Security Delivery Associate Manager

Due to the nature of the client engagements, every employee needs to be able to achieve Security Clearance. This means that you need to have the right to take up employment within the UK, do not have or require any visa to work, and have been resident in the UK for at least 5 years without any gap(s) totalling more than 6 months.

As an employer we believe in facilitating a flexible work pattern whilst taking into consideration operational requirements, client and individual needs. We are proud of our hybrid work pattern that typically sees employees in the office for a minimum of 2 days per week.

You should be able to easily commute to our Manchester office. For some roles/projects, travel to the clients’ offices will be required and the frequency is often determined by the client.

Diversity, equity and inclusion are integral to the success of 6point6. We welcome applicants with different perspectives, skills, life experiences and backgrounds, and are proud to have an organisational culture where employees can bring their authentic selves to work.

You will be recognised as a subject matter expert, you will be responsible for strategic decision-making and expected to lead complex assurance projects. You will be expected to demonstrate a high level of expertise and take a leadership role in implementing and managing information security practices.

We look for people who can deliver both exceptional technical solutions and work as true partners to the organisations we support.

Key responsibilities

• You will adapt quickly to new circumstances. This requires multiple different assurance goals – including legislation, regulation, standards and frameworks
• You will use your knowledge to identify real-world security risks and help stakeholders understand the best options they have available
• You will have a hands-on and consultative approach to assurance.
• You will look to gain experience in operational assurance in a business
• You will have been a subject matter expert in security management with a broad understanding of other cyber security domains – including architecture, engineering and operations

Service delivery and project management experience is desirable, you will have experience with Agile delivery methods and DevOps models.

Experience

• Identify and analyse cyber security risks and providing advice to risk owners
• Conduct assurance reviews against standards-based compliance requirements
• Conduct Privacy Impact Assessments
• Manage assurance lifecycle processes within operational environments
• Produce assurance evidence and reports for stakeholders
• Production and implementation of cyber security policies
• Evaluate the growth of security incidents
• Provide guidance on meeting security related statutory and regulatory requirements
• Assess security control designs and configurations for effectiveness in risk management
• Develop trusted relationships with security stakeholders
• Implementation and maintenance of security processes
• Manage the delivery of security assurance services for projects
• Analyse security industry trends

Requirements

• Excellent working knowledge of the security risk management life cycle working with assurance methods in Agile delivery – such as secure SDLC
• Excellent knowledge on a variety of different security technologies, such as cryptography, host intrusion, network and application firewalls
• Experience of cyber security policies and process
• Experience of security awareness campaigns
• Experience with threat and vulnerability management systems
• Experience with security information and event management systems
• Experience with common approaches to requirements definition, system design and engineering

It would be good if you could bring along some of the following skills, but this is not essential:

• Familiarity with major Cloud technologies working experience of a least one major PaaS provider – such as Azure or AWS
• A natural collaborator with a genuine desire to help your team achieve a common goal
• Knowledgeable when it comes to industry standards and good practice for information security risk working experience of ISO standards
• An understanding of designing security management systems

You will:

● Guide our clients on application and operation of security controls

● Explain complex information security concepts to business stakeholders

● Identify information security risks within a solution and provide appropriate countermeasures / alternatives to mitigate the risks

● Contribute to planning and execution of risk-based audits

● Support threat modelling

● Data Protection Impact Assessments (DPIA)

● Manage assurance lifecycle processes within operational environments

● Demonstrate business acumen in identifying and qualifying business opportunities

● Exemplary consultancy skills, and stakeholder management experience

We would love to talk to anyone with the following:

Certified Information Security Manager (CISM)

Certified Identity Management Professional (CIMP)

Certified in RISK and Information Systems Control (CRISC)

Advanced Cloud Security (ISC² Cloud Certified Security Professional)

General Data Protection Regulation

ISO Standards / Frameworks