Cyber Security Project Manager

This role sits within the Cyber Security Programme team reporting to the VP of Integration Projects.
Working within the Programme team you will deliver Application Security & Vulnerability Management Projects via an established project delivery life cycle and under a stage gated governance approach.

A successful candidate will come from a change delivery background and will have held similar positions delivering security projects across a number of security domains. Ideally you will also have knowledge of security control frameworks such as NIST, ISO and CIS 20,

Experience of running Cyber security projects for at least 5+ years

• 10+ years experience of full lifecycle Project management
• Experience delivering Cyber Security Vulnerability (VM) and Application Security projects ideally covering all of the below components.

Vulnerability management:

• Scoping, implementing and embedding VM standards, inventory tools, processes and frameworks for identification, prioritisation and end to end management of different classes of assets & systems across large estates
• Integration of vulnerability management tools such as Rapid 7 to support tagging and automatic ITSM ticketing of incidents in systems such as ServiceNow.
• Designing and implementing processes for end to end life cycle management and remediating vulnerabilities.

Application Security

• Discovering monitoring / alerting solutions across product estates, performing and closing GAP analysis and transitioning across to SOC / Operational teams.
• Identifying, defining and implementing requirements for Application Security tooling. Managing, publishing and evaluating RFI/RFPs and selecting vendors.
• Manage the scoping, development and publication of comprehensive application security and privacy standards, policies, procedures and guidelines.
• Discovering, design and implementation of application security frameworks for ranking/tiering product/application portfolios; including risk factors and data classifications.
• Identifying, developing and implementing appropriate S-SDLC models and frameworks which incorporate tooling.
• Experience delivering PoCs for application security tooling.
• Coordination of pen-testing via 3rd parties, and including establishing schedules for tiered apps across estates.
• Understand change impact to business and developers day-to-day workloads for the remediation of vulnerabilities under an agreed standard.
• Experience with SAST, SCA, IaC and Container scanning security tools including the development and reporting of KPI’s & continual service improvement processes.