The Security Assurance Manager will manage and track the security requirements through build and ensure that security requirements and controls deliver security capability for product launch and continual operation.
This role blends some technically focused work but is expected to be mostly technical program management and working with our development teams, product owners, architects and management to build a high security standard.
You will manage the security requirements and controls at a technical and administrative level to achieve our security objectives and our certification objectives of ISO27001 and SOC2. You will track delivery of requirements to these certificates and ensure these certificates are achievable and delivered on time. This is a highly collaborative project management role, where you will be expected to understand and communicate the details, phasing of work and track delivery of the product security. You will need to operate at several different levels: working with developers, architects, engineers, and other project managers on a range of tasks such as writing policies to gathering evidence or proposing KPIS that demonstrate secure processes.Essential experience
- Experience of managing the security delivery within new products and/or improving security in existing products to a recognised standard. Experience of achieving ISO27001 and SOC 2 will be advantageous.
- Experience of managing and escalating issues and risks as they develop in clear and understandable ways to senior stakeholders.
- Holder of recognised, current security certificate (e.g. CISSP/CISM)
- Experience of delivering operational security activities
- Solid understanding of regulatory and compliance requirements, including security frameworks such as NISTCSF, ISO 27001 and GDPR
- Experience working in regulated environments/banking
- Demonstrable experience with security technologies and architectures
- Demonstrable experience working with software and platform development teams through agile delivery methods
- Comfortable communicating across all levels of an organisation.
- Excellent command of spoken and written English.
- Good understanding of data architecture(s), web security, zero trust models and low latency applications
- Experience of payments systems and/or sanctions screening
- Demonstrable experience with AWS Security for complex environments