Cyber Security Lead

Social network you want to login/join with:

IT Security is a global function residing within the IT department operating from London and Houston. The IT Security Team Lead will be based in London. The purpose of the IT Security function is to manage cyber risks and issues for EDF Trading globally.

Position purpose

The IT Security Team Lead provides line management to the IT security team in London (4 direct reports), collaborates with the Global Head of IT Security (Houston) to drive the implementation of the global security roadmap and manage day to day security operations for the Europe and Asia region. While the role requires a technical background to provide continuity with others in the team and to be an SME to internal stakeholders for IT Security matters, the role has an emphasis on cyber risk management and governance.

Main responsibilities

Security programme [40%] : Implement and/ or manage the implementation of solutions to counter cybersecurity risks in accordance with the global security roadmap including:

• Collaborating with the to maintain the roadmap.
• Program-managing the portfolio of security initiatives with support from project managers.
• Researching, designing and testing solutions to counter cybersecurity risks.
• Implementing and maintaining solutions owned by IT Security.
• Designing and implementing processes.
• Project planning, managing dependencies and coordinating resources.

Governance, risk and compliance [20%] : Manage the regional cyber risk exposure and drive compliance with established policies, standards and procedures including:

• Working closely with the to continually develop, improve and maintain a globally consistent approach to the adoption of IT Security controls.
• Performing cyber risk assessments and contributing to the global risk register.
• Managing and tracking of risk treatment actions.
• Performing gap analysis and/ or assessing compliance with established controls.
• Undertaking due diligence on prospective and existing third-party service providers.
• Measuring and reporting performance via Key Performance Indicators (KPIs).

Security incident response [20%] : Develop and maintain a highly effective cyber incident response capability including:

• Being the regional cyber incident handler and central point of contact.
• Continually improving our global incident response process and technical playbooks.
• Responding to alerts from internal monitoring tools and our MDR service.
• Leading incident response exercises supported by external consultancies where needed.

Team lead [20%] : Lead the London security team and be the central point of contact for IT and business stakeholders in the Europe region for cyber security including:

• Working with the to establish clear, achievable team goals and objectives, ensuring team members understand their individual contributions to the big picture.
• Facilitating open communication, conveying information from senior management to the team and vice versa. Listening and acting on team members’ concerns, feedback and ideas.
• Inspiring, motivating and coaching team members as needed to achieve their best performance. Continue to foster a positive team culture.
• Helping to prioritize, track completion and resolve issues to ensure tasks are completed to agreed timelines and standards. Lead regular stand-up/ team meetings.
• Conducting individual performance management reviews for team members.
• Supporting the training and development needs of team members.

Experience required

The successful candidate can demonstrate they have:

• Previous team lead experience for a team of a similar size (e.g., 2+ direct reports).
• Planned and managed a reasonable number of projects/ initiatives, coordinating the resources of own team and other teams. Can demonstrate good stakeholder management.
• Extensive incident planning and response experience, managing incidents, developing processes, playbooks and leading tabletop exercises.
• First-hand experience with analysing cyber threat intelligence and leveraging the content to produce actionable defence initiatives.
• Significant experience (several years) in performing cyber risk assessments. For example, they have performed broad assessments/ gap analysis against a variety of security frameworks and can risk-assess a solution/ architecture presented to them and provide clear recommendations.
• Good working knowledge and can advise on securing Microsoft Windows, Active Directory and Azure AD. Experience in the following fundamentals is an advantage:Managing Active Directory users, computers, and group policy security settingsConfiguration of Windows Clients and ServersConfiguration of Microsoft Azure, Office 365 and Defender servicesUsing PowerShell to administer or audit objects and automate tasks.Implementing technology hardening configurations.
• Hands-on experience with deploying, configuring, and managing endpoint security solutions including EPP’s, EDR, host firewalls and device control.

Technical requirements

• Offensive Security Certified Professional (OSCP) or equivalent certification or training (e.g. TryHackMe or Hackthebox) is desirable because of the mindset it instils.
• If these cannot be demonstrated, we are looking for someone who understands at a detailed level how attacks work and thus how to mitigate them with precision.
• Is familiar with the Mitre ATT&CK knowledge base and how to leverage it for cyber defence.
• Strong working knowledge and ideally practical experience in leveraging Microsoft capabilities to mitigate risks affecting Microsoft Windows clients, servers, and cloud services.
• Is familiar with industry frameworks including ISO 27001 and CIS Critical Controls.
• Is proficient at using Excel to analyse, manipulate or present data quickly.
• Strong project planning and execution using Kanban or Waterfall methodologies.

Person specification

• Has a ‘security mindset’ – asks the right questions to identify security flaws/ issues.
• Is tenacious, if told something can’t be done, they will proactively research, talk to others and find solutions to security challenges.
• Demonstrable interest and curiosity in cyber security.
• Highly self-motivated, proactive and approaches challenges with a positive can-do attitude.
• When presented with an objective, can research, plan, organise and deliver to deadlines with minimal supervision.
• Attention to detail and strong focus on accuracy of information.
• Excellent communication skills, being able to adapt their communication style and vocabulary depending on the audience (e.g. technical SME’s vs senior managers). Being able to proof communications created by others.

Hours of work:

40 hours a week, core hours of 8.30am – 5.30pm. Hybrid working policy.