You’ll bring the innovation. We’ll provide the need.
The Tesco name comes with a dedication to customer service excellence, but Tesco Bank offers something more: a fresh approach to finance. While it’s an innovation in itself, ours is a business built on the next development, the evolution to come. For forward-thinking, technical professionals, that means making a wide-ranging and long-lasting impact in an organisation that’s changing the face of banking.
We have an exciting opportunity for a Senior Cyber Security Manager with extensive IT and Information Security experience to join the IT Security & IAM team in Edinburgh, Glasgow or Newcastle.
In the role you are accountable for:
- Leading, delivering and communicating IT Security initiatives and operations for Tesco Bank, ensuring operational procedures are documented and fully supported.
- Assisting with defining the IT Security strategy in line with the Bank and Technology strategies.
- Monitoring the application and compliance of security operations procedures and review information systems for actual or potential breaches in security.
- Run a penetration testing programme ensuring remediation of identified issues.
- Reviewing and approving designs for IT Security use cases/projects.
- Reviewing and approving IT Security standards and process documentation, ensuring they remain current
- Participating in the management and maintenance of key suppliers and vendors, evaluating usefulness, maximising capabilities, cost of products and making appropriate recommendations.
- Assessing the capability of new tools and technologies in relation to IT Security
- Working across CIO delivery teams to explore and agree solutions that meet business requirements within project and enterprise constraints.
- Ensuring that all identified breaches and security incidents are promptly and thoroughly investigated, updating process documentation where required.
- Ensuring that any system changes required to maintain security are implemented.
- Ensuring I am risk aware - this will include identifying, assessing, managing or mitigating risks - helping to ensure I "do the right thing" at all times.
- Influencing Exec and Senior Management in IT Security decisions and guiding technical specialists by staying abreast of industry trends & solutions.
- Leading teams to execute technical activities.
- Applying appropriate due-diligence to ensure quality solution designs are produced that are compliant with policy and standards.
Required skills/ experience :
Technical CyberArk skills required.
In addition, the following are advantageous:
- Key skills across security domain including Vulnerability Management, Resilience, Web security technologies, Data leakage prevention, Risk Management, Security Incident Management, Security policy formulation, Security governance, Identity & Access Management, Privileged Access Management.
- Experience and exposure of security technologies – e.g. firewalls, proxies, WAF, DDOS solutions, server-based AV/IDS/IPS, SIEM.
- Experience managing risks, reporting to senior stakeholders and driving an improved security posture across organisations
- Understanding of security reference frameworks e.g. NIST
- Experience of public cloud platforms e.g. AWS, Azure and associated controls
- Experience of data centre infrastructure & networking and associated controls
- Experience influencing and communicating with senior business and IT leaders
- Strong written and verbal communication skills
- Experience of communicating technical information to non-technical colleagues
- Experience of managing or leading teams either via direct or matrix management
- Exposure to project management and/or agile methodologies