IT Security Manager
Newbury - Hybrid Working
£60,000 - £70,00 + benefits
Fantastic new permanent opportunity for an experienced IT Security Manager with this specialist technology business based in Newbury. My client has a market leading product/service used by some of the largest businesses in the UK and have an excellent reputation in their sector.
As IT Security Manager you report directly into the CFO and will have primary responsibility for data and information security within the business and across all its processes, technical systems, and solutions where data information is handled. You will take the lead on the implementation and operational management of effective technology solutions that prevent internal and external malicious users from compromising data integrity.
You will be the face of Data and Information Security both internally and externally supporting their clients and managing enquiries on data and information security issues, completing security questionnaires for potential clients, and providing responses to security audit requests from existing clients.
- Develop, implement, and enforce suitable and relevant information security policies, ensuring that these are compliant with the General Data Protection Regulations 2018 and other legislation and regulations related to information security.
- Participate in the selection and configuration of appropriate hardware devices such as routers and firewalls to ensure that data and information is sufficiently protected.
- Monitor software applications that manage credentials and the filtering of network traffic to avoid unwanted intrusions.
- Develop and implement, together with suitable materials, an information security awareness and training programme including guidelines regarding how to avoid data corruption, loss, and exposure.
- Manage the Information Security Management System.
- Develop security procedures and standards for the back-up of critical information to physical and cloud-based devices, defining differing security levels and user credentials as appropriate, developing and monitoring test recovery procedures.
- Arrange penetration testing and vulnerability checks owning the programme of work to resolve any weakness identified.
- Review software and hardware architecture and advise on areas of weakness that require addressing.
- Investigate suspected and actual breaches of security, ensuring prompt escalation of issues to senior management, undertaking reporting/remedial actions as required, including proposing innovative solutions.
- Maintain a log of any incidents and remedial recommendations and actions.
- Management of Disaster Recovery/Business Continuity Plan and regular testing.
- Regular reporting and presentation of key management information and progress reports as required.
- Proven background and experience within a similar IT Security Management position.
- Strong broad background within IT with good skills in infrastructure engineering and more recent strong experience within IT Security Operations.
- An understanding of the following technologies: vulnerability scanners (e.g. Nessus), SIEM / logging and monitoring tools (e.g. Graylog), email security tools (e.g. Mimecast), and privileged access management solutions (e.g. BeyondTrust Password Safe).
- A thorough understanding of Windows Operating Systems and in-depth knowledge of securing Active Directory and configuring Group Policies, plus familiarity with using the Linux command shell.
- An understanding of IP routing, subnetting and a general awareness of routing / switching.
- Configuration and troubleshooting of firewalls and VPNs, especially SonicWall and Fortinet.
- Experience of working with virtual machines hosted in Virtual Private Clouds, and experience of using Azure would be beneficial.
- An awareness of other technologies used to include Symantec Endpoint Protection for antivirus, Desktop Central for patch management and Manage Engine MDM for mobile device management.
- Broad awareness of hardware/software, standards, security products and Cyber Threats.
- Good working knowledge of quality assurance principles and practices.
- Up to date knowledge of GDPR and computer-related legislation.
- Implementation and management of ISO 27001.
- Designing and undertaking information security audits.
- Security incident management, investigation and reporting.
- Strong communication and stakeholder management skills.
For any further queries regarding the role, please contact Danny Palmer on or at