Information Security Manager

Recruiter
Level 3 Communications Uk Limited
Location
Wokingham
Posted
10 Apr 2018
Closes
16 May 2018
Contract Type
Permanent
Hours
Full Time

Information Security manager

Our Vision

To improve lives, strengthen businesses and connect communities by delivering advanced technologies and solutions with a professional, honest and personalised service approach. Together we will be the Infrastructure Solutions leader in our market space.

Location (Country): Winnersh, Wokingham UK

Our People

Our team operates as an extension of our clients business. Our clients put their trust in our people and our solutions and we deliver to that trust. We collaborate internally and externally with credibility and discipline. We demonstrate agile leadership with a confidence in our abilities to deliver, whilst at the same time ensuring that we continue to raise the bar in all that we do. Our people are encouraged to face challenges with courage and confidence and to remember that our clients have placed their trust in what they do each day.

Purpose of Position:

This position is required to ensure the security requirements of CenturyLink’s government hosted systems are maintained according to mandated government standards, appropriate guidance documents, contractual obligations and the Risk Management Accreditation Document Set (RMADS). This position will also provide vetting services, data protection guidance, government pre-sales security support and ad-hoc information security support to the local business area.

Position Summary:

The successful candidate will be responsible for UK HMG Information Security. This will take the form of security management of existing systems, security support and advice to the regional teams, and security input into new business and sales opportunities. This is largely a self-directed role, so the candidate will be expected to work autonomously to ensure systems are kept secure and maintain appropriate certification and assurance.

The primary role is the security management of our existing HMG systems up to OFFICIAL-SENSITIVE. The successful candidate will be expected to provide security management services to ensure compliance with HMG security requirements, which will include:

  • Maintaining relationships with customer and end user security teams;
  • Developing and updating security policy, process and procedures to meet the compliance requirements;
  • Assisting in technical accreditation/assurance management including risk assessments and ITHCs;
  • Investigating and reporting on IT security incidents or breaches of security policy (both potential and actual) in accordance with local procedures;
  • Reporting on the current status of customer environments including patching, protective monitoring and anti-virus in accordance with policy;
  • Management of access to the platform and associated system information;
  • Reviewing the effectiveness of IT security controls in accordance with conditions set out in the local security policy, corporate security policy and system specific controls;
  • Maintaining relevant system certification (for example, PSN Service Certification);
  • Producing and delivering security awareness training tailored to UK Government;
  • Reviewing proposed changes to technical architecture to assess potential increase to security risk;
  • Attending change advisory boards representing HMG security, to review, approve or reject changes accordingly, depending on their potential impact;
  • Managing, auditing and documenting the secure decommissioning of equipment.

The role will be responsible for ensuring personnel security risks are effectively managed. This includes:

  • Determine the need for, and level of, national security vetting clearance required;
  • Apply national security vetting in accordance with customer requirements;
  • Keep full and up to date security records on all employees that hold security clearances;
  • Ensuring personal data is stored and processed in accordance with HMG Guidance, the Data Protection Act and GDPR;

The successful candidate will also have to respond to other ad-hoc requests, which may include:

  • Providing security input into new business opportunities, both in providing a response to security questions, and in helping the business assess the level of risk that new business may bring;
  • Providing advice on wider HMG security policy;
  • Assisting the regional team with security questions and concerns.

Minimum Requirements:

  • Existing, or willingness to achieve, UK Government SC security clearance;
  • Security certification such as CISSP, CISM or equivalent;
  • Previous experience working with UK government systems at OFFICIAL-SENSITIVE / RESTRICTED or above;
  • Knowledge of the Government Security Classification scheme;
  • Knowledge of the General Data Protection Regulation;
  • Working knowledge of compliance with IT security policy and procedures including Cabinet Office SPF, HMG IA Standards, NCSC Cloud Security Principles and Central Government departmental security policies;
  • Experience in achieving Government Certification and Accreditation;
  • Technical understanding of hosting infrastructure security requirements. (Networks, operating systems, storage area networking, virtualisation);
  • Good documentation skills;
  • Confident in representing CenturyLink Information Security in both internal and customer meetings.

Preferred Requirements

  • Degree in information security;
  • Working knowledge of HMG IAS 6 and the Data Protection Act / GDPR;
  • Working knowledge of HMG Vetting Policy;
  • Experience in custody of cryptographic items in accordance with HMG policy and procedures;

N.B.

All employees or contractors that work on behalf of CenturyLink UK Ltd may be asked to undergo vetting or security clearance based on the work carried out and the requirements of our Clients. It is a condition the successful applicant is able to pass these checks.

* This position description is not designed to contain a comprehensive list of activities, duties or responsibilities that are required of the employee.


This job was originally posted as www.jobsite.co.uk/job/960478379

Similar jobs

Similar jobs