Address
Form of work
SalaryFull time on site - may go to hybrid working after 6 months
Excellent opportunity to build and expand on a new Security & Compliance Department. The Security and Compliance Manager will oversee and manage the Security and Compliance functions with the company. Protection of company data, systems and assets as well as compliance (regulations and standards). You will work across the departments within the company and develop, maintain and implement security policies, controls, procedures etc
Security and Compliance Manager Responsibilities
Security Strategy and Planning:
- Develop and implement a comprehensive security strategy aligned with business objectives.
- Assess risks, vulnerabilities, and potential threats to information systems and assets.
- Define security policies, standards, and procedures to ensure the confidentiality, integrity, and availability of data.
- Collaborate with stakeholders to establish security requirements and ensure their integration into system designs and processes.
- Monitor, interpret, and ensure compliance with applicable laws, regulations, and industry standards (eg, GDPR, HIPAA, PCI DSS).
- Conduct internal and facilitate external audits for ISO 27001 & SOC 2
- Develop and maintain compliance frameworks, controls, and documentation.
- Conduct regular audits and assessments to evaluate the effectiveness of security controls.
- Coordinate responses to compliance-related incidents, breaches, or inquiries.
- Oversee the implementation and management of security controls, including Firewalls, intrusion detection systems, access controls, and encryption mechanisms.
- Establish incident response procedures and lead investigations in the event of security incidents or breaches.
- Stay up to date with emerging threats and vulnerabilities, and proactively address potential risks.
- Conduct security awareness training and education programs for employees.
- Identify and assess risks to the organisation's information assets and systems.
- Develop risk mitigation strategies and work with stakeholders to prioritize and address security risks.
- Conduct regular risk assessments and vulnerability scans.
- Monitor and report on the status of security risks to senior management.
- Collaborate with cross-functional teams, including IT, legal, human resources, and operations, to ensure Security and Compliance requirements are met.
- Engage with external auditors, regulators, and industry groups to maintain awareness of best practices and emerging trends.
- Provide guidance and recommendations to management and employees on security-related matters.
- Foster a culture of security awareness and accountability throughout the organisation.
- A strong understanding of operating system internals and network protocols
- Ability to communicate with personnel at all levels of the organization.
- Project management skills, including organization, coordination of duties, and/or accomplishment of goals.
- Proven experience in implementing and managing security frameworks, including ISO 27001 and SOC 2
- Hold certifications such as CISSP, CISA, or other related qualifications.
- Experience with Change and Release Management based on ITIL best practices.
- Familiarity with Azure and hands-on experience
- Experience with vulnerability scanner Nessus
- Incident investigation experience to effectively respond to and mitigate security incidents.
- Familiarity with Firewall configuration and management
- Expertise in identity and access management (IAM) solutions
- Hands-on experience with intrusion detection and prevention systems (IDPS)
- Understanding of secure coding practices and vulnerability management
- Experience conducting security code reviews and application assessments.
- Experience in secure architecture design and implementation of systems including Threat modelling.
- Experience in managing and configuring security information and event management (SIEM) systems.
- Technical curiosity and an aptitude for swiftly learning and adapting to new technologies.
With over 90 years' combined experience, NES Fircroft (NES) is proud to be the world's leading engineering staffing provider spanning the Oil & Gas, Power & Renewables, Chemicals, Construction & Infrastructure, Life Sciences, Mining and Manufacturing sectors worldwide. With more than 80 offices in 45 countries, we are able to provide our clients with the engineering and technical expertise they need, wherever and whenever it is needed. We offer contractors far more than a traditional recruitment service, supporting with everything from securing visas and work permits, to providing market-leading benefits packages and accommodation, ensuring they are safely and compliantly able to support our clients.
