Back

Group IT Security Services Manager

  • National Express
  • Feb 27, 2022
Full time Government

Job Description

Join us on the Journey...

National Express Group is a leading public transport operator with bus, coach and rail services in the UK, Continental Europe, North Africa, North America and the Middle East. Passengers made 939 million journeys on our services in 2019.

We have an exciting opportunity for a Group IT Security Operations Analyst, who will play a key role in the delivery of IT security for National Express. A hands on role that is paramount to execute IT security services to the required standard at a Group level and liaising with multiple stakeholders and division teams. The Group IT Security Services Manager will bring a wealth of knowledge to apply it on a daily basis, be responsible for the correct operation of key

services and act as a key point of contact for Group IT security matters.

What you'll do:

  • Facilitate, organise and/or execute on a periodic basis IT security services (existing and prospective)

  • Support IT security initiatives and efforts across the Group concerning the IT security services

  • Advise and coordinate Group divisions to deliver the outcomes of the IT security services

  • Own and produce operational Group IT security KPIs on a periodic basis, with support of the IT security services suppliers where applicable

  • Act as a Group point of contact for ad-hoc enquiries, troubleshooting issues and general support concerning the IT security services

  • Own and review documents concerning IT security services, such as procedures and technical guidelines

  • Ensure the compliance level of the Group divisions with the IT security services outcomes

  • Own and coordinate supplier management activities (where applicable), including but not limited to, contract reviews and service reviews

  • Leverage relevant IT security services to support activities concerning IT security assessment of prospective acquisitions of companies to determine any gaps that require mitigation and communicate risks to the appropriate stakeholders

  • Act as a liaison between suppliers and the Group divisions to facilitate execution of the IT security services

  • Respond to IT security incidents, suspicious activity or alerts reported by the Group divisions to support investigation, detection, containment or verification activities, with the assistance of suppliers where applicable

  • Liaise with the Group IT security representatives to exchange knowledge and promote Group

    wide strategic and tactical initiatives

  • Own and coordinate IT security service meetings held on a periodic basis with Group

  • Appraise IT security risks associated to the IT security services and provide input to the Group IT security risk register

What you'll have:

  • Experience in corporate IT security from a FTSE100/250 organisation (minimum of 3 years)

  • A recognised certification in IT security (CISSP and/or CISM, or equivalent)

  • Understanding of ISO27001, CIS controls, NIST Cyber Security Framework, PCI DSS and data protection frameworks (e.g. GDPR and CCPA)

  • Extensive knowledge of penetration testing, vulnerability scanning (infrastructure and web applications), phishing testing, security training and awareness, security operations, IDS/IPS, endpoint detection and response (EDR), security information and event management (SIEM) and privileged access

    management (PAM)

  • Ability to plan, direct and control the functions and operations of IT security services

  • Ability to define service descriptions, contract clauses, KPIs, service level agreements and where outsourcing is necessary, the relevant aspects of supplier management

  • Ability to manage junior staff related to the IT security services (technical and organisational)

  • Extensive IT security technical knowledge, including but not limited to, penetration testing, vulnerability scanning commercial tools (e.g. Nessus, Netsparker), end-point security (e.g. hardening, EDR, anti-malware), web application security (e.g. OWASP), network security (e.g. IDS/IPS, SIEM, DDOS mitigation, WAF), access management (e.g. PAM, SSO)

What we offer:

  • A core salary aligned with your professional experience

  • Company pension scheme

  • Participation in the bonus programme

  • Private medical insurance

  • Holiday allowance

  • Flexible and smart working (subject to business needs)

  • Free travel for you and your partner

  • Access to the NX Health Bus

  • Employee Assistance Programme

  • Variety of deals and discounts available through the NX online portal

Things to note...

At National Express, we are really proud of our health and safety record and as a result, we operate a Drugs and Alcohol Policy which is applicable to all employees.

As part of your initial assessment, we will complete Drug and Alcohol testing and you may be subject to random tests during your employment.

About National Express
Apply Now