Job order - J0923-0360 - Permanent Full Time

Title
Senior Business Security Manager

Category
Infrastructure/Cloud

City
UK Wide, UK Wide - Various, United Kingdom

Job Description
Senior Business Security Manager

Position Description
If youre ahead of the game on systems risk and cyber security, we can secure your career ambitions. Our Business Security Managers are trusted to work closely with a wide range of clients on exciting projects with real world purpose and impact.
CGI was recognised in the Sunday Times Best Places to Work List 2023 and has been named one of the Worlds Best Employers by Forbes magazine. We offer a competitive salary, excellent pension, private healthcare, plus a share scheme (3.5% + 3.5% matching) which makes you a member not just an employee. We are committed to inclusivity, building a genuinely diverse community of tech talent and inspiring everyone to pursue careers in our sector, including our Armed Forces, and are proud to hold a Gold Award in recognition of our support of the Armed Forces Corporate Covenant. Join us and youll be part of an open, friendly community of experts. Well train and support you in taking your career wherever you want it to go. We are happy to discuss remote or hybrid working.

Your future duties and responsibilities
As the IT Security Manager for the account you will be responsible for ensuring CGI complies with the clients security policies, which will include reviewing changes and conducting impact analysis. You will also be required to undertake risk assessments and be involved in risk remediation control selection. You'll provide technical advice and assistance to projects both on infrastructure and application design and service from a security perspective. Your role will include engaging with the account service teams to ensure security best practices are followed day-to-day, and providing security advice to account members are both key components of the security service. You will need to manage and participate in external and client security audits, and organise and manage pen tests.
You will also be responsible for the ownership of the vulnerability management process, including vulnerability scanning, remediation and prioritisation of findings. You will then agree actions and priorities with the client, including any patching, configuration and other remediation activities, and liaise with the relevant technical teams. You'll work closely with account service teams and also the Security Operations Centre in order to ensure monitoring, logging, alerting and reporting requirements are met. You will also be responsible for ensuring appropriate handing of security incidents, including any special requirements for confidential and personal data in line with GDPR and also the management and handling of privileged accounts. Finally, you will be responsible for production of security management reports.

Required qualifications to be successful in this role
You should have a solid IT background combined with strong security experience. You will have experience with LAN/WAN technologies and an understanding of networks and protocols, intrusion detection/prevention, anti-virus and patching applications on both end user and server estates. We are looking for someone who has strong, client-facing communication skills, with the ability to influence both external and internal stakeholders.
You'll also need experience of as many of the below as possible;
Managing security on server and end user environments (including patching, anti-virus, server/device hardening, application and access management, privileged account management, event logging).
Working with SOC SIEM services.
Familiarity with undertaking risk or business impact assessments.
Understanding of the fundamentals of Disaster Recovery/Business Continuity.
Knowledge of ISO 27001, regulatory standards such as GDPR and industry standards such as PCIDSS.
Understanding of best practice in service management including Change, Problem and Incident Management. ITIL service management qualifications would be a bonus.
Ability to follow defined standards and security requirements.
Ability to create security process and procedure documents and implement.
Communicate effectively to internal teams and business users within the organisation.
Ability to translate complex technical concepts into easily understood concepts.
Recognised security certification e.g. CISSP, SSCP, CISM.

#LI-AW4
#Hybrid

Insights you can act on

While technology is at the heart of our clients digital transformation, we understand that people are at the heart of business success.

When you join CGI, you become a trusted advisor, collaborating with colleagues and clients to bring forward actionable insights that deliver meaningful and sustainable outcomes. We call our employees members because they are CGI shareholders and owners, and, as owners, we enjoy working and growing together to build a company we are proud of. This has been our Dream since 1976, and it has brought us to where we are todayone of the worlds largest independent providers of IT and business consulting services.

At CGI, we recognize the richness that diversity brings. We strive to create a work culture where everyone belongs, and we collaborate with clients in building more inclusive communities. As an equal opportunity employer, we empower all our members to succeed and grow. If you require an accommodation at any point during the recruitment process, please let us know. We will be happy to assist.

Ready to become part of our success story? Join CGIwhere your ideas and actions make a difference.

Skills

• LAN
• Unix
• Windows

Reference
1078018