Information Security Manager – IAM / DevSecOps


    Location
    London
    Date

    Henderson Scott

    Information Security Manager – IAM / DevSecOps – £65,000 – £70,000 (1 day/week in London)

    Role Summary

    To manage and assist in the delivery of information security programmes, activities, and day to day business operations. The scope of the role will cover people, process, and technology across all areas of security across all aspect of technology delivery lifecycle, providing project consultancy from an Information Security viewpoint, driving the adoption of best practice techniques and architectures,

    Key Duties

    • ‘Move security to the left’ for software development by implementing a DevSecOps approach.
    • Drive best practice security configuration on premise and cloud estate,
    • Identity and Access Management policy standard and enforcement.
    • Vulnerability Management.
    • Security Operations – Detection and Response.
    • Provide Information Security project consultancy across all projects ensuring the confidentiality, integrity and availability of all data and ensuring all projects and process have privacy by design.
    • Review and approve architectural diagrams ensuring that security has been considered and is appropriate.
    • Generation and distribution of appropriate metrics and dashboards in relation to Information Security
    • Support the rest of the information security team in the delivery of their roles and cross cover during absences.

    Skills & Experience

    Essential

    • CISSP/CISM or equivalent
    • Microsoft Azure qualifications
    • Microsoft Defender and other security tooling qualifications
    • DevSecOps Qualifications

    Desirable

    • Qualys qualifications and experience
    • TOGAF
    • Cyber Essentials Plus knowledge.

    Required experience

    Essential

    • Experience of DevSecOps
    • Experience of the OWASP Top 10 and abreast of developments in application security
    • Strong knowledge and understanding of security principles surrounding firewalls, cloud security (Azure), (Identify and Access management (Privileged Access Management on 1 prem/cloud)
    • Experience of running a vulnerability management programe.
    • Experience of control frameworks such as NIST, CIS, Cyber Essentials and PCI-DSS
    • Familiarity with MITRE ATT&CK and D3FEND
    • Experience of writing documented policies, procedures and standards for technical and business colleagues

    Desirable

    • Experience of the Microsoft Enterprise Access Model
    • Experience of OAuth and SAML
    • Experience of the TOGAF framework
    • Experience of log management
    • Experience using tools such as Bloodhound and Pingcastle
    • Cyber Essentials

    Information Security Manager – IAM / DevSecOps – £65,000 – £70,000 (1 day/week in London)