Deloitte
Connect to your Industry Do you want to be at the heart of some of the biggest and most ambitious programmes undertaken to keep our country safe? We are proud of the impact we have with our range of Defence and Security clients, from the strength of our relationships to the variety of our skills and expertise that we bring to help these clients deliver on their mission. We're growing our teams across all of Technology and Transformation. If you are cleared to SC or DV level, or willing and eligible to obtain this and want to grow your career in this sector, we would love to hear from you. Connect to your career at Deloitte Deloitte drives progress. Using our vast range of expertise, we help our clients' become leaders wherever they choose to compete. To do this, we invest in outstanding people. We build teams of future thinkers, with diverse talents and backgrounds, and empower them all to reach for and achieve more. What brings us all together at Deloitte? It's how we approach the thousands of decisions we make every day. How we behave, our beliefs and our attitudes. In other words: our values. Whatever we do, wherever we are in the world, we lead the way, serve with integrity, take care of each other, foster inclusion, and collaborate for measurable impact. These five shared values lead every decision we make and action we take, guiding us to deliver impact how and where it matters most. Connect to your opportunity We recognise the importance of bringing together diverse experience and perspectives to innovatively solve some of our clients most complex problems and as a Cyber Security Manager, you will become a trusted advisor to those clients, helping them to navigate the complex world of cyber security, building robust security postures and supporting complex cyber transformations. You will leverage your expertise and that of our technical SMEs to assess their current state, identify vulnerabilities and design and implement tailored solutions that align with their business objectives and risk appetite. As a senior member of the team, you must develop relationships with key stakeholders, understand a client's security policy framework and control sets, and design solutions that will meet our unique requirements. Our projects vary greatly and your responsibility as a cyber security manager will differ based on the focus of the engagement and your skillset, but could include and may require you to: Lead client engagements, building strong relationships and understanding their business objectives, risk tolerance, and security challenges. Conduct effective workshops and presentations, clearly communicating complex security concepts to both technical and non-technical stakeholders. Perform comprehensive cyber security assessments, including: vulnerability assessments; security architecture reviews; and risk analysis to identify potential security threats and vulnerabilities. Utilise industry-standard frameworks and methodologies (e.g., NIST, ISO 27001, CIS, CAF) to evaluate and benchmark client security posture. Develop pragmatic and cost-effective security solutions tailored to client needs, encompassing people, process, and technology aspects. Provide guidance on security technologies, architectures, and best practices for implementing secure solutions. Assist clients in developing and refining their cyber security strategy, aligning it with their business goals and risk appetite. Create actionable roadmaps for implementing security initiatives, prioritising activities based on risk and business impact. Support clients in developing and testing incident response plans and business continuity strategies. Stay abreast of emerging threats, vulnerabilities, security trends and industry best practices. Contribute to thought leadership initiatives, developing white papers, presentations, and blog posts to share expertise. Provide specialist technical advice, recommended approaches, recommended security controls and identify solutions that meet client business objectives. Stay up to date with emerging security threats, technologies, and industry best practices, and provide recommendations for improvement. Connect to your skills and professional experience All applicants must be willing and eligible to apply for and obtain UK security clearance to Security Check (SC) or Developed Vetting (DV) level, if not already holding an existing clearance. Candidates will be able demonstrate relevant knowledge and experience through a combination of qualifications and evidence of work history such as: Information Security qualification (or equivalent) e.g. CISSP, CISM, CRISC, GSEC. In-depth knowledge of security frameworks, standards, and best practices (e.g., ISO 27001, NIST, CIS, CAF). Experience of working in Cyber/Information security within the Defence / Security environment with a focus on one of more of the domains (Land, Air, Maritime, Space, Cyberspace). Experience of working within Defensive Cyber Operations with an in-depth knowledge of at least one specialisation (security monitoring, network operations, Incident Response/Management, Threat Intelligence, Vulnerability Management or Cyber Operations). Experience working in or