Accessibility Links

Cyber Threat and Vulnerability Manager

  • Job reference: 26005
  • Location: City of London
  • Job type: Permanent
  • Start date: Not specified
  • Contact: Not specified
  • Sector: Information and Cyber Security
  • Salary: £70000 - £80000 per annum
This vacancy has now expired.
Threat and Vulnerability Manager needed to join the CISO team based in London.
As a Threat and Vulnerability Manager you will assist the Chief Information Security Officer by effectively identifying, quantifying and managing cyber vulnerabilities across the group. This role will be responsible for the implementation and management of threat and vulnerability capabilities, interfacing with appropriate teams across the businesses to ensure appropriate remediation plans are defined and implemented.
Key Responsibilities:
  • Supporting the development and implementation of the Threat and Vulnerability Management framework
  • Spearhead efforts to support businesses in developing their own processes and procedures as required
  • The development of communications to promote and maintain awareness of current threats and vulnerabilities across all businesses
  • Act as escalation point for all threat and vulnerability events
  • Aggregate all threat and vulnerability information to;
  • Provide a consolidated view across the group
  • Provide actionable intelligence to businesses and track their action plans
Vulnerability Assessments/ Management
  • Ensure effective vulnerability scanning of infrastructure, code, and applications within both corporate and 3rd party environments
  • Define minimum standards in relation to vulnerability management, monitoring compliance across the businesses
  • Research and investigate new and emerging vulnerabilities, to include Zero Day events, and participate in external security communities, sharing findings across the group
  • Ensure the successful completion and recording of scanning activities
  • Support the assessment of identified vulnerabilities to prioritise remediation based on risk and exposure
  • Track remediation activities to completion, validating the effectiveness in mitigating the risk
  • Interface with peers and leaders across the businesses to both share the corporate security vision and solicit their involvement in achieving higher level of enterprise security
Threat Intelligence
  • Define minimum standards in relation to threat management, monitoring compliance across the businesses
  • Ensure threat management encompasses external and internal threat sources, helping to identify current and future threats to the Group.
  • Perform, at least annually, a Threat Assessment across our businesses, feeding into crisis management, risk management and business planning activities.
  • Participate in information sharing groups within and outside of financial services, as well as within the group.
  • Coordinate a periodic test of response capabilities across the group.
  • Define approaches to monitoring threats to staff and executives, ensuring their privacy is protected
  • Define approaches to monitoring threats to our customers and advisers, defining awareness materials that can be shared and maintained
  • Ensure active threats and their associated attack vectors are mitigated through vulnerability management and monitoring activities
Reporting
  • Report on vulnerability /threat analysis and recommend appropriate control improvements
  • Ensure the accurate and timely release of vulnerability metrics.
  • Report on areas of non-compliance against Policy and/or Group Standards
  • Produce regular MI to support overarching governance frameworks
Business/ Customer Engagement
  • Manage and participate in customer engagements concerning services offerings or discussions around threats.
Qualifications & Experience:
  • Undergraduate degree level education and/or relevant professional qualifications
  • At least one of the following certifications: CCNA Security, CISSP/SSCP/CISM, CEH, GSEC, GCIH;
  • Extensive experience of implementing, monitoring and improving the threat and vulnerability management service of a financial services organisation.
  • Expert level understanding of both threat and vulnerability management services and information security
  • Detailed knowledge of system security vulnerabilities and remediation techniques.
  • Excellent technical comprehension of threat and vulnerability scanning solutions, systems and processes
  • Understanding of information/ cyber security risk in financial services firms.
  • Knowledge of the key IT and change management processes and associated risks and controls within major financial services firms.
  • Knowledge of and ability to manage Windows, iSeries, Network Device, Database, Middleware, and Application vulnerabilities.
  • Working knowledge of security related technologies such as firewalls, WAFs, IDS/IPS systems, SIEM systems, network protocols, etc.
  • Knowledge of and ability to administer network and host-based security tools to include penetration testing and ethical hacking products.
  • Knowledge of and ability to manage vulnerability scans against a range of assets.
  • Knowledge and experience of ISO27000 suite
  • A high level understanding of security architectural design and network design
  • Investigation of security breaches and incident management
Related jobs
Security Project Manager
  • Contract
  • London
  • £500 - £600 per annum
  • Reference JH27713
  • Security Project Manager FTSE100 retailer require a Security Project Manager who has extensive experience managing multiple security work streams. The Security Project Manager will have previous experience managing technical security projects e.g incident response and threat & vulnerability...
Read more
Security Project Manager - Web & Emails
  • Contract
  • London
  • £550 - £650 per day
  • Reference JH27588
  • Security Project Manager (Web controls & Emails) Leading Financial Services Firm require a Security Project Manager who has extensive experience working with Web & Email. The Security Project Manager will work with a BA & a Security Architect help to improve the endpoint security & resilience of the Web...
Read more
Security Project Manager (IAM)
  • Contract
  • London
  • £600 - £700 per day
  • Reference ML - 27475
  • Security Project Manager (Identity and Access Management) Leading Financial Services Firm require a Security Project Manager who has extensive experience working with many IAM tool sets. The Security Project Manager will help to create a Target Operating Model and a Governance framework for a large scale and complex...
Read more