IT Operational Security Lead (Mid-Senior level) (JJ-501)

IT Operational Security Lead (Mid-Senior level) (JJ-501)

22 Apr

22 Apr



Job Title: Cyber Operations Lead Department: IT

Reporting to : CISO Based: Remote based

Currently the IT team are busy mobilising a major strategic programme of work: working with managed service providers to install a globally managed WAN and LAN; introducing significant security enhancements and replacing all legacy phone and video conference systems with MS Teams.


The Cyber Operations Lead role is a hands-on role to ensure the ongoing implementation and operation of ERM‘s security control framework. The role manages information security, ensuring the integrity, availability & confidentiality of ERM information & data. The role will also manage our third party security suppliers,

and produce metrics on the effectiveness of the controls frame work

Environmental Resources Management (ERM) is a leading global provider of environmental, health, safety, risk, social consulting and sustainability related services. With 6000 people working in 42 countries out of 160 offices, ERM is committed to providing a service that is consistent, professional and of the highest quality to create value for our clients. Over the past five years, we have worked for more than 50 percent of the Global Fortune 500 delivering innovative solutions for business and selected government clients helping them understand and manage the sustainability challenges that the world is increasingly facing.





Performance Measures

Asset Management, Risk Management & Disaster Recovery Management


- Identify, quantify, and prioritize risks against criteria for risk acceptance and objectives relevant to the agency

- Participate in the development of Disaster Recovery

- Carry out regular risk assessments and aid in internal and external penetration testing and vulnerability scanning

Policy Management & Compliance


- Maintain any and all ERM certifications and security & compliance requirements.

- Avoid breaches of any law, statutory, regulatory, or contractual obligations, and UK/EU requirements

- Ensure adherence to EU GDPR at all times

- Protect organisational, personal, sensitive, and confidential information

- Enforce policy, standards, and technical compliance

- Responsible for security patching of internal systems

- Provide input to client or third-party security reviews

- Provide metrics on the supplier and control effectiveness

Provide responses regarding ERM’s operational security arrangements to assist with successful bid support


- Work with internal stakeholders to provide responses to client assurance queries and questionnaires

- Provide internal consultancy for the review of client contracts/MSAs.

- Respond to specific questions from clients

- Support the completion of security assessment questionnaires (saq)

- Provide input and guidance on client contracts/commitments for IT security clauses relative to operational security

Monitoring, Incident Handling & Reporting and Documentation


- Securiy event log Management & Analysis

- Document security processes & procedures and update existing documentation

- Monitor and report on the effectiveness of information security and maintain corporate information security policy, standards and guidelines.

- Lead the incident management process and the investigation of breaches of information security and recommend appropriate control improvements.

- Implement effective log analysis and management

- Ensure quality of documentation of key processes (RTP, RCA, Incident Reports etc.)

- Reporting on Alerts & Incidents & Problems

- Update Daily Service Status & Standup Reports

- Assist in designing and documenting infrastructure support processes, procedures and standards and to maintain documentation as directed.

Operational Security 


- Produce metrics as required to assure security operational effectiveness

- Ensure that cyber security controls remain effective at all times

- Act as internal escalation and engagement point for 3rd Party Security Services

- Perform ongoing identification and mitigation of potential risks their probable business impact

- Manage threat intelligence and operational responses

- Virus & Malware Protection

- Proxy & Firewall policies design & review

- Web & Mail Filtering

- Mobile Device Management

- Endpoint Encryption of Employee Devices

- Threat and Vulnerability management

- Respond to help desk security calls and planned work requests ~ resolve or manage problems of a complex or urgent nature

- Support Internal Audits and Spot-Checks within ERM

Key Competencies

Skills and Capabilities


Excellent communication skills written and verbal

- Foster open communication

- Listen actively

- Practices information sharing

- Presents ideas & concepts logically and clearly

Determination and motivation to succeed

- Shows drive and displays self-development

- Keen to take on challenges

- Goes the extra mile above and beyond the call of duty

Enthusiastic, with a positive ‘can-do’ attitude

- Keen to assist and help

- Possess a can-do mindset and suggests how to tackle challenges rather than await direction to do.