with Government organisations, including the handling of assets subject to the Government Security Classification Policy. Experience of threat and risk modelling. Strong understanding of network security, encryption, authentication, and access control mechanisms. Experience with security technologies such as firewalls, intrusion detection/prevention systems, security information and event management (SIEM) systems, and vulnerability assessment tools, and their configuration options. Familiarity with cloud security principles and best practices, including securing cloud-based infrastructure and services (AWS, Azure or Google). Experience of research in technology trends and ways to secure those technologies. A strong working knowledge of Government cyber requirements related to Defence and Security e.g. JSP440, JSP441, JSP453, JSP490, JSP503, JSP628, JSP892, Security Risk Management, Information Security, Secure by Design, Supply Chain Security. Connect to your business - Technology and Transformation Distinctive thinking, deep expertise, innovation and collaborative working. That's what connects us. That's what makes us Deloitte. If you want to help solve some of the biggest tech and transformational challenges around, join us. Together, we'll make an impact that matters. Cyber The modern world is more complex than ever before, and we are navigating an ever-changing landscape. We help clients to operate with resilience and grow with confidence to secure success and minimise risk. Personal independence Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints (e.g., in relation to any financial interests and employment relationships). This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm, and also prohibitions on certain employment relationships (e.g., you are not permitted to hold a secondary employment role with SEC audit clients of the firm whilst being employed by the firm). The recruitment team will provide further detail as you progress through the recruitment process or you can contact the Independence team upon request. Connect with your colleagues "The opportunities to make a difference here are huge. We're constantly encouraged to come up with ideas, so a lot of what we do to drive change comes from within our own workforce. - Gurpal, T&T "Innovation is at the heart of everything we do, so we're using the latest technologies to constantly improve how we deliver our projects and bring insights to our clients. It means I'm always learning." - Gurpal, T&T Our hybrid working policy You'll be based in London with hybrid working. At Deloitte we understand the importance of balancing your career alongside your home life. That's why we'll support you to work flexibly through our hybrid working policy. Depending on the requirements of your role, you'll have the opportunity to work in your local office, virtual collaboration spaces, client sites and remotely. You'll get the chance to meet face to face when needed, while you collaborate and learn from colleagues, share your experiences, and build the relationships that will fuel your career and prioritise your wellbeing. Please check with your recruiter for the specific working requirements that may apply for your role. Our commitment to you Making an impact is more than just what we do: it's why we're here. So we work hard to create an environment where you can experience a purpose you believe in, the freedom to be you, and the capacity to go further than ever before. We want you. The true you. Your own strengths, perspective and personality. So we're nurturing a culture where everyone belongs, feels supported and heard, and is empowered to make a valuable, personal contribution. You can be sure we'll take your wellbeing seriously, too . click apply for full job details
Connect to your Industry Do you want to be at the heart of some of the biggest and most ambitious programmes undertaken to keep our country safe? We are proud of the impact we have with our range of Defence and Security clients, from the strength of our relationships to the variety of our skills and expertise that we bring to help these clients deliver on their mission. We're growing our teams across all of Technology and Transformation. If you are cleared to SC or DV level, or willing and eligible to obtain this and want to grow your career in this sector, we would love to hear from you. Connect to your career at Deloitte Deloitte drives progress. Using our vast range of expertise, we help our clients' become leaders wherever they choose to compete. To do this, we invest in outstanding people. We build teams of future thinkers, with diverse talents and backgrounds, and empower them all to reach for and achieve more. What brings us all together at Deloitte? It's how we approach the thousands of decisions we make every day. How we behave, our beliefs and our attitudes. In other words: our values. Whatever we do, wherever we are in the world, we lead the way, serve with integrity, take care of each other, foster inclusion, and collaborate for measurable impact. These five shared values lead every decision we make and action we take, guiding us to deliver impact how and where it matters most. Connect to your