We are looking to offer a Group IT Security Manager the opportunity to join our expanding IT Department based in Stevenage.
As a Group IT Security Manager you will be a part of our commitment to deliver what we promise for our clients, within the leading essential infrastructure services provider operating within the UK & Ireland.
Does this sound like a role for you? Read more…
About M Group Services and your team
M Group Services is a trusted employer to more than 10,500 people in the UK and Ireland. Operating across 21 businesses in 240 locations, we provide specialist infrastructure services in the water, energy, transport and telecommunications sectors.
We work in a fast-paced environment and our business is constantly growing and evolving. Our central support team, based at Head Office, has grown rapidly and provides support across our Group and divisions to deliver to our people, our clients and their customers.
As a Group we recognise that engaging and empowering our people to deliver and grow is pivotal to driving our business and achieving continued success. We are committed to creating an environment in which our people feel valued, supported and fulfilled.
Who you are?
Do you like a challenge? Are you keen to develop your skills? Do you enjoy finding solutions? If you want to make a difference working within a supportive team environment, we would be pleased to hear from you.
As the Group IT Security Manager, you’ll get the opportunity to:
- Determine Information Security requirements, including IT Systems, Certification, Policies and Procedures
- Oversight of Internal and External audit activity to support compliance against M Group Services and ISO27001 requirements
- Secure the groups information by ensuring that the policies, procedures, and systems are robust.
- Review the IT infrastructure, business applications, access control, people behaviour/work practices, company policies. Procedures as well as third party supplier contracts and controls so that they work together to secure company information
- Support to all parts of the business including attendance of External (Client and Accreditation Body) audits to ensure compliance
- Provide a long-term strategy for security across the group utilising consistent and cost-effective solution
Key accountability 1: Client, Supplier and Staff Engagement.
Liaise with Directors and Senior Managers to identify information security business requirements. Ensure that these are reflected in the policies and procedures of the company.
Produce material to support bid activities, answer questions and present to the Client where necessary.
Attend and represent the business in meetings with Suppliers and Clients to promote Information security considerations.
Engage with Suppliers and Clients to maintain an awareness of upcoming changes so that impact analysis can be performed. All parties appraised of the measures to be taken to minimise the impact to the business.
Attend and present to management & staff to promote Information security policies, procedures, and best practice.
Be seen as an escalation point for Information and IT security issues
Key accountability 2: Compliance and Audit.
Maintain and retain the ISO27001 Certification and where necessary expand the scope to encompass all parts of the Business.
Perform any necessary audits to support the company’s Information Security objectives.
Review Supplier monthly service reports to ensure Information and IT security is being correctly addressed within acceptable levels of tolerance
Manage Risk. Be a point of escalation for Group breaches
Provide guidance for the security aspects of the Software development lifecycle
Ensure that Suppliers & Subcontractors comply with the Company security policies and procedures
Produce & review any actions, policies and guidelines required to maintain the correct level of security required by the business.
Identify Information and IT security risks, evaluate, communicate to key stakeholders, and manage those risks through the company risk register. If necessary, feed these risks into the Business Continuity and Disaster Recovery plans.
Key accountability 3: Security Solutions
Responsible for ensuring that sufficient measures and controls are in place to secure our IT environment and the electronic data held on these systems
Will ensure that sufficient physical security is in place to safeguard access to our IT systems and hard copy data
Work with Group divisions to standardise security solutions in a cost-effective way
What you’ll bring?
- An understanding of Risk assessment within a large business with conflicting priorities.
- Degree or equivalent, professional qualification advantageous e.g., ITIL Service Management, CISSP.
- 10 years relevant experience.
- Good communication skills.
- Good people engagement skills (experience of working within a matrix organisation essential).
- Experience in supplier/relationship management.
- Understanding of IS management issues and drivers of IT strategy (experience in an IT management role a distinct advantage).
- Good analytical skills able to cross reference several data sources to help make sense of the data e.g. Active Directory, HR system and Asset Management data.
What’s in it for you?
- 25 days' annual leave plus statutory holidays
- Discretionary annual bonus
- Contributory Pension scheme
- Life Assurance
- Access to our Employee Assistance Programme
- Cycle to work scheme
- Access to a wide range of discounts and special offers through our online rewards platform
- Private health care
- Company car/ car allowance
Our Vision and Values
Our vision is to be the leading service provider for essential infrastructure in the UK and Ireland.
The core values for our sustainable growth are:
- People – engaging and empowering everyone to deliver and grow.
- Safety – putting health, wellbeing and safety of people first.
- Delivery – helping deliver our clients’ business needs.
- Integrity – behaving respectfully and in a sustainable manner to our communities and the environment, maintaining accountability and honesty in the way we work.