Accessibility Links

Cyber Threat and Vulnerability Manager

  • Job reference: 26005
  • Location: City of London
  • Job type: Permanent
  • Start date: Not specified
  • Contact: Not specified
  • Sector: Information and Cyber Security
  • Salary: £70000 - £80000 per annum
This vacancy has now expired.
Threat and Vulnerability Manager needed to join the CISO team based in London.
As a Threat and Vulnerability Manager you will assist the Chief Information Security Officer by effectively identifying, quantifying and managing cyber vulnerabilities across the group. This role will be responsible for the implementation and management of threat and vulnerability capabilities, interfacing with appropriate teams across the businesses to ensure appropriate remediation plans are defined and implemented.
Key Responsibilities:
  • Supporting the development and implementation of the Threat and Vulnerability Management framework
  • Spearhead efforts to support businesses in developing their own processes and procedures as required
  • The development of communications to promote and maintain awareness of current threats and vulnerabilities across all businesses
  • Act as escalation point for all threat and vulnerability events
  • Aggregate all threat and vulnerability information to;
  • Provide a consolidated view across the group
  • Provide actionable intelligence to businesses and track their action plans
Vulnerability Assessments/ Management
  • Ensure effective vulnerability scanning of infrastructure, code, and applications within both corporate and 3rd party environments
  • Define minimum standards in relation to vulnerability management, monitoring compliance across the businesses
  • Research and investigate new and emerging vulnerabilities, to include Zero Day events, and participate in external security communities, sharing findings across the group
  • Ensure the successful completion and recording of scanning activities
  • Support the assessment of identified vulnerabilities to prioritise remediation based on risk and exposure
  • Track remediation activities to completion, validating the effectiveness in mitigating the risk
  • Interface with peers and leaders across the businesses to both share the corporate security vision and solicit their involvement in achieving higher level of enterprise security
Threat Intelligence
  • Define minimum standards in relation to threat management, monitoring compliance across the businesses
  • Ensure threat management encompasses external and internal threat sources, helping to identify current and future threats to the Group.
  • Perform, at least annually, a Threat Assessment across our businesses, feeding into crisis management, risk management and business planning activities.
  • Participate in information sharing groups within and outside of financial services, as well as within the group.
  • Coordinate a periodic test of response capabilities across the group.
  • Define approaches to monitoring threats to staff and executives, ensuring their privacy is protected
  • Define approaches to monitoring threats to our customers and advisers, defining awareness materials that can be shared and maintained
  • Ensure active threats and their associated attack vectors are mitigated through vulnerability management and monitoring activities
  • Report on vulnerability /threat analysis and recommend appropriate control improvements
  • Ensure the accurate and timely release of vulnerability metrics.
  • Report on areas of non-compliance against Policy and/or Group Standards
  • Produce regular MI to support overarching governance frameworks
Business/ Customer Engagement
  • Manage and participate in customer engagements concerning services offerings or discussions around threats.
Qualifications & Experience:
  • Undergraduate degree level education and/or relevant professional qualifications
  • At least one of the following certifications: CCNA Security, CISSP/SSCP/CISM, CEH, GSEC, GCIH;
  • Extensive experience of implementing, monitoring and improving the threat and vulnerability management service of a financial services organisation.
  • Expert level understanding of both threat and vulnerability management services and information security
  • Detailed knowledge of system security vulnerabilities and remediation techniques.
  • Excellent technical comprehension of threat and vulnerability scanning solutions, systems and processes
  • Understanding of information/ cyber security risk in financial services firms.
  • Knowledge of the key IT and change management processes and associated risks and controls within major financial services firms.
  • Knowledge of and ability to manage Windows, iSeries, Network Device, Database, Middleware, and Application vulnerabilities.
  • Working knowledge of security related technologies such as firewalls, WAFs, IDS/IPS systems, SIEM systems, network protocols, etc.
  • Knowledge of and ability to administer network and host-based security tools to include penetration testing and ethical hacking products.
  • Knowledge of and ability to manage vulnerability scans against a range of assets.
  • Knowledge and experience of ISO27000 suite
  • A high level understanding of security architectural design and network design
  • Investigation of security breaches and incident management
Related jobs
Security Engineer/ consultant
  • Contract
  • London
  • £400 - £450 per day
  • Reference DH2813
  • Security Consultant/ Engineer Luxury Retailer require a Security Consultant/ analyst to support their Malicious Software Improvements Project. The ideal candidate will have the following experience: Extensive experience with End Point Protection ideally with Sophos anti-virus/AVExperience with SIEM's/Security Incident...
Read more
Cloud Security SME
  • Contract
  • West Yorkshire
  • £350 - £550 per annum
  • Reference 27821
  • Cloud Security SME - West-Yorkshire - Initial 3 Months Our West Yorkshire based client is looking for a Cloud Security SME to provide technical advice, guidance and support on Cloud Technology Security. The successful candidate will provide Cloud Security SME advise and guidance across the business...
Read more
Senior Cyber Security Operations Analyst
  • Permanent
  • London
  • £70000 - £80000 per annum + corporate bens
  • Reference 28165
  • The Security Operations Specialist will be responsible for the daily operations and maintenance of security tools such as splunk and McAffee IPS. You will become the security tools and systems expert (Splunk), understand defensive security techniques to cope with a forever changing digital threat landscape...
Read more