a client (or a third party working on behalf of the client) by email or by upload to the Client/third parties vendor management system. By giving us permission to send your CV to a client, this constitutes permission to share the personal data that would be necessary to consider your application, interview you (Phone/video/face to face) and if successful hire you. Scope AT acts as an employment agency for Permanent Recruitment and an employment business for the supply of temporary workers. By applying for this job you accept the Terms and Conditions, Data Protection Policy, Privacy Notice and Disclaimers which can be found at our website.
- Company Name
- Lawrence Harvey
- Job Title
- Junior Security Architect Consultant
- Job Description
- *Unfortunately no visa sponsorship will be provided for this role. *The role can be 90% remote (with some events and meetings in London throughout the year). Your new company This company is a well-established cybersecurity company that offers software solutions as well as services (pen-testing). They deliver offensive-driven cyber security to defend organisations, society and people from real-world attacks and build resilience into their approach. Their teams are diverse, talented, and passionate, and working tirelessly to help advance the industry with new ways of thinking. Your new role You will be integrated with one of the company's strategic clients, which is a large organisation in the financial services industry (for 12 months). At the end of the 12 month period, you will transition into a broader Security Consultant role. You will be working as part of a client's security team and offering offensive security-minded thoughts and inputs on key design decisions. You will be responsible for finding impactful vulnerabilities and explaining to the client how to fix them. You will be responsible for quickly understanding industry-standard and client-specific design patterns - such as using common libraries, known-secure configurations, etc. Where no such standards exist, you will be involved in helping create them - defining what good looks like. What you need to succeed You will need experience in design reviews, threat modelling and risk modelling. You will need to have hands-on experience and strong technical fundamentals, including networking, infrastructure & applications - both on-premise and in the cloud (including SaaS). Experience with major cloud providers (preferably AWS) and SDLC toolsets is essential. Ideally, you will have some hands-on technical pen-testing experience as well. What you'll get in return The opportunity to work for an established company. Diverse and vibrant environment - you will be surrounded by peers who share your passion for cybersecurity. You will have an 80% utilisation target, meaning that 20% of your time will be spent on some of the following: Training (receiving, as well as delivering); Research; Service Development; and Internal Security Assessments. Base salary depending on your experience + private medical insurance + pension contribution + 25 days annual leaves. Lawrence Harvey is acting as an Employment Business in regards to this position.