Security Assurance Manager

Overview

Oversee security assurance, risk assessment and compliance for IT systems

Key Responsibilities

• risk management
• vulnerability scanning
• security audits
• control testing
• metrics reporting
• compliance monitoring

Tasks

-Ensuring the annual external financial audit of IT Systems is undertaken successfully by the appointed auditors, all required information is received, and any findings are promptly investigated and actioned. -Identifying and analysing the vulnerabilities of each resource — manually or using automated tools and information sources -Being the integral connection point for audit investigations into Security and IT controlsRunning our risk management service, and ensuring actions are undertaken in a timely manner -Manage the risk identification and tracking process. -Presenting risk statements for consideration by senior stakeholders (technical and non technical) which contain all the information required to make an informed decision on whether to risk accept or not -Definition and validation of scope and objectives of regular risk, audit and security assessment activities ensuring alignment with Taylor Wimpey objectives and compliance standards. -Reviewing new and existing contracts against TW security requirements -Managing competing demands for priorities and resources within Taylor Wimpey -Assigning quantifiable value, ranking order and importance to information and technology resources -Monitoring internal and external policy compliance, ensuring that both vendors and employees follow the cybersecurity risk management policies. -Ensuring all security standards and policies are followed, tracking them to detect and prevent cyberattacks. -Planning, organising, and conducting regular risk, and security assessment programmes. -This role will lead cyber security control testing activities, including scoping, facilitation of testing, and reporting of findings. -Prioritising, scoring and ranking the risk associated with vulnerabilities. -Developing and maintaining metrics to track and report on key security indicators related to control implementation in projects and existing services. -Ensuring security architectures implemented fully, and deliver all the security requirements defined within the Taylor Wimpey ISMS and best practices. -Tracking and reporting on the performance and progress of IT security initiatives, using metrics, dashboards, scorecards, etc. -Examining the configuration settings of systems, networks, and applications in line with security best practices -Ensuring new projects and services are assessed against current Taylor Wimpey security controls. -This role is a hybrid role of Undertaking security assurance on key IT systems, identifying any security weaknesses or gaps Managing, supporting and developing a team to undertake this technical assurance on new and existing IT systems Being the integral connection point for audit investigations into Security and IT controlsRunning our risk management service, and ensuring actions are undertaken in a timely manner Preparing and presenting reports on the security (risk ) environment status within Taylor Wimpey.Ensuring compliance with Taylor Wimpey security standards Providing oversight on the quality of submissions from your team addressing many of the responsibilities below Managing competing demands for priorities and resources within Taylor Wimpey -Monitoring internal and external policy compliance -Ensuring proper procedures are in place for defining and reviewing security access rights and privileges. -Managing, supporting and developing a team to undertake this technical assurance on new and existing IT systems -Monitoring regulation compliance, especially if dealing with sensitive data or digital information. -Providing oversight on the quality of submissions from your team addressing many of the responsibilities below -Determining appropriate methods of investigation to achieve the regular risk and security assessment objectives. -Executing Business impact assessments to determine the risk exposure within the organisation. -Undertaking security assurance on key IT systems, identifying any security weaknesses or gaps -Cataloguing and classifying digital information and technology resources (assets and capabilities) to support vulnerability assessment. -This role will be responsible for risk assessing and ensuring the security of all new IT projects and services delivered onto the Taylor Wimpey infrastructure and the regular risk assessment and assurance of existing services on a timescale commensurate with the importance of the service to the Taylor Wimpey organisation. -Preparing and presenting reports on the security (risk ) environment status within Taylor Wimpey.Ensuring compliance with Taylor Wimpey security standards -Performing technical assessment and evaluation to determine control effectiveness -This role will be accountable for collating and assessing evidence of security control effectiveness across Taylor Wimpey projects and live services and recommending security control improvement. -Risks Assessment: Identifying and classifying security risks in networks, systems and applications and mitigating or eliminating their impact. Activities may include — but are not limited to: -The Security Assurance Manager is an experienced role within Taylor Wimpey IT, responsible for ensuring that security controls, measures, and practices are effectively designed, implemented, and operating as intended. -Assessing the security practices and policies of third-party vendors and partners within the Taylor Wimpey ecosystem

Requirements

• security testing
• cloud security
• cybersecurity management
• security frameworks
• 3lod model
• security architecture

What You Bring

-Extensive experience with security testing tools and including automated technologiesFamiliarity with cloud security concepts and solutionsExperience in developing and implementing security policies and procedures -Demonstrable experience of working in a cybersecurity management role -In-depth knowledge of security frameworks, standards, and regulations -Familiarity with deploying and operating in a 3LOD model, ability to recommend how this needs to be adhered to and improved upon to adapt to changing environmental needs -Proficiency in security assessment tools and methodologies -Proven track record in leading and managing security assurance programs within complex organisational environments -Understanding of key business and IT trends which may influence future strategies -Deep technical understanding of security architecture -Ability to assess complex security issues, developing metrics and providing effective solutions

People Also Searched For

About Taylor Wimpey

-One of the UK's leading residential developers, specializing in the construction and sale of new homes across the country, with operations across 22 regional businesses. -With a rich history dating back to the 19th century, the company has established itself as a prominent player in the British housing market. -Offers a diverse range of properties, from compact apartments to spacious family homes, catering to various budgets and lifestyle needs. -Innovative schemes such as the 'Own New Rate Reducer' provide competitive mortgage rates for both first-time buyers and existing homeowners, simplifying the path to purchasing a new home. -Operations extend beyond mere construction, encompassing land acquisition, planning, and development of entire neighborhoods, contributing to local infrastructure and amenities.

Sector Specialisms