Cyber Security Manager

This is a new position which means we are looking for a motivated and enthusiastic Cyber Security Manager to help establish and develop good practice within the service and the wider Authority. The role offers the opportunity for hybrid working in a flexible service.  

The post holder will become the Authority’s expert in Cyber Security. They will have responsibility for the effective operational management of the Cyber Security agenda across the Authority, ensuring the protection of IT Systems utilised to support customer and back-office functions. This person is expected to become expert in and up to date with policies, procedures, legislation, and good practice surrounding Cyber Security.

This is a varied hands-on role that involves working closely with all areas of ICT Services and the wider organisation to promote and develop a security first approach and practice.

You will support the ICT Service teams in strategic security projects focusing on patching and vulnerability management.

Responsibilities / Essential Skills

• Reporting to the Head of Digital and Technology, you will be responsible for driving and implementing security initiatives to protect the business from security threats and cyber-attacks, delivering best practice security controls and processes
• Establish and execute the security strategy for the development of information security technologies, cyber risk management and policies and practices while ensuring information security and compliance within applicable regulations
• Providing hands-on leadership in risk identification to accurately map out critical security issues and recommendations
• Plan and manage security testing and simulations, including red assessments and phishing simulations.
• Investigate and respond to breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
• Scheduling and conducting periodic security assessments, including desktop and red team exercises.
• Proven experience of strategically leading security operations.
• Ability to communicate at all levels (technical / non-technical) with clarity and precision, both written and verbally.
• Ideally hold at least one Security Compliance certification (CISSP, CEH, CISM)

Main Skills/ Requirements:

• Security Incident Management and Crisis Management experience
• Sound knowledge and experience with compliance frameworks such as NIST, MITRE ATT&CK, and PCI DSS
• Experience with SIEM systems
• Scripting with Python and/or PowerShell
• Experience of Data Leakage prevention strategies
• Excellent understanding across multiple technology areas - Networking, Operating Systems (Windows, Linux, and Mac), Application Security, AWS.
• Experience leading investigations, threat hunting and writing playbooks.
• Knowledge of Mitre security framework, NIST standards and Controls, ISO27001 and PCI-DSS
• Knowledge of Microsoft Azure Sentinel and Defender Advanced Threat Protection.
• Knowledge of Microsoft Active Directory.

For an informal discussion please contact David Strong on 01228 817298 or David.Strong@carlisle.gov.uk

We offer an excellent benefits package with flexible working, a generous pension scheme and fabulous development opportunities.

For further details and an application form please visit our website www.carlisle.gov.uk/Jobs 

The closing date for applications is 12 noon on Friday 22 October 2021 and interviews are anticipated to take place week commencing 8 November 2021.