Cyber Security Manager - 8 Months - Inside IR35 - Edinburgh

Day Rate - Market Rates

Harvey Nash's public sector client are currently looking to recruit a Cyber Security Manager to join their team based In Edinburgh/Remote for an initial 8 month period.

Main Duties:

• The successful candidate will play a key role in managing the security assurance roadmap and relationship with security teams across public sector organisations and suppliers involved in developing, testing, auditing and supporting the service.
• Continuously review IT Security Policies and Processes in line with best practise, providing recommendations for security improvements across all assigned projects
• Support security architect function by defining priorities based upon risk and new emerging threats that have been identified
• Assist the security risk advisor and security architect function with the assessment of compliance against Government and Industry security and privacy framework standards producing gap analysis and remediation reports as required.
• Ensure compliance with organisational security commitments to Memorandums of Understanding and Shared Service Agreements with partner organisations
• Assist the security risk advisor and security architect function with risk and threat modelling and assessment
• Support security architect function by contributing to acceptance criteria for security countermeasure delivery, and sign off security countermeasures once delivered as operationally ready
• Plan and manage an ongoing schedule of security countermeasure testing
• Support the security risk advisor with security assurance of Cloud tools and technologies utilising Government and Industry standards such as NIS CAF, CSA STAR and ISO27001 etc
• Manage third party relationships from a security perspective and ensure contractual security requirements are being met
• Ensure Security Issues are raised in accordance to agile methodology and sprint planning
• Manage and represent the security function and staff for all assigned projects
• Lead on Vulnerability Management program at both application and platform level ensuring

Essential Criteria

• Recent working experience (last 1-3 years) in delivery of a defined security programme where public facing identity based authentication and verification services were required, and leading Security Operations teams in the running of such services.
• Demonstrable working experience in designing and delivering: SOC services; Cyber Incident Response functions and Vulnerability Management processes.
• Demonstrable working experience and application of Government and Industry security standards including Scottish Government Cyber Resilience Framework, ISO27001, GovAssure and NCSC CAF.
• Direct working experience of AWS and Azure native security tools (eg Azure Sentinel, AWS Guard Duty, Microsoft Defender for Cloud, AWS Security Hub, etc). and good awareness of third party security technologies to support continuous improvements of Cloud service security posture (eg Privileged Access Management, Vulnerability Assessment System).
• Experience of working with and 'securing' software development life cycles (S-SDLC), and supporting Software and Cloud Engineers with security engineering expertise.
• Experience of engaging with, and managing, a wide range of internal and external stakeholders, including senior officials, customers and suppliers. This includes producing concise, clear, well-structured written work and communicating complex matters across a range of audiences.

Desirable Criteria

• AWS and/or Azure professional certification in a security space and professional certification at auditor level in ISO27001.
• Good understanding of UK Government good practice guides 44 and 45 to support authentication and verification processes.
• Working knowledge of programme delivery to the UK Government digital identity and attributes trust framework.

This role has been deemed Inside IR35 by the client. Applicants must hold, or be happy to apply for, a valid Basic Disclosure Scotland. Please click the link to apply.