Address
Form of work
SalaryCyber Security Operations Manager
Reference Number - 78350
This Cyber Security Operations Manager will report to the Head of Cyber Security and Technology Risk and will work within the Information Systems directorate based in either our Crawley, London or Fore Hamlet, Ipswich offices. You will be a permanent employee.
You will attract a salary of 80,000.00 and a bonus of 10%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote
Close Date: 25/02/2024
We also provide the following additional benefits
- Annual Leave
- Personal Pension Plan - Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)
- Tenancy Loan Deposit scheme
- Tax efficient benefits: cycle to work scheme
- Season ticket loan
- Occupational Health support
- Switched On - scheme providing discount on hundreds of retailers products.
- Discounted access to sports and social clubs
- Employee Assistance Programme.
JOB PURPOSE:
The Cyber Security Operations Manager supports the Head of Cyber Security and Technology Risk in ensuring that UK Power Networks (UKPN) network systems and customer data are adequately protected from cyber threats.
UKPN are looking for someone who will continue to shape the future of our Cyber Security Operations capabilities, applying threat hunting, metrics, and automation to enhance our ability to withstand and recover at scale from evolving cyber threats.
The Cyber Security Operations Manager provides overall daily and strategic management of people, process, and technology capabilities within the Cyber Security Operations Team.
DIMENSIONS:
- People - Direct management of circa 14 permanent and temporary Cyber Security Operations resources plus the management of third-party service providers.
- Financial - Shared budget responsibility for 3-5m annual covering resources, tools and outsourcing.
- Suppliers - Management and oversight of the outsourced Cyber Security Managed Service contract.
- Communication - represent the implication of cyber threats to the business in verbal, written, and presentational form and to make recommendations for action that enable senior leaders make difficult decisions.
- Partners - Create collaborative relationships with all partners, third party providers, suppliers, and partners to improve outcomes and create agreement around a vision or course of action.
PRINCIPAL ACCOUNTABILITIES:
- Manage the Cyber Security Operations team and the quality of third party services and deliverables, reviewing performance.
- Take the lead management responsibility for all Cyber Security event monitoring and incident response services received from all partner organisations with a focus on our Managed Security Service relationship (MSS).
- Manage the search for cyber threats that may go undetected in our environment that have evaded our automated security tools and defences.
- Accountable for Cyber Security incident response management including the establishment, maintenance and improvement of Cyber Security incident response plans, procedures, and playbooks.
- Manage post-incident activity to include scheduling and chairing Post Incident Reviews (PIR), the documentation of Root Cause Analysis (RCA) for security incidents and the tracking of actions to prevent incident recurrence and strengthen relevant controls.
- Plan, execute and learn lessons from regular cyber-attack simulation exercises to test our IT and organisation resilience to improve cyber defences and attack preparedness.
- Manage the suite of Cyber Security tools and platforms to enable prevention and detection of cyber threats.
- Promote security orchestration, automation, and response (SOAR) solutions for systems and operational playbooks to enable efficient discovery of security events and response actions.
- Produce accurate Cyber Security metrics dashboards and reports for both technical and partners on the effectiveness of UK Power Networks' Cyber Security monitoring, defence and incident response capabilities.
- Undertake role-modelling, mentoring and evaluation of staff within the team, creating an environment where the team excels.
- Help develop and implement UK Power Networks' Cyber Security Strategy ensuring alignment to the company vision, values and strategic objectives.
- Deputise for the Head of Cyber Security and Technology Risk for certain pre-agreed tasks and activities.
NATURE AND SCOPE:
The Information Systems Department works across UK Power Networks, supporting us in the achievement of our vision to become the best performing DNO. The team achieve this through the provision of technology solutions, and the optimisation of current solutions to improve how we operate. Continuous improvement, customer service and seamless delivery is at the heart of this ethos and are therefore underpinned by effective Cyber Security.
You will work with the Cyber Security Architecture Manager, the Cyber Security Technical Assurance Manager, the Cyber Security Governance, Risk and Compliance Manager, and the Cyber Security Portfolio Manager. You will support all other team members, the rest of Information Systems team, IT Service Providers and partners across UK Power Networks to implement and improve Cyber Security Operations capabilities.
You will blend several skillsets including Cyber Security technology assessment, design, implementation, operation, governance, change management and communications. The main measure of success for this role is upholding the IT and organisational resilience of UK Power Networks concerning cyber threats and incidents.
Qualifications:
- Minimum 5 years+ experience leading Cyber Security Operations teams.
- Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, related field or equivalent training and/or experience.
- Hold an industry recognised information security qualification such as GIAC/GCIA/GCIH, CISSP or CompTIA Advanced Security Practitioner (CASP+) or SIEM-specific training and certification.
- An understanding of compliance and regulatory frameworks such as National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and ISA/IEC 62443, ISO/IEC 27001/27002, GDPR.
- Working knowledge of security technologies including SIEM, SOAR, EDR, AV, IDS/IPS, NAC, AD, DLP, Web Filtering, Email Filtering, Behavioural Analytics.
- Knowledge of adversarial tactics, techniques, procedures (TTPs) and industry standard frameworks (Mitre ATT&CK).
- Practical experience of incident response governance (lifecycles, frameworks, incident handling) and developing incident response playbooks/processes, Security Orchestration, Automation and Response (SOAR), running red-team exercises and tabletop crisis war games.
- Working knowledge of SIEM and SOAR solutions, Identity and Access Management and Data Loss Prevention technologies preferably including FortiSIEM, Q-Radar, Sentinel, Darktrace, Microsoft Defender.
- Log correlation and analysis, including chain of custody and forensics investigations and requirements.
- Experience managing suppliers for an outsourced Managed Security Services (MSS) in an environment with both internal and external IT service providers.
- Experience monitoring Operational Technology (OT) systems, including Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA)
- Experience working within a regulated environment, preferably Energy sector Critical National Infrastructure (CNI)
Health & Safety Responsibilities
Managers and supervisors carry both legal and company responsibilities for ensuring the health and safety of their employees, those under their control and those who might be affected by the work undertaken, i.e. public, visitors and employees of other organisations. This includes briefing individuals working for them and ensuring there is the necessary understanding, competence and application of requirements to work safely and without harming the environment.
Employees will ensure they understand the health and safety risks involved in their work activities and their responsibility to apply the controls needed to manage those risks to acceptable levels. Similarly where work activities can have an adverse impact upon the environment, and where there are legal requirements, employees will understand those impacts and the controls they must ensure are applied.
If in doubt ask!
We are committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.
