Security Assurance Manager
Permanent
Location: Reading - Hybrid 2 days per week
About the Role:
We have a great opportunity to join a dynamic and innovative cyber security function. If you are ready to take your experience and career in security management to the next level, If you are a skilled and experienced Cyber Security Pro ready to lead and manage a cyber-Security Assurance function in the telecoms sector. Read on and apply today.
Key Responsibilities:
Penetration Testing:
- Manage pen test programs, assess findings, and coordinate remediation activities.
Validate potential vulnerabilities reported internally or externally.
Guidance and Collaboration:
- Provide guidance on application security and DevSecOps best practices.
Collaborate on security content development and Red/Purple Team exercises with the Security Operations CERT/SOC.
Reporting and Escalation:
- Liaise with SAAC and business teams to track product vulnerabilities during the project phase.
Stakeholder Management:
- Manage internal stakeholders and suppliers, organising regular and ad-hoc vulnerability management meetings.
Risk Reduction:
- Liaise with leadership, business, finance, SAAC, and GRC to progress issues.
Additional Responsibilities:
- Support security champions, scoping penetration tests, and managing the penetration-testing program.
- Collaborate with Software Engineers and SREs to ensure product security throughout the development lifecycle.
- Conduct product security training and workshops.
About You:
- Experience with industry security standards and regulations (ISO 27000 series, NIST SP 800 series, GDPR, etc.).
- Knowledge of security and risk management techniques, emerging threats, and vulnerabilities.
- Strong leadership and facilitation skills with the ability to build relationships.
- Highly self-motivated, detail-oriented, and capable of driving change.
- Knowledge of computer networking concepts, protocols, and network security methodologies.
- Familiarity with penetration testing principles, tools, and techniques.
- Familiarity with vulnerability tooling such as Qualys, Nessus, or Skybox is advantageous.
- Understanding of OWASP, static and dynamic analysis, and vulnerability management.
- Relevant security certifications (CISSP, CISM, CCSLP, OCSP, GIAC, GPEN, etc.).
- University Degree in engineering, computer science, or a related technical field.
Are you interested in conducting research, developing technical products, and comfortable delivering presentations? Do you have a passion for assurance? Take the next step and apply today!
Project People is acting as an Employment Agency in relation to this vacancy.