Ability to effectively prioritize and execute tasks in a high-pressure environment

- Ability to cope with project deadlines

- Remains open-minded and changes opinions on the basis of new information

- Performs a wide variety of tasks and changes focus quickly as demands change

- Manages transitions from task to task effectively

- Adapts to varying customer needs.

Gains the respect of colleagues and is a team player who is more interested in results than personal preferences

- Contributes to the team’s success as whole

- Puts the team objectives first and aside any personal preferences

- Maintains the trust and respect of his peers and team members.

Highly self-directed, with keen attention to detail

- Follows detailed procedures and ensures accuracy in documentation and data

- Carefully monitors gauges, instruments or processes; concentrates on routine work details

- Organises and maintains a system of records

Has strong communication, project and time management skills

- Able to manage multiple projects; able to determine project urgency in a practical way

- Uses goals to guide actions; creates detailed action plans

- Organises and schedules people and tasks effectively

- Communicates clearly and effectively with team members or stakeholders of a project and constantly updates them with progress

Experience working both independently and in a team-oriented, collaborative environment

- Works successfully as part of a team or independently under the supervision of the line manager

- Attends and participates in team meetings

- Takes the team’s views into account

- Offers to and handles constructive criticism from team members

- Resolves team conflicts with his team members or line manager

- Works independently and unsupervised according to objectives and updates the line manager with work completed

Flexible and adaptable in regards to learning and understanding new technologies

- Researches new technologies that will be implemented

- Actively pursues training, self-development and certification

- Keeps abreast of new technologies that could be used to improve the security of ERM

Proven analytical and problem-solving abilities

- Breaks information into component parts, patterns and relationships

- Probes for further information or greater understanding of a problem

- Makes rational judgments from the available information and analysis

- Produces workable solutions to a range of problems

- Applies problem-solving frameworks and uses appropriate analytical tools

- Present clear recommendations to management

Ability to effectively prioritise tasks in a high-pressure environment.

- Plans and prioritises own work a guides others to ensure all goals are met

- Sets clearly defined objectives

- Plans activities well in advance and takes account of changed circumstances

- Monitors performance against deadlines & milestones

Strong customer service orientation

- Provide outstanding service to internal end-users, stakeholders and external customers

- Focus on customer needs

- Manage conflicting priorities while meeting customer expectations

Qualifications and Prior Experience

Qualification/Prior Experience


Degree or related business discipline


CISSP Certified


At least five years’ equivalent work experience in a Security Operational roles


Solid background in cyber and information security


Strong knowledge in security technology, SIEM, DLP, IDS/IPS, WAF, Vulnerability management tools, Encryption Services, VPN, Cloud Security; CASB, CSPM, CSA,


Working knowledge Firewalls, Web Filtering, Mail Filtering


Knowledge of NIST/ISO27001 2005/2013/2015 security standard


Holds security industry certifications such as (Security+, CEH, CISA, CISMP, SSCP, MSC with Security, CCNA/CCNSP Security)


Experience with management of Security Service Providers (MSSP’s)


Understanding of Cloud services virtualization, load balancing, clustering, caching processes


Project Management Skills


Excellent knowledge of the computing industry


Excellent knowledge of Threat and Vulnerability services and management processes


The original job offer can be found in Kit Job:

Reply to this offer

Impress this employer describing Your skills and abilities, fill out the form below and leave Your personal touch in the presentation letter.

Subscribe to this job alert:
Enter Your E-mail address to receive the latest job offers for: it operational security lead (mid-senior level) (jj-501)
Publish a new Free Offer
Need to publish an offer? With more than 1 million unique users per month, you will find the ideal candidate for your company instantly, what are you waiting for!
Publish Now

Subscribe to this job alert