IT Security Assurance Manager

Wincanton Logistics
Chippenham, UK
19 Jun 2019
27 Jun 2019
Contract Type
Full Time
Role Overview
The purpose of this role is responsible for delivering day-to-day IT information assurance activities and support IT security operations. This includes, but is not limited to, performing penetration tests, participating in threat actor based investigations, creating new detection methodologies and providing expert support to incident response and monitoring functions. The focus of the role is to detect, disrupt and eradicate threat actors from our enterprise through the use of testing, data analysis, threat intelligence and security technologies.

Key Responsibilities
  • To act as a 'Cyber Hunter' ensuring corporate IT systems and controls are tested, assured, represented and reported accurately and appropriately
  • Accountable for the ongoing testing, compliance and assurance of IT systems, processes and standards across the Group
  • To engage, support and work closely with the business at all levels to ensure information security regulations, requirement and policies are understood, communicated, & implemented effectively across all business functions
  • To engage, support and work closely with the business at all levels to ensure the confidentiality, integrity and availability of data and services are maintained against the risk of loss, misuse, disclosure or damage
  • Support security operations and cyber incident management
  • Create awareness and training material, drive user compliance activities and contribute to a culture of Information security management

Detailed Overview of Focus Areas and Responsibilities

1) Security Testing
  • Responsible for developing, agreeing, implementing, managing and owning the annual security testing programme
  • Conducts penetration, disaster recovery and business continuity testing
  • Conducts process assurance assessments, looking for vulnerabilities
  • Responsible for supporting and contributing to the Information Security Management System
  • Responsible for supporting and contributing the IT Risk Management framework and the continued management and governance of risk management within IT
  • Responsible for supporting and contributing to group-wide policies and standards
  • Be fully conversant with the business strategy & associated IT strategy to ensure alignment and compliance with Information Security & Risk Management policies and practices
  • Partners with Business Development and IS Customers Delivery functions in engagement of the internal / external customer. Is able during these interactions to demonstrate commercial & interpersonal awareness as well as delivering SME expertise in Business English.

2) Assurance and Auditing:
  • Conducts assessments of IT systems (infrastructure and application) control hygiene looking for vulnerabilities
  • Accountable for carrying out compliance and assurance audits across all areas of IT to ensure adherence to Information Security policies and Risk Management framework
  • Accountable for reporting and ensuring issues arising from gap analysis & risk assessments are clearly assigned, owned and mitigation plans are in place to reduce mitigate / reduce risks
  • Working with and supporting the business, to ensure the successful delivery and completion of internal or external security audits
  • Working with and supporting the business, to ensure the successful delivery and completion of customer and supplier reviews in both pre and post sales environments

3) Consultancy:
  • Working in a consultancy capacity for Information Security matters in the new business and acquisition process
  • Providing expert support on Information Security and Risk to all-levels of management across the business
  • Keeping up to date and sharing best practice on Information Security and Risk issues across the Logistics and other industry sectors
  • Instilling best practice and updating when appropriate
  • Promoting information security awareness across the business

4) Other:
  • Acting as a design authority for information security infrastructure and security applications architecture
  • Develops monthly and quarterly reports on matters relating to information security and risk
  • Ad hoc confidential security investigations
  • Monitors industry best practice web sites and standards and identifies change requirements to the organisations security policies and procedures
  • Subscribes to industry security forums and maintains company linkage to forums

Ideal Candidate Profile
  • You should be able to operate as a member of the wider IT team, contributing to a wide range of Information Security risks and issues, to provide joint outcomes
  • You should have a strong background delivering & implementing information risk, assurance and information security strategy programs, within large corporate environments, ideally coming from a FTSE 100 environment or the logistics sector
  • Proven industry experience in application and infrastructure penetration testing
  • Strong understanding of OWASP, PTES and other penetration testing methodologies
  • Knowledge of web apps design, development and deployment across different platforms
  • Knowledge in testing mobile applications (iOS/Android)
  • Strong understanding of firewall management, SIEM, SOC and IPS/IDS deployments
  • Strong knowledge in preparing and launching social engineering campaigns
  • Good knowledge of enterprise technologies including associated security vulnerabilities and exploits
  • Relevant security qualifications (such as OSCP, CREST CRT, TIGER, CISSP, CEH)
  • Cyber incident response and forensics experience
  • Experience with data asset management and leak prevention toolsets
  • Strong analytical skills
  • Superb written and spoken English skills

Leadership Competencies
  • Organising - You must be able to marshal resource to get things done, can orchestrate multiple activities to accomplish goals, uses resources effectively & efficiently
  • Delegation - You must be able to delegate both routine and important tasks and decisions. Shares responsibility and remains accountable, trusts people to perform and monitors accordingly
  • Integrity & values - Lives and promotes the core values and behaviours of the organisation. Acts in line with these values and behaviours, recognises and rewards.
  • Drive for results - Can be counted on to exceed goals successfully. Is constantly and consistently one of the top performers. Is profit and performance focused. Actively manages the performance of others.
  • Intercultural awareness

Other Information
  • This job may involve travel to company sites, customers, suppliers and advisory / professional organisations. This may involve international travel on an ad-hoc basis.
  • This role will be expected to influence, advise & inform on all aspects of information security.

About Us:

Wincanton is a leading third party logistics (3PL) and supply chain solutions provider in the UK and Ireland. As the largest British logistics company we work in industry sectors as diverse as milk, defence, energy, retail, consumer goods and construction, supporting every stage of development and adding value through our supply chain expertise and innovative approach to logistics challenges. With over 17,000 colleagues across more than 200 sites and a 3,400 strong fleet of vehicles, we put our customers at the heart of everything we do and our mission is "to make our customers business's better, every day."

Our people are at the core of our business and what makes Wincanton great. That's why we provide significant opportunities for career progress, as well as training enrichment and multi-skilling, in a dynamic working environment.

By applying you agree to Wincanton's terms of use, click here to review

Similar jobs

Similar jobs