Be on Alert – Fraudulent Employment Offers. Learn More
Cyber Security Manager
The Cyber Security Manager will report to the Chief Information Security Officer. Primary responsibilities will include conducting security audits of information systems used by the company and reviewing contracts for relative security requirements. Participate in ICF client security assessments and audits, where required. Information Security Manager will provide recommendations to meet specific compliance requirements and complete detailed reports of information systems security status. These reports will outline whether the systems processes, policies, and security controls are adequate to meet contractual obligations, company security standards, and data protection safeguards. Working closely with the Data Protection Officer to ensure the information security and privacy alignment are adhered to will be a key element of the job. Information Security Manager will also assess the company’s security measures, such as firewalls, malware protection, encryption, account and passwords management, authentication methods, and identify any weaknesses that could compromise the confidentiality, integrity, or availability of information systems in respective areas.
Information Security Manager will assist in developing policies and procedures that aids in securing information systems and protected data. Provide security awareness for employees and contractors by explaining security risks and demonstrating good safeguards when working with specific projects. Demonstrate good team working skills to develop security solutions in collaboration with other information technology professionals.
Information Security Manager will work with and assist the information security staff with general daily security activities to include, but not limited to, service requests, gathering forensics information, monitoring security events, incident response, and security assessments.
Job Duties List
There are many duties and responsibilities for an Information Security Manager that depend upon the level of security assessments preformed. Information Security Managers may work as part of a team to determine the security posture and compliance of an information system(s) and other security related network devices.
Work performed by the Information Security Manager may also include the testing of policies and security controls to determine whether there are risks associated with them. The Information Security Manager may also review or interview members of the staff to learn about any security risks or other complications within the company. Maintain an inventory systems of sensitive systems and data. Suggest updated security controls by recommending new policies, procedures and technical solutions to enhance overall security.
Review contacts, security questionnaires and proposals for relative information security requirements.
Information Security Manager will function as a liaison between Information Security, Data Privacy, Corporate Information Security, Contracts, Lines of Business (LOB), and other required groups. Creating and conducting group training pertaining to information security to specific groups. A core responsibility is to ensure the appropriate security safeguards are deployed to meet company standards and compliance requirement for several contracts and corporate systems for both government and private clients. The Information Security Manager will be potentially project lead continuing SSAE 16 SOC and ISO 27001 audit reviews. The Information Security Manager will author or contribute to and maintain Security Standards documents, Security Plans, Disaster Recovery plans, and any other documentation required for successful completion of all internal and external audits. Other responsibilities may include forensic analysis, log monitoring, and security issue resolution.
The preferred location is London, Uk
A bachelor's degree or equivalent experience required
Prior experience with security systems management and audits, preferably SSAE 16/18 SOC2, ISO 27001, NIST, health industries, as auditor or audited party
Strong knowledge of current NIST Frameworks, ISO, and enterprise security policies, standards, and regulations, particularly GDPR and National Cyber Security Centre (NCSC).
Experience with managing simultaneous projects
Current knowledge of Windows and Linux Operating Systems
Ability to obtain UK government clearance if required
Strong business writing and oral presentation skills
Experience identifying and resolving security issues on complex systems
CISSP, CompTIA Security+, CEH, or equivalent certification
GIAC GISF, or equivalent certification or in progress
Knowledge of internal control concepts (COSO and/or COBIT)
Knowledge of forensic analysis and investigations by using tools such as Encase, FTK, Paraben, etc.
Knowledge with using commercial and open source security software such as Nmap, Nessus, Wireshark, Rapid7, WebInspect, Metasploit Framework, Ettercap, Cali Linux, etc.
Experience with log monitoring, analysis, and correlation
Experience performing enterprise incident monitoring, response, and analysis
Malware analysis and reverse engineering experience
Experience with database security controls
VMware and Hyper-V support
Experience managing a SIEM
Working knowledge of firewalls, Cisco ASA or Fortinet Fortigate preferred
ICF offers an excellent benefits package, an award winning talent development program, and fosters a highly skilled, energized and empowered workforce.
Working at ICF
Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth. If you’re seeking to make a difference in the world, visit www.icf.com/careers to find your next career. ICF—together for tomorrow.
London Riverscape (GB75)