opportunity We recognise the importance of bringing together diverse experience and perspectives to innovatively solve some of our clients most complex problems and as a Cyber Security Manager, you will become a trusted advisor to those clients, helping them to navigate the complex world of cyber security, building robust security postures and supporting complex cyber transformations. You will leverage your expertise and that of our technical SMEs to assess their current state, identify vulnerabilities and design and implement tailored solutions that align with their business objectives and risk appetite. As a senior member of the team, you must develop relationships with key stakeholders, understand a client's security policy framework and control sets, and design solutions that will meet our unique requirements. Our projects vary greatly and your responsibility as a cyber security manager will differ based on the focus of the engagement and your skillset, but could include and may require you to: Lead client engagements, building strong relationships and understanding their business objectives, risk tolerance, and security challenges. Conduct effective workshops and presentations, clearly communicating complex security concepts to both technical and non-technical stakeholders. Perform comprehensive cyber security assessments, including: vulnerability assessments; security architecture reviews; and risk analysis to identify potential security threats and vulnerabilities. Utilise industry-standard frameworks and methodologies (e.g., NIST, ISO 27001, CIS, CAF) to evaluate and benchmark client security posture. Develop pragmatic and cost-effective security solutions tailored to client needs, encompassing people, process, and technology aspects. Provide guidance on security technologies, architectures, and best practices for implementing secure solutions. Assist clients in developing and refining their cyber security strategy, aligning it with their business goals and risk appetite. Create actionable roadmaps for implementing security initiatives, prioritising activities based on risk and business impact. Support clients in developing and testing incident response plans and business continuity strategies. Stay abreast of emerging threats, vulnerabilities, security trends and industry best practices. Contribute to thought leadership initiatives, developing white papers, presentations, and blog posts to share expertise. Provide specialist technical advice, recommended approaches, recommended security controls and identify solutions that meet client business objectives. Stay up to date with emerging security threats, technologies, and industry best practices, and provide recommendations for improvement. Connect to your skills and professional experience All applicants must be willing and eligible to apply for and obtain UK security clearance to Security Check (SC) or Developed Vetting (DV) level, if not already holding an existing clearance. Candidates will be able demonstrate relevant knowledge and experience through a combination of qualifications and evidence of work history such as: Information Security qualification (or equivalent) e.g. CISSP, CISM, CRISC, GSEC. In-depth knowledge of security frameworks, standards, and best practices (e.g., ISO 27001, NIST, CIS, CAF). Experience of working in Cyber/Information security within the Defence / Security environment with a focus on one of more of the domains (Land, Air, Maritime, Space, Cyberspace). Experience of working within Defensive Cyber Operations with an in-depth knowledge of at least one specialisation (security monitoring, network operations, Incident Response/Management, Threat Intelligence, Vulnerability Management or Cyber Operations). Experience working in or with Government organisations, including the handling of assets subject to the Government Security Classification Policy. Experience of threat and risk modelling. Strong understanding of network security, encryption, authentication, and access control mechanisms. Experience with security technologies such as firewalls, intrusion detection/prevention systems, security information and event management (SIEM) systems, and vulnerability assessment tools, and their configuration options. Familiarity with cloud security principles and best practices, including securing cloud-based infrastructure and services (AWS, Azure or Google). Experience of research in technology trends and ways to secure those technologies. A strong working knowledge of Government cyber requirements related to Defence and Security e.g. JSP440, JSP441, JSP453, JSP490, JSP503, JSP628, JSP892, Security Risk Management, Information Security, Secure by Design, Supply Chain Security. Connect to your business - Technology and Transformation Distinctive thinking, deep expertise, innovation and collaborative working. That's what connects us. That's what makes us Deloitte. If you want to help solve some of the biggest tech and transformational challenges around, join us. Together, we'll make an impact that matters. Cyber The modern world is more complex than ever before, and we are navigating an ever-changing landscape. We help clients to operate with resilience and