IT Security Manager .
To deliver the best employment screening service, whatever it takes.
Vero is a leading employment screening provider that blends state-of-the-art technology with ease of service. This combination enables them to give clients and candidates a positive experience as they work to minimise risk, manage data protection and ensure compliance. Technology is essential to Vero’s positioning in the marketplace. This means they rely on their IT team to maintain and develop their systems and technology, ensuring they continue to win new business and adapt to our clients’ changing needs.
Position: IT & Information Security Manager
Job Type: Full Time, Permanent
Hours: 37.5 hours per week
About the role:
They are looking for an experienced, motivated IT Security Manager to play a critical role in the design, maintenance and administration of their IT infrastructure. They are looking for a candidate with a background in Network Administration plus experience in an Information Security role, this role will be a split between general information security such as managing their ISO27001 certification and client audits plus the maintenance and architecture of their network and cloud environment.
- Manage and own the Information Security Management System (ISMS)
- Design, develop, publish and review information security policies, standards and procedures that follow and adhere to ISO 27001 standards
- Oversea the ISO 27001 internal and external audit process
- Proactively implements, updates, maintains, manages, monitors, and supports network and systems security operations infrastructure throughout the Vero environment
- Carry out information security reviews, conduct risk assessments and perform compliance audits on all 3rd party suppliers
- Identify and analyse Vero’s information security risks, taking into account emerging threats, vulnerabilities and their impacts
- Advise the Data Protection officer on confidential and sensitive information issues and non-compliance and support adoption of new privacy legislation
- Provide internal consultancy to IT and business stakeholders across the organisation and chair internal information security meetings
- Design and implement security awareness programmes and ensure that all security documents and procedures are updated and lead training for end users. Performing induction training on security topics for new employees
- Act as the authoritative escalation point for significant information security issues from across the organisation and perform appropriate security incident response and reporting activities, tracking all actions raised to ensure adoption of improved risk mitigation
- Maintain knowledge of information security practices and technologies and related regulatory issues
- Overseeing incident response planning as well as the investigating security breaches, and assisting with disciplinary and legal matters associated with such breaches
- Support data protection and data privacy compliance
- Own and manage all client security questionnaires and audits
- Plan and manage business continuity and disaster recovery including ongoing testing
- Experience of risk assessment and audit processes and techniques within information security
- Experience in Internet, network and application security, as well as authentication, identity management and penetration testing technologies
- Broad understanding of advanced security protocols and standards
- Experience with software and security architectures and an understanding of the principles of secure network design
- Understanding of anti-virus software, Firewalls and similar products
- Use of SIEM tools (e.g. Tenable)
- Use of network monitoring tool such as PRTG
- Vulnerability assessment tools such as Nessus, Qualys
- Use of Intrusion Detection / Prevention Tools
- Windows Server / Active Directory
You may have experience of the following: Security Operations Centre Manager, ISO270001, ITIL, Cyber Security, IT Security Manager, Computer Forensics, Vulnerability Analysis, Threat Detection, Penetration Testing, Risk Analysis, Cyber Security Analyst, etc.
This vacancy is being advertised by EasyWeb Recruitment, the UK’s leading Online Recruitment Agency. The services advertised by EasyWeb Recruitment are those of an employment agency. No terminology in this advert is intended to discriminate on the grounds of gender, race, disability, age, sexual orientation, religion, or belief, and we confirm that we will gladly accept all applications.