Security Testing Manager - Major UK Business Software / Services Supplier

Location: Birmingham
Salary:
Up to £75k (dependant on experience) + excellent package

Role Summary

Our Client’s Director of Security & Compliance is a former RMP Officer who is currently building a new Security Testing Team.  He is interested in the transferable attributes that suitable ex-military hires would bring - most probably individuals who have had broad exposure to Information Security over a variety of former roles - ie REME maintaining equipment with that vulnerability; Royal Signals at supervisory level; perhaps Unit level signals specialists etc.

As Security Testing Manager you will be responsible for developing and managing a team of Security Analysts responsible for providing testing services to both internal and external customers. This will involve delivery of external and internal discovery services, vulnerability assessments, penetration testing and secure software development testing.  

The Company

One of the UK's largest and fastest-growing software and IT services companies, delivering a range of solutions to their 20,000 + customer base across every corner of the UK market.

Key Responsibilities

This is a key leadership role with a strong focus on people, process and tooling; your remit will cover all aspects of the Security Testing:

  • Ownership - As the firm develops its offerings and delivers professional security testing capabilities it needs a leader of people to drive forward activity across integrated service delivery, Development Ops and Artificial Intelligence Ops. This includes reviewing how best to provide support to both internal and external customers.

  • Leadership – You will lead the team, ensuring the provision of cost effective operational security assessments and the effective testing of customers’ IT Infrastructure and Applications.

  • Direction – As Security Testing Manager you will provide the direction to ensure that the company stays ahead of our competitors through the delivery of excellent proactive support to all our internal and external clients.

  • Colleagues – The Security Testing manager will develop and manage a team of 12+. You will define the direction, the training and development plan, set expectations and ensure that the team delivers. The firm aims to promote from within where possible, therefore you will need to ensure that in addition to delivering outstanding service you are developing future leaders.

  • Budgets – You will have input into the annual Capex & OpEx Budgets, and will be required to run and deliver to the agreed budget. You will review and optimise current costs and achieve cost saving through agreed means such as consolidation and collaboration.

  • Cooperation & Teamwork - You will work closely with Pre-Sales, Transition teams and Project Managers to on-board support new and existing clients through the defined Service Take on process.

Key Requirements 

  • Strong procedural expertise along with leadership and communication skills, to develop and then improve the delivery of the service.

  • Effective communication skills to provide updates to all stakeholders on a regular basis.

  • A ruthless approach to delivering operational excellence, productivity and efficiency

  • Strong consultancy  / relationship building skills and excellent motivational abilities in order to meet deadlines and handle change.

  • Use resources to best advantage by collaborative working with team leaders, technology leads and professional services resource and operational teams.

  • Set appropriate behaviour & performance standards to energise your team and deal with change and uncertainty in a positive manner.  

  • Work on projects and initiatives as directed by the Head of Security and Compliance to support changes and opportunities in the Group.

  • Knowledge of Open Web Application Security Project (OWASP) vulnerabilities, tools and methodologies

  • Ideally, knowledge of Hypertext Transfer Protocol (HTTP), PCI Approved Scanning Vendor protocols and the Secure Software Development LifeCycle (SSDLC).  

  • Extensive knowledge of good security practice covering the physical and logical aspects of information products, systems integrity and confidentiality

  • Expert in methods and techniques for risk management, business impact analysis, countermeasures and contingency arrangements relating to the serious disruption of IT services

  • Expert in tools or systems which provides access security control (i.e. prevents unauthorised system access)

  • Strong current knowledge of PCI, DPA and ISO27001

Please apply with CV in Word and short covering letter explaining your fit to the role and earliest availability; deadline Friday 17 June.  Early application may be advantageous.