Information Security Manager (Inside IR35, 5 Months Contract)
This role is Inside IR35 and Remote.
Government client requires an Information Security Manager on an initial 5 month contract to help build a mature Security function. Part of this role will be to build a robust framework for: efficiently capturing business and key stakeholder information security tasks and enquiries; assessing and prioritising them; assigning CISO Team resource; processing tasks to resolution; and coordinating updates back to the business.
This role will work for the Business Information Security Officer (BISO) to manage business instigated interactions with the CISO team.
Specific for this role:
- Advise projects on the security requirements that should be included within their procurement specifications or candidate system designs.
- Harness technical background and experience to empathise with Digital change makers and apply knowledge of attack tooling and its application to threats and mitigations.
- Support threat modelling as part of our change enablement with through-life Application, Digital and Cloud skills.
- Directly engineer cloud services for security and be competent to review them engineered by another individual.
- Engineer and support Software Security Pipelines (eg DevOps style SAST/DAST/SCA)
- Provide information systems security assurance, enabling delivery of key projects
The Information Security Manager will have experience with:
- Working in regulated environments, preferably in a Critical National Infrastructure context.
- Strong technical skills in cloud and aligned technologies including cloud native security capabilities.
- Strong background in supplier security assurance and compliance.
- Experienced in creating, presenting and reviewing others designs at Design Authorities and Working Groups.
- Experience of working with business, technical and security stakeholders to secure unstructured data throughout the information lifecycle.
- Capable and credible in sharing and coaching application and cloud security concepts and techniques to an audience of Data Scientists, Developers and IT Generalists to code and demonstration level.
- Exposure to application security testing tools, techniques and activity (e.g. DevSecOps tooling, Attack Proxies, Pen Testing).
- Demonstrable experience engineering key business systems in environments undergoing business change.
If interested, please do not hesitate to contact Antonio.Alfieri@lafosse.com