grow with confidence to secure success and minimise risk. Personal independence Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints (e.g., in relation to any financial interests and employment relationships). This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm, and also prohibitions on certain employment relationships (e.g., you are not permitted to hold a secondary employment role with SEC audit clients of the firm whilst being employed by the firm). The recruitment team will provide further detail as you progress through the recruitment process or you can contact the Independence team upon request. Connect with your colleagues "The opportunities to make a difference here are huge. We're constantly encouraged to come up with ideas, so a lot of what we do to drive change comes from within our own workforce. - Gurpal, T&T "Innovation is at the heart of everything we do, so we're using the latest technologies to constantly improve how we deliver our projects and bring insights to our clients. It means I'm always learning." - Gurpal, T&T Our hybrid working policy You'll be based in London with hybrid working. At Deloitte we understand the importance of balancing your career alongside your home life. That's why we'll support you to work flexibly through our hybrid working policy. Depending on the requirements of your role, you'll have the opportunity to work in your local office, virtual collaboration spaces, client sites and remotely. You'll get the chance to meet face to face when needed, while you collaborate and learn from colleagues, share your experiences, and build the relationships that will fuel your career and prioritise your wellbeing. Please check with your recruiter for the specific working requirements that may apply for your role. Our commitment to you Making an impact is more than just what we do: it's why we're here. So we work hard to create an environment where you can experience a purpose you believe in, the freedom to be you, and the capacity to go further than ever before. We want you. The true you. Your own strengths, perspective and personality. So we're nurturing a culture where everyone belongs, feels supported and heard, and is empowered to make a valuable, personal contribution. You can be sure we'll take your wellbeing seriously, too . click apply for full job details
Hays Technology
UK ONLY - SPONSORSHIP IS NOT AVAILABLE Job Purpose: This role is responsible for overseeing and enhancing the security of our IT systems, data, and networks. You will conduct regular security audits, assessments, and tests, and identify and resolve any vulnerabilities or breaches.You will also develop and implement security policies, procedures, and standards, and ensure compliance with the relevant laws and regulations, and train and educate employees on the best practices and awareness of IT security. Operating Environment:The role operates within the IT Services Team, The IT Services Team includes specialist staff delivering core outputs that are both external-facing and internal key enablers. Framework & Boundaries: The role is responsible for improving the quality, wellbeing and efficiency of our IT Security. The role has external-facing responsibilities and is required and authorised to act as a representative for the organisation. Key accountabilities:Monitor and Inspect: Regularly monitor the network for security threats or breaches. Policy Development: Develop and implement security policies and procedures to safeguard data and systems. Vulnerability Testing: Perform regular vulnerability testing and risk assessments to identify and mitigate security risks. Incident Response: Investigate security incidents and provide post-event analysis and recommendations. Security Tools Management: Manage and maintain firewalls, intrusion detection and prevention systems, antivirus software, and other security tools. Compliance: Ensure compliance with industry regulations and standards. Training: Train technical and non-technical employees on security protocols, procedures, and best practices. Disaster Recovery: Participate in disaster recovery planning and testing to ensure business continuity in the event of a security incident. Job impact:Risk Mitigation: Implementing robust security measures to significantly reduce the risk of data breaches, cyber-attacks, and other security incidents. Proactive Threat Management: Identifying and addressing vulnerabilities before they can be exploited, thereby enhancing the overall security posture of the organisation. Ensuring that the organisation complies with relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA, PCI-DSS), thereby avoiding legal penalties and enhancing trust with stakeholders. Maintaining a state of readiness for security audits and assessments, ensuring that all security controls and measures are well-documented and effective. Developing and implementing disaster recovery plans to ensure business continuity in the event of a security incident or data loss. Efficiently managing and mitigating the impact of security incidents to minimise downtime and operational disruption. Knowledge and experience:Technical Proficiency: In-depth knowledge of network