Manager - Central Services Security Team (CSST)

---

Job description

Manager - Central Services Security Team

Key responsibilities

• Building, developing and leading a central team of Security Engineers, Security Analysts, Security Architect(s) and Security Product Owner.
• Responsible for all Enterprise security products managed within the team ensuring that all technical change and operations are delivered.
• Build and manage relationships with key business stakeholders including BTS Product Groups, CISO (C&IR), external suppliers, Projects & Programmes to enable the ongoing delivery of an effective end-to-end security capability.
• Managing security incidents across BTS Product Groups and the IT Supply Chain providing appropriate executive communication briefings.

Key aspects of the work will include:

• Identify and drive cyber security improvements across people, process, technology and suppliers; such as vulnerability and privileged access management.
• Accountable for architectural solutions that are aligned to enterprise architecture & security standards to meet agreed technology and service acceptance criteria.
• Management of mitigating actions and resolution for relevant product risks, issues and technical debt.
• Management of the team's budget, and recharging of actual work completed to sponsoring divisions and projects
• Leading contributions to the Security communities of practice, providing thought leadership, coaching and mentoring of other employees to build the overall business, technical and security product capability within BTS.

Minimum:

• Significant experience in leading internal and external security technical teams to deliver across the spectrum of IT change and run capabilities
• Significant experience in IT security product strategy, architecture, innovation, risk & issue management, quality assurance and the business requirements to introduce changes to IT security products.
• Deep experience of leading complex, business affecting security incidents which require balancing organisational availability requirements and risk management practices.
• Significant experience of managing a portfolio of Enterprise security systems from a development and operational service perspective. Budget responsibility of circ. £5m (run and change).
• Have, or be willing and able to obtain HMG SC Clearance.

Essential:

• Significant experience in Security Operations Centre (SOC)/Security Incident and Event Monitoring (SIEM) originated security investigations.
• Significant experience in estimating resource, cost and time requirements to deliver change and run activities across a suite of security products.
• Significant experience in service management, incident and problem management to a diverse business.
• Extensive knowledge and demonstrable experience of Information Security principles, tools, processes and procedures.
• Strong understanding of Security frameworks such as NIST, CIS etc.
• Effective influencing and negotiating at all levels (including peers & Exec), communicating explicit and implicit trade-offs that impact the security enterprise.
• Credible leader, able to adapt style to build strong relationships with senior leaders, collaborating across the organisation and use various techniques to facilitate innovation.
• Strategic and pragmatic thinker focused on outcomes and the bigger picture with the confidence to engage constructively to challenge established approaches.
• Excellent collaborative approach working in an Agile/distributed security model
• Relevant recognised security certification, eg CISSP, CISM, etc

Desirable:

• Exceptional coaching skills, able to coach peers and teams of specialists in Product management methodologies and security best practise.
• Well versed in dealing with external security reports from security researchers.