Security & Information Assurance Manager Newbury, England
Job description
Security and Information Assurance Manager
Location: Newbury, Hybrid
Salary: Excellent basic salary plus bonus and Vodafone benefits
Hours: Full time 37.5 hours per week – Mon to Fri
Who We Are
We’re a global technology communications company that empowers people and businesses to stay connected and thrive in a digital world. With a focus on innovation, sustainability and earning customer loyalty, we leverage cutting-edge technology to offer products and services that enhance communication and improve lives.
At Vodafone UK, diversity isn’t just a buzzword, it is core to who we are as a company. We’re proud to be certified as a Great Place to Work and are committed to driving inclusion for all; creating a workplace that is fully representative of the communities and customers we serve.
Hybrid
At Vodafone UK we believe that through collaboration and connection we can achieve great things. Our blended working approach allows our people to work both in the office and at home, providing the flexibility and resources you need to succeed in your role. Our “Office in a Box” home working kit will provide you with everything you need, no matter where you are.
Corporate:
Join us at the heart of Vodafone UK in Corporate, one of the central support functions that underpin our business and keep us moving forward. We provide centralised support, expertise and guidance across our UK and Group operations, continuing to build on our success and trailblazing the way to our next stage of digital growth.
Role purpose:
The Government Security Team is responsible for providing operational support to government and law enforcement agencies in order to meet our obligations under the Investigatory Powers Act. Technical solutions are at the heart of our ability to meet these obligations, and in the process, help fight serious crime and save lives. We offer an industry leading capability and need the best people to ensure we maintain this.
As the Security and Information Assurance Manager, you will be the security authority and primary point of contact for the team. You will lead a small team and be accountable for ensuring our operation, platforms and data are secure. You will implement appropriate methodology, processes and controls to ensure that solutions are secure by design, effective operational and technical security controls are in place and both Vodafone and our suppliers remain compliant with the stringent security requirements placed upon us.
What you'll do
Overall security authority for Government Security people, processes, projects and platforms.- Provide cyber and technical security expertise and advice to Domain Architects and Solution Designers while developing new propositions and solutions to ensure all solutions are secure by design, robust and resilient.
- Lead security impact assessments for products, services, network changes and new technologies, identifying gaps, risks, and opportunities, making recommendations and overseeing implementation.
- Review, interpret and maintain compliance with external (HMG) security requirements and Security Aspects Letters, ensuring appropriate requirements are cascaded to vendors and suppliers and compliance assured.
- Forge and maintain excellent working relationships with other Vodafone security teams ensuring continued awareness of current standards, policies and processes, applying these where appropriate within Government Security.
- Implement and manage a security governance framework incorporating internal and external stakeholders creating a security focussed, collaborative culture with all parties.
- Implement and manage a robust risk management framework for Government Security, taking ownership and accountability of risk registers and acting as SIRO for the function.
- Develop, implement and maintain effective security incident management processes, incorporating reporting, recording and resolution.
- Produce, publish, maintain and ensure compliance with local security operating procedures incorporating all physical locations, operations and personnel.
- Manage the annual IT Security Health Check process to include scoping, supplier engagement, review and remediation of findings.
- Identify opportunities and drive changes to improve security of compliance systems taking proactive steps to protect against emerging threats.
Who you are;
Proven technical experience in controls testing in complex IT or Telecommunications environments- Familiarity with security risks as well as processes, technologies and tools to mitigate these risks – preferably including the specific risks and countermeasures in the Telecommunications environment
- In depth understanding of security domains - access control, network security, operation security, encryption, etc.
- Proven experience of security concepts and technologies (defensive and offensive security, security architecture, application security, PCI DSS, OWASP, SANS, NIST, etc.).
- Sound working knowledge and experience of different technologies including cloud (preferably AWS) web applications, infrastructure and operating systems.
- Recognised Information Security certification such as CISSP, SSCP, CISM, ISO27001 lead auditor or extensive experience in working with ISO27001 or similar security framework.
- Excellent reporting (oral and written) and stakeholder management skills
- Attention to detail, strong analytical skills and efficient problem solving capability
- Security Cleared to SC level and be willing to undergo higher level clearance checks if required.
Desired knowledge and experience:
A good understanding of Mobile Telecommunication Concepts including 5G, 4G and 3G Telecommunication Network Concepts- Previous experience working in IPA compliance systems as well as experience of working with Telecommunications Data
- Experience of working within formal security frameworks
- Familiar or experienced with legislation or regulation such as: Investigatory Powers Act, PECR, GDPR, DPA, RIPA
What we offer
We believe that taking care of our employees is the key to their success. That is why we offer an excellent remuneration and bonus package with up to 28 days holiday entitlement, in addition to bank holidays and paid leave for charity projects. We offer an extensive benefits package that can be tailored to suit you and your family, including employee discounts, retail vouchers, pension plan and share schemes. We take pride in our commitment to supporting you at every stage of your career by providing top of the range learning and development tools, market leading parental leave policies and an innovative Reconnect programme for people who have taken a career break.
Worried that you don’t meet all the desired criteria exactly? At Vodafone we are passionate about Inclusion for All and creating a workplace where everyone can thrive, whatever their personal or professional background. If you’re excited about this role but your experience doesn’t align exactly with every part of the job description, we encourage you to apply as you may be the right candidate for this role or another role, and our recruitment team can help you see how your skills fit in.
Together we can
Vodafone UK are regulated by the Financial Conduct Authority and all offers of employment for this role are subject to background checks, including criminal (DBS) and financial checks to meet the regulators standards.
If you require any reasonable adjustments or have an accessibility request as part of your recruitment journey, for example, extended time or breaks in between online assessments, a sign language interpreter, or assistive technology, please refer to the Accessibility section of our Careers website (https://careers.vodafone.com/uk/applying-to-vodafone/) for guidance.
