Job Description

Cyber Operations Manager
Norwich/London-2 Positions
Purpose of Role
The Security Services Analyst is a member of the Cyber Defence Centre, reporting to the Cyber Operations Manager. The purpose of this role is to maintain strong operational oversight of the Security Services within DLG, managing a number of operational security services, reviewing the security impact of operational changes within the environment and monitoring various toolsets for security violations.

Key Accountabilities/Responsibilities
Information Technology Operations
•    Responsible for overseeing the day-to-day operational delivery of security services provided to our internal DLG customers ensuring the highest levels of service and guidance. These services include Data loss prevention, Insider risk, Exceptions processing, firewall modifications, Brand protection, threat alerts, business query responses and certificate management.
•    Responsible for Security Exception process and reviews. This will entail a good knowledge of potential impact of exceptions, working alongside other CISO teams.
•    Responsible for issuing and mgmt. of Certificates within the business and a good understanding of PKI infrastructure.
•    Responsible for the review of Data Loss Prevention monitoring and response alongside communications compliance and insider risk.
•    Ensuring all requests are dealt with in a timely and efficient manner, understanding where these requests fit into the wider CISO function and how best to serve our customers.
•    Responsible for maintaining general security oversight of the technical infrastructure within the responsibilities of the security services team and raising concerns/issues that pose a security risk to the organisation accordingly. 
•    Responsible for management of the security certificate provisioning platform, including all operational functions. This includes alerting key stakeholders, scheduled and ad-hoc reporting, renewal and revocation of certificates and updates to procedural documentation.
•    Responsible for managing and approving changes to the firewall rule bases alongside networking SME’s and associated change management processes that align with security.
•    Responsible for the review and management of web and user access requests ensuring there is valid business justification and no impact to DLG’s security posture. Providing appropriate governance and risk awareness as required.  
•    Responsible for providing security input and for maintaining relationships with the Service Management function in relation to change management, problem management and incident management.
•    

͏

Responsible for creating, maintaining and improving our relationships with our wider business colleagues around security services.
•    Responsible for making appropriate reclassifications within our web proxy policy configuration and fulfilment of exception requests alongside our engineering SME’s.
•    Responsible for first point of contact and ticket queues and responding appropriately to queries/requests from the business.
•    Responsible for providing awareness campaigns to our customers when threat intelligence professionals identify upcoming and/or emerging threats
•    Responsible for reporting metrics on the status of requests received by the team and adherence to DLG KPI’s and SLA’s, ensuring we deliver a great service to our customers.
•    Responsible for collaborating with the CISO and external teams within the business to report appropriate operational issues that may be resolved at an architecture level.
•    Responsible for approval of Elevated Privilege requests and Privileged access management requests that will come from different areas of the business and ensure that they have a good understanding of the impact of these.
Operational On-Call Requirement
•    This role does not have a 24x7 or on-call requirement.

͏

Stakeholder Management
•    Responsible for developing and maintaining relationships with various stakeholders outside of CISO.
•    This role requires someone who has good stakeholder management skills and can communicate technical challenges in a non-technical manner.
Required Skills/Competencies
•    Strong stakeholder management skills including the ability to work with customers with varied levels of technical skillsets.
•    Experience of working in high performing teams and understanding the dynamics of teamwork in an operational security environment.
•    Knowledge and experience of Data Loss prevention tolling and process flows
•    Knowledge of acceptable data handling and classification.
•    Knowledge and operational experience in firewalls, anti-virus and content filtering, URL filtering, authentication solutions, switches, routers, Voice over IP (VoIP), firewall zoning and PKI infrastructure.
•    Good understanding of ITSM systems and process flows.
•    Knowledge and experience of enterprise grade technologies including operating systems, databases, and web applications.
•    Ability to work both independently and as part of a team.
•    Strong analytical skills to monitor information and perform detailed data analysis to identify any impact to the business.
•    Ability to identify and understand key issues and areas for improvement in the Information Security services realm.
•    Endpoint management solutions – data loss prevention & other prevention solutions
•    Motivated to delivering quality and striving for continual improvement. 
•    Logical thinking and analytical ability.
•    Aptitude in solving problems independently.
•    Communicate and present concisely and effectively based on appropriate level of management interaction.

Desirable Skills/Competencies
•    Fundamental Cloud Concepts for AWS
•    OWASP Top 10: API Security Playbook
•    Knowledge of Microsoft cloud services and Security suites 
•    AWS Cloud Security Best Practices
•    Experience with any of the following technologies: Data Loss Prevention, Intrusion Prevention/Detection Systems, Firewalls, SIEM.
•    Knowledge of reporting and automation suites such as Power BI would be beneficial.

Qualifications/Certifications
•    ITIL Foundation
•    CompTIA Security + or CompTIA CySA+  equivalent certification
•    Certified networking credential (CCNA or equivalent)
•    Technical certifications by a recognised professional body in network or systems engineering are desired.

haring – 2

͏

IISP Skills
•    A1 – Governance - 1
•    A2 – Policy & Standards - 2
•    A3 – Information Security Strategy - 1
•    A4 – Innovation & Business Improvement - 1
•    A5 – Information Security Awareness and Training - 1
•    A6 – Legal & Regulatory Environment - 1
•    A7 – Third Party Management - 2
•    B1 – Risk Assessment - 2
•    B2 – Risk Management - 2
•    C1 – Security Architecture - 2
•    C2 – Secure Development - 2
•    D1 – Information Assurance Methodologies - 2
•    D2 – Security Testing - 1
•    E1 - Security Operations Management - 3
•    E2 - Secure Operations & Service Delivery - 3
•    F1 – Incident Management - 2
•    F2 – Investigation - 2
•    F3 - Forensics - 1
•    G1 - Audit & Review - 2
•    H1 - Business Continuity Planning - 2
•    H2 - Business Continuity Management - 2
•    I1 – Research - 1
•    I2 - Academic research - 0
•    I3 – Applied research - 1
•    Teamwork and Leadership - 2
•    Delivering - 4
•    Managing Customer Relationships - 2
•    Corporate Behaviour - 2
•    Change and Innovation - 2
•    Analysis and Decision Making – 3
•    Communications and Knowledge S