Assistant Vice President - Security Operations - IT

Role title : AVP - Security Operations

Hiring for Service Manager - Security Operations

Principal Duties/Responsibilities :

- Supported by a management team, manage the operational activities of the Cyber Defence Centre team and drive continuous improvement.

- Plan, design, implement and execute regular incident readiness and response testing (Red team / Blue team, etc.) involving IT, partners and management.

- Ensure data sets that have been produced in response to security incidents are validated and correct.

- Define and maintain effective global operational processes, policies and procedures

- Ensure legal, regulatory and client requirements are met

- Provide effective and response support to the global business, clients and partners

- Identify, prioritize and lead delivery of local Cyber Defence Centre change projects and improvements, and contribute towards delivery of global Cyber Security projects.

- Work closely with business leaders and other IT departments (notably IT Architecture, IT Operations) to ensure the effective design and operation of both business and technical controls.

- Effective management, development and support for the global team. Communications and Relationships

Internal :

- With the CISO, IT Security Directors and security team; Information Security Programme Manager and project managers, Risk & Compliance, Legal, Audit, IT, Procurement and other support functions as well as operational management and client-facing teams.

External :

- Customers and suppliers Competencies

- Cross-Cultural Resourcefulness

- Cross-Cultural Agility

- Cross-Cultural Sensitivity

- Humility

- Assignment Hardiness

- Strategic Vision

- People Leadership

- Conflict Management

- Expertise in Information Security

- Organizational Agility

- Customer Focus / Relationship Management

- Comfort around higher management

- Integrity and Trust

- Personal Learning

- Business Acumen

- Result Focus / Energy & Drive Required Qualifications, Skills, Knowledge, Experience

Qualifications :

- Qualified to degree level, preferably in a business, IT or security related subject.

- Hold and maintain appropriate Information Security professional qualifications, such as CISSP or CISM, technical security and technology such as OSCP, CEH or GIAC.

- The role holder will be able to demonstrate a commitment to security and strong environmental awareness through continued professional development and learning.

Knowledge/Experience :

Essential :

- Leadership experience in Information Security, I.T. Security or a closely related function, in a regulated enterprise environment or a large public sector organisation

- Experience of managing and developing a team of technical specialists, delivering control improvements, driving forward change and implementing strategic change projects

- Comprehensive understanding of security threats, risks and countermeasures and ability to apply in a practical context at all stages of the kill chain

- Provide management oversight of all aspects of the incident response cycle, including the identification, triage and response to events

- Hands-on operational security experience including use of Excel, SQL, DBMS, and open-source tools, as well as shell scripting and programming languages to validate data sets produced in response to security incidents

- Technical understanding including TVM, DLP, APT, SIEM, perimeter security, content filtering, packet flows, IPS/IDS, etc

- In-depth understanding of currently supported versions of Microsoft Windows Server and Active Directory, as well as products such as SCCM and SCOM

- Thorough understanding of technical security countermeasures and awareness of external and internal threat landscape

- Knowledge of security standards, frameworks, regulation and legislation

- At least 10 years experience working as part of a mature Cyber Defence Centre / Security Operation Centre function in a large enterprise

- Experience of working with a high degree of autonomy, managing own workload and delivering to tight timescales.

- Experience of working in a regulated environment, not necessarily insurance or financial services.

Haritika