Overview

As Cyber Security Manager at Two Circles, you play a key role in keeping our systems, people and data safe from external and internal threats by focusing on incident detection, response and remediation; threat hunting; security monitoring; continual improvement and providing technical assurance for solution design and changes.

This will include maintaining and improving our security posture in tandem with GRC practices and policies as they evolve to align with current and future standards and frameworks, such as SOC 2, ISO 27001, as well as applicable legislation, including GDPR and UK DPA, working closely with our Legal and Privacy as well as the wider Technology team.

Internally-facing, you will lead day to day cyber security operations and project based work. You will help train and upskill your fellow Two Circlers on topics such security awareness, OWASP Top 10 and Security by Design, as well as understanding and feeding into their processes and workflows, to keep good security practice on the agenda.

Externally, this role will also engage with our fascinating clients as appropriate to support their security assurance needs, as well as our technology partners and suppliers to ensure their alignment with our security approach and requirements.

Internally, you will be responsible for our Security Operations activities with our operational team and external partners, including Incident Response and Threat Intelligence, to ensure these are executed consistently to our standards, as well as supporting Continual Security Improvement and being the Tech Ops representative in the GRC working group.

As a fast growing organisation, with multiple offices across the globe, we are on a journey to standardize our security tools and infrastructure across the group, and this role will play a key part in aligning on best practice, and delivering improvements in our security posture.

Key Responsibilities

• Assuring day-to-day execution of operational security tasks across multiple areas including threat and vulnerability management, anti-virus management, security monitoring etc.
• Helping design and deliver improved security tooling across all areas of cyber security (DR design and testing, End user tooling, SIEM tooling and event ingestion etc.)
• Supporting the Technology team to keep information security infrastructure up to date with emerging threats and vulnerabilities, including advising on architecture and design of internal and client-facing solutions
• Operationalising and ensuring delivery of security policy, standards and procedures
• Providing technical expertise towards compliance initiatives and programmes e.g. ISO 27001, Cyber Essentials Plus, GDPR
• Technical aspects of vendor and partner security reviews
• Increasing the levels of understanding of Information Security with end users, leading to improved user interactions and overall experience with our team
• Thinking of and implementing new ways to automate and improve security across the business
• Protecting the data entrusted to us by our clients at all times

Requirements

• Managing technical risks and proposing solutions and recommendations
• Security Operations procedures, i.e. Incident management and response
• Configuring, optimising and reporting with Microsoft 365 Security and Compliance modules, including Defender, Security Centre, Protection, Compliance Centre
• Experience of both cyber operational roles, but experience of having delivered security change projects/programmes
• Experience with GDPR/UK Data Protection, Cyber Essentials and ISO 27001 frameworks
• Azure security tooling including Security Centre, Defender, Sentinel, Intune, AWS Security Hub, GuardDuty, Inspector, WAF, Security Lake, CloudTrail
• Able to understand and effectively communicate technical concepts in discussions with both technical and non-technical colleagues
• Broad knowledge around network technologies (especially cloud) and technical security
• Configuring and maintaining endpoint security technologies (AV, firewall, encryption, email protection, web filtering)
• Awareness of architectural principles for technical solution design, e.g. Zero Trust, least privilege RBAC, Security by Design, PAM, Segregation of Duties
• Data Protection and DLP

Experience

• Experience with the following would also be beneficial: NIST, SOC2 and additional compliance and regulatory frameworks
• Project Management and technical delivery
• Experience of, or a keen interest in, the business of sport

Benefits

• We offer a benefits package to suit you and your lifestyle! Out of a core monthly budget, you can choose your own comprehensive benefit package
• Renowned Team Days often throughout the year
• Summer Away Days
• 23 standard days of holiday (+1 Birthday, +1 for a ‘Big Life Event’, +1 Well-being Day, and +1 Admin Day), closure of office over Christmas (plus Bank Holidays)
• Discretionary Bonus based on company performance
• Performance Reviews every 6 months with discretionary salary increases
• Private healthcare (Vitality) and/or Health Care Plan (Medicash)