The job is for a Security Risk Manager in the Defence Security Team. The team works to protect assets from malicious threats and manage security risks across three core domains - Cyber, Personnel, and Physical. The role involves contributing and leading security risk assessments, developing new metrics and KPI/KRIs, communicating security impact to stakeholders, participating in due diligence and risk management of supply chain activities, reviewing and interpreting threat intelligence, and supporting the creation and maintenance of new security standards and procedures. The ideal candidate should have a strong understanding of ISO27001 or NIST CSF, knowledge and understanding of risk management principles and emerging toolkits, experience in resolving complex issues across technical and socio-technical risks, and experience in interpreting tailored threat intelligence. Improbable is an equal opportunity employer.
The Defence Security Team looks to support all the teams across Defence and National Security Business, meet objectives in the most secure manner possible. We work closely with a Core Security Team and Engineering teams to identify and protect all assets from malicious threats and detect, respond or recover to a range of security incidents.
We develop processes and manage security risks across three core domains for the Defence Unit - Cyber, Personnel and Physical. Due to the tailored security requirements of our customers, the team plays a key role in applying robust security controls for defined outputs and maintaining bespoke assurance requirements. The team also plays a key role in developing an effective security culture across technical and non-technical business functions whilst upholding the core values of Improbable.
- Contribute and lead security risk assessments across security domains, projects, operational requirements and technical change initiatives.
- Pragmatically assess risks, ensure alignment with information security policies and risk management methodologies used within the information security management system (ISMS).
- Develop and expand new metrics and KPI/KRIs to support risk management functions.
- Communicate the security impact of technical decisions, the approach to risk mitigation and alignment to risk tolerance across to stakeholders across all levels of the business.
- Participate in due diligence and on-going risk management of supply chain activities.
- Review and interpret threat intelligence and provide risk advisory and tutorial services to wider Defence teams.
- Work with stakeholders, both technical and non-technical, to enable a pragmatic approach to apply security best practice. Demonstrating understanding of industry frameworks and NCSC aligned security principles.
- Support the creation and maintenance of new security standards and procedures to aid staff security cultural improvements. Including supporting personnel and physical security processes associated with HMG handling requirements.
Why You're Made For This:
- You will have a strong understanding of ISO27001 or NIST CSF. This will enable you to hit the ground running within our Information Security Management System (ISMS) and contribute towards on-going risk management improvements.
- You will have knowledge and understanding of risk management principles, best practices and emerging toolkits. Including experience of accreditation requirements associated with Cyber Essentials and/or ISO27001. This will ensure you are able to deliver outputs to our required standards.
- You will have experience of helping to resolve complex issues across technical and socio-technical risks. This will help your ability to identify and interpret likely issues associated with our business operations.
- You look to maintain a good understanding of industry security trends and have experience of interpreting tailored threat intelligence. This will help your ability to explain concepts to others and interpret changes within the current threat landscape.
Improbable is determined to foster an environment where people can do their best work and feel like they belong. We believe a healthy culture, strong values and contribution from a diverse range of individuals will help us to achieve success.
We do not discriminate based on race, ethnicity, gender, ancestry, national origin, religion, sex, sexual orientation, gender identity, age disability, veteran status, genetic information, marital status or any other legally protected status.
Life at Improbable
Diversity, inclusion & belonging
Apply for this job
Country: United Kingdom
Date found: 2023-03-21