Vulnerability and Compliance Manager
Location: Stevenage
Salary: Up to £65,000
Headline Benefits: A bonus of up to 21%, Strong pension, 25 days annual leave with the option to accrue 15 additional days flexi leave, enhanced parental leave.
We’re working with an award-winning, world-leading, technical & scientific engineering organisation, with sites across Europe, that have an exciting opportunity for a Vulnerability and Compliance Manager who will support the Information Management (IM) SOC to defend against cyber threats and vulnerabilities by ensuring the IM environments are following best practice and remain compliant by proactively managing identified vulnerabilities that could be exploited.
The Vulnerability and Compliance Manager Role
Provide remediation action through compliance with relevant security standards and confirm that remediation is completed in accordance with the identified risk categorisation. This is a key position in driving the cyber essentials plus assessment and remediation phases, including scoping and planning.
-
Report and track remediation activities affecting all Infrastructure and applications within the IM estate.
-
First-line management of vulnerability analysts.
-
Manage compliance and due diligence-led activities and audits, including regulatory updates within IM, including CE+ and ISO27001 assessments.
-
Collaborate with teams and stakeholders to create both tactical and strategic plans as it relates to vulnerability management or accreditation compliance.
-
Champion security best practice within technology and be regarded as the ‘go-to' individual for vulnerability management.
-
Provide security and remediation advice across the business at a technical level.
-
Proactive identification and communication of external themes and threats.
-
Advise technical and non-technical audiences on appropriate prioritisation of patch deployment and remediation activities.
-
Manage vulnerability remediation by suppliers and teams through re-test & closure.
-
Help drive security maturity in vulnerability management and security in general across the entire business, through positive engagement, teaching, and leadership.
-
Maintain and further improve the scanning scope and capability of the vulnerability scanning service, through automation and tooling.
-
Manage the remediation plan for vulnerabilities discovered during penetration tests and IT health checks.
-
Provide vulnerability assessment scan guidance and process oversight.
Vulnerability and Compliance Manager skills and qualifications required:
-
Familiarity with Infrastructure and web application scanning tools (e.g. Qualys, Nessus) and relevant remediation management/risk tools supported in the Security Operations Centre (SOC)
-
Experience in managing vulnerabilities (planning and remediation)
-
Demonstrable knowledge of Vulnerability lifecycle management (MITRE) and IT/ OT/ IoT vulnerability remediation plans
-
Experience or knowledge of risk management frameworks (e.g. CIS, NIST)
-
Sound understanding of network/infrastructure and web/mobile application weakness and anti-patterns (CWE, OWASP).
-
An in-depth understanding of cyber security technologies and applicable security controls, Tenable.IO and Tenable.SC experience is desirable
-
A good understanding of information security principles and best practices
-
Ability to carry out risk assessments
-
Supplier engagement and collaboration experience
The business are firm believers in offering all staff the best possible platform to succeed, providing support for career development as well as personal assistance. They hold numerous awards on the back of this work and have a range of employee networks and internal communities that include Parents and Carers, Gender Equality, Neurodiversity, Pride, Ethnic Diversity and many more. They really care about their staff and are passionate about what they do and why they do it.
Their order book stretches for many years, and they have healthy profits and a range of new projects in place. They’re stable with steady controlled growth, offer dynamic working, and fantastic opportunities to grow and develop your career further.
NB: Please note that the successful applicant will need to be in agreement to achieve the required levels of security clearance with acceptable restrictions or no restrictions (Secret level then Developed Vetting)
Cirrus Selection offers the services of an Employment Agency for permanent recruitment and the services of an Employment Business for contract recruitment.