en

Services

The UK's leading employers trust us to deliver fast, efficient talent solutions that are tailored to their exact requirements. Browse our range of bespoke services and resources.

Read more
Jobs

Let our industry specialists listen to your aspirations and present your story to the most esteemed organisations in the UK, as we collaborate to write the next chapter of your successful career.

See all jobs
Services

The UK's leading employers trust us to deliver fast, efficient talent solutions that are tailored to their exact requirements. Browse our range of bespoke services and resources.

Read more
About Robert Walters UK

Since our establishment in 1985, our belief remains the same: Building strong relationships with people is vital in a successful partnership.

Learn more

Work for us

Our people are the difference. Hear stories from our people to learn more about a career at Robert Walters UK

Learn more

Cyber Security Manager

Save job

My client, a national savings provider, are looking for a Cyber Securiy Manager to join their growing team. This role is based in London (you have to be in their offices near Cannon Street up to 3 times per week). They also have a benefit where you can take one day off every fortnight (assuming you work up to 8 hours per day the previous 9). This equates to an extra 24 days off in the year (on top of the 24 days holiday allowance you get). The interview process is just 1 round.

About the Cyber Security Manager role:

The Cyber Security Manager position is a critical role for my client. The role supports the Senior Cyber Security Manager in providing assurance that their service providers are operating effective cyber security control environments.

Cyber Security Risk Management:

  • Document a comprehensive view of the cyber security threat profile of the service provider environment for which you assure
  • Support the Head of Cyber Security and Senior Cyber Security Manager in raising the profile of cyber security across the enterprise, making sure that service providers are investing in cyber defences; failure to do so increases the cyber security risk exposure of NS&I
  • Proactively identify and manage risks associated with cyber security and information activities throughout the service providers environment and their wider supply chain
  • Oversee and assure the risk assessments and vulnerability management processes within the service providers environment to identify, evaluate, and mitigate cyber security risks
  • Oversee and assure the implementation of controls and safeguards within the service providers environment to protect the NS&I’s information assets from threats
  • Follow the pre-defined assurance plan set by the Senior Cyber Security Manager to sample test the control environment operated by service providers by reviewing evidence of the controls operated
  • Escalate any identified issues from testing which could increase my client's risk profile through governance reporting
  • Interpret and review objective evidence in line with strategy, policy, standards, procedures and guidelines to provide opinion on compliance and risk profile.
  • Provide challenge to the service provider where evidence validates failures in the control environment

Governance:

  • Support the Senior Cyber Security Manager by attending security working groups with service providers to oversee and assure evidence to determine the effectiveness of the control environments operated
  • Monitor the performance of your service provider to validate that identified threats, events and incidents are responded to effectively, efficiently and that lessons learned are identified and implemented, driving continuous improvement
  • Assure evidence of compliance from a cyber security perspective with relevant laws, regulations, and industry/Government standards (e.g., GDPR, PCI DSS, NIST CSF/PRISMA)
  • Drive beneficial cyber security change into the business through the review of IT/Security architectures utilising your substantial cyber security knowledge to challenge at the governance forums attended by service providers
  • Assure that your service provider is enforcing security policies and standards to safeguard my client's information assets, systems and data.

Assurance/Oversight:

  • Execute the structured risk-based assurance plan for the service provider, establishing levels of compliance with my client's strategy, policy, standards, procedures, guidelines and the requirements placed on service providers throughout the enterprise. Review objective based evidence to determine and conclude compliance level
  • Interpret and review objective evidence in line with strategy, policy and standards to provide opinion on compliance and risk profile
  • Provide challenge to service providers across the enterprise where evidence validates failures in the control environment.

Essential Experience:

  • Extensive experience of overseeing the performance of service providers and holding them to account for the delivery of critical cyber security services through governance forums
  • Demonstrable success in delivering written and oral presentations on cyber security and management risk to senior internal and external stakeholders
  • Substantial experience of assuring evidence against the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) and ISO27001
  • Proven experience of conducting cyber security risk assessments, developing cyber security risk mitigation plans linked to business objectives, and presenting to a senior management audience
  • Experience in developing cyber security performance metrics linked to business objectives to inform senior management of the performance of the cyber security control environment
  • Significant experience in responding to or managing security incidents/breaches, overseeing patching/vulnerabilities or hardening systems including detection, response, recovery, and post-incident analysis.

Essential Qualifications

  • Certified Information Security Manager (CISM) or Certified Information Systems Practitioner (CISSP)

If this role is for you please apply to this advert or call me on 0207 509 8040 to find out more.

Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates

Contract Type: FULL_TIME

Specialism: Information Technology

Focus: Information Security

Industry: Banking

Salary: £50,000 - £63,000 per annum

Workplace Type: Hybrid

Experience Level: Senior Management

Location: London

Job Reference: AO1X6Z-86DB0B4D

Date posted: 20 January 2025

Consultant: Darius Goodarzi

I'm Robert Walters Are you?

Come join our global team of creative thinkers, problem solvers and game changers. We offer accelerated career progression, a dynamic culture and expert training.