security software - Meraki Cloud, Cloudflare, Mimecast, encryption technologies, and other security hardware and software tools. Current Trends: Stay current with the latest trends in cybersecurity threats and defence strategies. Problem-Solving: Strong problem-solving skills and the ability to work well under pressure. Communication: Good communication skills to effectively train employees and coordinate with other departments. Functional/technical skills: Firewall Management: Proficiency in configuring and managing firewalls to protect network boundaries. Intrusion Detection/Prevention Systems (IDS/IPS): Experience with IDS/IPS to monitor and respond to potential threats. VPNs and Remote Access: Knowledge of setting up and managing Virtual Private Networks (VPNs) and secure remote access solutions. Patch Management: Ability to manage and deploy security patches and updates to systems and applications. Endpoint Security: Experience with endpoint protection solutions, such as antivirus and anti-malware software. Proficiency in implementing and managing encryption technologies to protect data at rest and in transit. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
UK ONLY - SPONSORSHIP IS NOT AVAILABLE Job Purpose: This role is responsible for overseeing and enhancing the security of our IT systems, data, and networks. You will conduct regular security audits, assessments, and tests, and identify and resolve any vulnerabilities or breaches.You will also develop and implement security policies, procedures, and standards, and ensure compliance with the relevant laws and regulations, and train and educate employees on the best practices and awareness of IT security. Operating Environment:The role operates within the IT Services Team, The IT Services Team includes specialist staff delivering core outputs that are both external-facing and internal key enablers. Framework & Boundaries: The role is responsible for improving the quality, wellbeing and efficiency of our IT Security. The role has external-facing responsibilities and is required and authorised to act as a representative for the organisation. Key accountabilities:Monitor and Inspect: Regularly monitor the network for security threats or breaches. Policy Development: Develop and implement security policies and procedures to safeguard data and systems. Vulnerability Testing: Perform regular vulnerability testing and risk assessments to identify and mitigate security risks. Incident Response: Investigate security incidents and provide post-event analysis and recommendations. Security Tools Management: Manage and maintain firewalls, intrusion detection and prevention systems, antivirus software, and other security tools. Compliance: Ensure compliance with industry regulations and standards. Training: Train technical and non-technical employees on security protocols, procedures, and best practices. Disaster Recovery: Participate in disaster recovery planning and testing to ensure business continuity in the event of a security incident. Job impact:Risk Mitigation: Implementing robust security measures to significantly reduce the risk of data breaches, cyber-attacks, and other security incidents. Proactive Threat Management: Identifying and addressing vulnerabilities before they can be exploited, thereby enhancing the overall security posture of the organisation. Ensuring that the organisation complies with relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA, PCI-DSS), thereby avoiding legal penalties and enhancing trust with stakeholders. Maintaining a state of readiness for security audits and assessments, ensuring that all security controls and measures are well-documented and effective. Developing and implementing disaster recovery plans to ensure business continuity in the event of a security incident or data loss. Efficiently managing and mitigating the impact of security incidents to minimise downtime and operational disruption. Knowledge and experience:Technical Proficiency: In-depth knowledge of network security software - Meraki Cloud, Cloudflare, Mimecast, encryption technologies, and other security hardware and software tools. Current Trends: Stay current with the latest trends in cybersecurity threats and defence strategies. Problem-Solving: Strong problem-solving skills and the ability to work well under pressure. Communication: Good communication skills to effectively train employees and coordinate with other departments. Functional/technical skills: Firewall Management: Proficiency in configuring and managing firewalls to protect network boundaries. Intrusion Detection/Prevention Systems (IDS/IPS): Experience with IDS/IPS to monitor and respond to potential threats. VPNs and Remote Access: Knowledge of setting up and managing Virtual Private Networks (VPNs) and secure remote access solutions. Patch Management: Ability to manage and deploy security patches and updates to systems and applications. Endpoint Security: Experience with endpoint protection solutions, such as antivirus and anti-malware software. Proficiency in implementing and managing encryption technologies to protect data at rest and in transit. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
