Purpose of the Role
AEGIS London are currently seeking an experienced hands-on Cyber Security Manager to join our team to oversee and manage the organisation's cyber security responsibilities. Their role is to protect AEGIS London information assets, systems, networks, and data from potential cyber threats and attacks. The ideal candidate will have a deep understanding of cyber security in the Cloud as we are embarking on a major program to move to Microsoft Azure. Experience in AWS would also be preferable as we are a multi-cloud environment. Our strategy is focussed on utilising where possible SaaS products and COTS packages will mean that you have experience in designing and implementing cloud security controls.
As we continue to be successful and grow as a business you will be responsible for defining and maintaining the cyber security strategy and framework. The cyber security framework consists of policies, processes, procedures and standards that need to be adhered to including the interlink with cyber security risk management. Along with the governance requirements you will be responsible for overseeing day to day security operations in conjunction with our internal IT team and external service providers and partners. You will act as the main focal point for all cyber security matters across AEGIS London including delivering security awareness and training, and providing security response to incidents.
Duties and Accountabilities
- Develop and communicate corporate information security policies, standards and guidelines and updating these in line with the evolving threat landscape across AEGIS London
- Create and update the cyber security strategy to ensure that it is aligned to the business objectives and IT strategy respectively
- Develop and assess organisational strategies that address information control requirements. Identifies and monitors environmental and market trends and proactively assesses impact on business strategies, benefits and risks
- Build and maintain a cyber ecurity risk management framework linked to enterprise risk and ICT risk. This should include working across AEGIS London to identify any cyber security risks and presenting them to the Head of Technology
- Ensures architectural principles and privacy by design principles are applied to new projects and initatives across AEGIS London. Drives adoption and adherence to policy, standards and guidelines that are created
- Working in close conjunction with compliance to ensure that cyber security across AEGIS London complies with cyber security frameoworks such as NIST CSF, ISO27001 and ensuring that regulatory requirements for cyber security are adhered to
- Support external audits and internal audits that are independently carried out, alongisde undertaking maturity assessments and any spot checks to ensure that cyber security policies, standards and requirements are being adhered to
- Leads the provision of authoritative advice and guidance on the requirements for security controls in collaboration with subject matter experts
- Oversee a small team including a security analyst and cyber security third party resources as and when required including providing guidance, training and mentorship to enhance the teams skills and knowledge
- Lead the business response to security incidents, including data breaches, cyber-attacks, and other security-related events including coordinating with internal and external stakeholders and third party services during incident investigations and remediation efforts
- Ensuring that lessons are learned from any incidents or near misses and that these are fed into the annual crisis management exercises that will be undertaken with relevant stakeholders
- Continually develop and deliver a cyber security awareness program across AEGIS London continually educating staff on the latest threats and vulnerabilities to the organisation and externally
- Chair the monthly security group with the relevant business stakeholders and regularly report on the state of the organisations security posture to senior and executive leaders, determining the appropriate metrics to report on
- Working with the Operations Manager and leading the response from IT on Operational Resilience (OR). Ensuring quality and effectiveness, while overseeing end-to-end OR testing, including budgeting, test type determination, severity assessment, IT-focused testing, review of deliverables, and maintenance
- Ownership of the Business Continuity Process (BCP) on behalf of the organisation
- Managing the cyber security Third Party Risk Management program, reviewing our key third parties on a regularly basis from a cyber security perspective and ensuring any risks are identified. This includes the development of cyber risk metrics and reports that are required from AEGIS London’s key suppliers, in line with our policies, processes and security frameworks and providing these to the Third Party Risk Management team
- Population of the cyber metrics dashboard and relevant reports to the relevant stakeholders to provide an overview of the cyber security posture for AEGIS London
Skills, Knowledge and Experience
The Successful candidate will have/be:
- Relevant industry certifications such as CISSP, CISM or similar
- Demonstrable experience in leading a Cyber Security function with a hands-on approach
- Held an Information Security role in a regulated environment (Insurance or Financial Services desired)
- Familiarity with cybersecurity frameworks and standards (e.g., NIST Cybersecurity Framework, CIS Controls, ISO27001, SOC2, etc)
- In-depth knowledge of current and emerging cyber threats, vulnerabilities, and attack vectors and how to protect AEGIS from these
- Experience of deploying identity and access management projects
- Experience of working in a Azure native environment with some experience in multi-cloud environments
- Experience in managing third-party vendors for security services such as SOC, Threat Intelligence, Vulnerability Management, etc
- Strong leadership and team management skills
- Experience of working closely with IT teams to achieve security outcomes
- Experience in building security business cases for leadership to consider
AEGIS Values
Fairness and respect
We make decisions considering the best interests of key stakeholders. We are direct and straightforward in our actions, working collaboratively to create a culture of fairness and respect.
Open and inclusive
We act with integrity, valuing diversity of thought and background. We take time to listen to the needs of our customers, stakeholders and colleagues working together to seek and share information.
Ambitious
We have a passion for success, aspiring to be recognised as best in class. We embrace new opportunities, encouraging innovation in pursuit of our goals.
Striving to be better
We strive to improve at all times, challenging complacency, being agile and adapting to change. We always seek to improve our customers’ experience with us.
Investing in people’s potential
We provide an environment where each employee can reach their personal potential. We encourage personal accountability for performance and individual ownership for growth and success.
AEGIS London is an equal opportunities employer and recognises the value of a diverse workforce in facilitating better decision making and business growth. We encourage a variety of differing views, perspectives and insights to create a collaborative working environment. Diversity and Inclusion are fundamental to our business and we encourage applications from all backgrounds recognising the diversity of society and our customers.
It’s important to us that you are able to perform at your best when applying for a role with AEGIS London. If there are any adjustments we can reasonably make to ensure that the process is accessible for you please telephone us on+44(0)20 7856 7856or email recruitment@aegislondon.co.uk
As a business, we understand individual circumstances may differ and aim to be adaptable and to support flexible working practices. Talk to our recruitment team to understand how AEGIS London can help support you in reaching your full potential