Job Description
Venesky-Brown’s client, a public sector organisation in Edinburgh, is currently looking to recruit an Information & Cyber Security Manager for an initial 6 month contract with option to extend on a rate of £600/day (Inside of IR35). This is a hybrid role with occasional working from the office, a minimum of 2 days per week.
Responsibilities:
- Provide Information/Cyber Security guidance, expertise and representation at project/change meetings
- Work closely with the Department Head to:
- Support development of plan, and establishment of, dedicated IT Service & Security governance/review meetings with the client’s IT Supplier base (Security Focus)
- Research and document the respective splits of security responsibilities (in relation to IT Security, Information Security and Cyber Security)
- Perform gap analysis of Information/Cyber Security industry best practice versus activity currently performed by the client (or as delegated and overseen through effective supplier oversight/governance)
- Support ongoing creation and regular upkeep of Information/Cyber Security Risk and Control Register
- Support review/revision of the client’s Cyber Incident Response Plan
- Support creation of Target Information Security/Cyber Security Operating Model and Resource Profile/Structure
- Support delivery of actions required to support closure of open Information/Cyber Security related risk and audit actions
- Ensure that Business Transformation has a robust Business Continuity plan, fully aligned with the Estates Team’s expected pro-forma/standards
Essential Skills:
- Relevant Information/Cyber Security qualification(s) e.g. CISM, CISSP, ISSMP etc.
- Involvement with the establishment and/or ongoing oversight of Information/Cyber Security Supplier Management
- Familiarity with best practise Information/Cyber Security Incident Response Plans and Playbooks
- Involvement in the establishment/maturity of Information/Cyber Security processes of medium sized (or large) enterprises
- Involvement in setting and/or refining Information/Cyber Security Strategy and Operating Models
- Aware of IT Risk and Control management fundamentals
- Experience of production of quality, accurate Security related MI reporting
- Experienced in providing Security related input/representation/task ownership and delivery for Projects and Programmes
- Active involvement with Information/Cyber Security enterprise wide maturity assessments
- Awareness of Business Continuity planning
- A confident and clear communicator with high quality verbal and written communication skills
- Calm and courteous demeanour when faced with difficult/challenging circumstances
- Able to plan and deliver assigned responsibilities to quality and time without close ongoing support/supervision
- Able to thrive in situations where information is only partially available and requires to be gathered by discussion with other stakeholders
- Inquisitive, self-motivated, resilient and results-driven
Desirable Skills:
- Advanced knowledge and experience of Supplier Management and Governance from an Information/Cyber Security perspective
- Significant, broad experience of Information Security/Cyber Security Management within a highly regulated complex corporate environment e.g. UK Financial Services
- Able to take a high-level briefing from Department Head level and then successfully develop plan/deliver to agreed dates with little day-to-day coaching, guidance and supervision
- Practical exposure and active use of Information Security/Cyber Security risk assessment methodologies
- Prior experience in establishing/shaping/refining an organisation’s Information/Cyber Security Operating Model
- Able to collaborate effectively with senior level non-technical stakeholders and communicate persuasively
- Advanced planning, prioritisation and stakeholder management skills
- Experience leading Information/Cyber Security enterprise wide maturity assessments
- Advanced written and verbal communication skills
If you would like to hear more about this opportunity please get in touch.