Technical Security Manager

Job Title: Technical Security Manager
Reporting to: Director of IT and Security
Contract: Six-month fixed term contract
Hours: Full-time
Salary: £60 - £65k FTE depending on experience
Base: Hybrid, home and minimum two days per week in London office 
Job purpose: To operate our information security management system and maintain Mental Health Innovations’ ISO 27001 certification
Closing Date: 8th November 2024, 5pm

Key Responsibilities 

• Building and maintaining excellent relationships with team leads across the organisation to raise awareness of security and work through issues
• Deputising for the Director in security matters as required
• Operation of the ISMS and Data Protection processes
• Managing risk register, preparing for management review meetings
• Developing/maintaining controls and ensuring they are implemented across the organisation
• Refining our security KPIs and maintaining them
• Proposing actions from KPIs, events and incidents and coordinating resultant work
• Working with the Director to track threats and vulnerabilities, evaluate risk levels and progress treatment plans
• Ensuring secure endpoint and cloud posture
• Working with the team to plan consultancy days; e.g. work items requiring deep knowledge of a specific security domain or a technical specialist
• Monitoring our processes and suggesting improvements Proposing and progressing other continuous improvement work
• Feeding into training and awareness programmes and improving security culture
• Preparing for audits and carrying out remediation work
• Working with the Director to create, maintain and manage policies and ensure compliance
• Planning and participating in incident response exercises
• Managing major incidents and conducting post mortems/reviews

Person Specification

Essential

• Experience of risk management
• Working knowledge of security standards and frameworks, particularly ISO 27001
• Knowledge (and preferably experience) of GDPR and DPA 2018
• Experience of incident management
• Excellent knowledge of high level security concepts and best practice
• Excellent documentation skills, including policies and standards
• Knowledge of the following areas (deeper experience of one or more preferred):
• Endpoint security
• Network security
• Cloud security
• Application security
• Identity and access management
• Secure distributed working practices
• Excellent written and verbal communicator
• Ability and desire to learn new tools, skills and consider other perspectives
• Growth mindset. Comfortable performing a wide range of activities, including stretching to new skill/experience areas
• Ability to manage own time, confirm priorities and expectations
• Independent worker who knows when to ask questions
• Comfortable working with the wider team and organisation
• Comfortable dealing with ambiguous situations and objectives

Desirable

• Professional qualifications, such CompTIA+, CISSP, CCSP, ISO 27001 Auditor
  Exposure to ITIL (ITIL Foundation or higher preferred)
• Experience in one or more of the following:
  • Cloud (AWS preferred)
  • Salesforce
  • SSO & federated identities
  • Network security, SASE & VPNs
  • Endpoint security
  • Infrastructure security and best practices
  • Working knowledge of encryption technologies
  • Password management and access control
  • Security training and awareness
  • Secure distributed working practices
  • Securing domains
• Detection and response, with excellent troubleshooting skills
• Working knowledge of one or more of these tools/products:
  • Salesforce
  • JIRA & Confluence
  • Mac/iOS & ChromeOS
  • Windows/Office365
  • Google Workspace
• Creative thinker, but understands the importance of seeing a piece of work through to the end and on time
• Decisive, proactive, knows when to check the boundaries

We will be interviewing on a rolling basis and reserve the right to close the job advert early if we receive a high number of applicants.