Job responsibilities
We are looking for anInformation Security Manager to join our team at Cygnet.
This is a remote role, with the requirement to travel to any Cygnet site for meetings when needed, so access to a car and a full driving licence is required.
Please note:It is essential that you have or are working towardsCISSP accreditation for this role.
Cygnet was established in 1988. Since then we have developed a wide range of health and social care services for young people and adults with mental health needs, acquired brain injuries, eating disorders, autism and learning disabilities within the UK.
The individual in this position will be in charge of providing guidance on the creation and durability of the IT security products being utilized by the organisation, while following best practices and business requirements. They will also aid in the creation, deployment, and upkeep of services that systematically identify potential risks and weaknesses related to current and future systems, making certain that the appropriate and fitting risk controls are in place to safeguard the IT systems. In particular, the post holder will:
- Assist with investigating potential security breaches
- Assist in the implementation of Anti-Virus/ Anti-Spyware
- Monitoring of Anti-Virus and Anti-Spyware
- Monitoring of Security Patching
- Implement and Monitor technical standards across the group, including Cyber Essentials +, DSPT and ISO27001-2022.
- Ensure that the new system design meets security needs
- Ensure that current systems meet security needs
- Internal and external pen testing
- Maintaining the ISMS system.
Key tasks & responsibilities:
IT Infrastructure and Security
- Design, manage and support IT security facilities in line with best practices and aligned security standards
- Make sure that IT security products are installed according to best practices to guarantee the resilience of the system.
- To produce up-to-date IT Security configuration documents, to update these as changes are made, and generally keep all security documentation up to date within the ISMS system
- Promote a proactive approach to IT Security
- To provide a timely resolution in the event of IT security incidents
- Ensure any IT security alerts or breaches are escalated to the Head of Infrastructure and Security and wider Digital Services management team promptly
- Provide the lead between the organisation and third-party suppliers for new installations, support and maintenance, thus ensuring system/service availability
- Interface with support staff and analysts so that any problems arising during design or implementation can be resolved in accordance with the fundamental design concepts and user needs and constraints
- Generate test requirements, together with the support staff and business systems teams, which determine that all of the high-level requirements have been met
- Ensure that IT security products, drawings and designs are maintained in the current state
- Internal and external vulnerability testing to check the security of systems in place.
- Ensure the encryption of company devices across the estate including handhelds.
- Effective line management & leadership of the cyber security team consisting of Network & Cyber analysts
Monitoring, Compliance and Audit
- Working with the IG Board and Digital Services teams to ensure that Cygnet maintains an acceptable level concerning the data and security risk.
- Ensure that all Information Security Action Plans are updated to enable improvements against the assessment.
- Monitor Cygnets security reporting activities to ensure compliance with the law and guidance
- Attend the Information Governance Board held quarterly.
- Stay up to date with data protection legislation and security best practices. Be aware of upcoming requirements for the NIS2 standard.
- Maintenance of the Security Asset Register
Changes/ Upgrades and Maintenance
- To ensure all routine and exceptional maintenance work is carried out securely for software and hardware upgrades required for Cygnet networks.
- Advise the Head of Infrastructure and Security to ensure that all Network changes are recorded and authorised before action and that all documentation is updated accordingly.
Person Specification...
Essential
Education/Qualifications
- CISSP / CISM
- A good understanding of CE+
- Worked with