CenturyLink Information Security Manager in Winnersh, United Kingdom
CenturyLink (NYSE: CTL) at http://www.centurylink.com is a global communications and IT services company focused on connecting its customers to the power of the digital world. CenturyLink offers network and data systems management, big data analytics, managed security services, hosting, cloud, and IT consulting services. The company provides broadband, voice, video, advanced data and managed network services over a robust 265,000-route-mile U.S. fiber network and a 360,000-route-mile international transport network. Visit CenturyLink at http://www.centurylink.com/ for more information.
Information Security Manager
To improve lives, strengthen businesses and connect communities by delivering advanced technologies and solutions with a professional, honest and personalised service approach. Together we will be the Infrastructure Solutions leader in our market space.
Location (Country): Reading, UK
Our team operates as an extension of our clients business. Our clients put their trust in our people and our solutions and we deliver to that trust. We collaborate internally and externally with credibility and discipline. We demonstrate agile leadership with a confidence in our abilities to deliver, whilst at the same time ensuring that we continue to raise the bar in all that we do. Our people are encouraged to face challenges with courage and confidence and to remember that our clients have placed their trust in what they do each day.
Purpose of Position:
This position is required to ensure the security requirements of CenturyLink’s government hosted systems are maintained according to mandated government standards, appropriate guidance documents, contractual obligations and the Risk Management Accreditation Document Set (RMADS). This position will also provide vetting services, data protection guidance, government pre-sales security support and ad-hoc information security support to the local business area.
The successful candidate will be responsible for UK HMG Information Security. This will take the form of security management of existing systems, security support and advice to the regional teams, and security input into new business and sales opportunities. This is largely a self-directed role, so the candidate will be expected to work autonomously to ensure systems are kept secure and maintain appropriate certification and assurance.
The primary role is the security management of our existing HMG systems up to OFFICIAL-SENSITIVE. The successful candidate will be expected to provide security management services to ensure compliance with HMG security requirements, which will include:
Maintaining relationships with customer and end user security teams;
Developing and updating security policy, process and procedures to meet the compliance requirements;
Assisting in technical accreditation/assurance management including risk assessments and ITHCs;
Investigating and reporting on IT security incidents or breaches of security policy (both potential and actual) in accordance with local procedures;
Reporting on the current status of customer environments including patching, protective monitoring and anti-virus in accordance with policy;
Management of access to the platform and associated system information;
Reviewing the effectiveness of IT security controls in accordance with conditions set out in the local security policy, corporate security policy and system specific controls;
Maintaining relevant system certification (for example, PSN Service Certification);
Producing and delivering security awareness training tailored to UK Government;
Reviewing proposed changes to technical architecture to assess potential increase to security risk;
Attending change advisory boards representing HMG security, to review, approve or reject changes accordingly, depending on their potential impact;
Managing, auditing and documenting the secure decommissioning of equipment.
The role will be responsible for ensuring personnel security risks are effectively managed. This includes:
Determine the need for, and level of, national security vetting clearance required;
Apply national security vetting in accordance with customer requirements;
Keep full and up to date security records on all employees that hold security clearances;
Ensuring personal data is stored and processed in accordance with HMG Guidance, the Data Protection Act and GDPR;
The successful candidate will also have to respond to other ad-hoc requests, which may include:
Providing security input into new business opportunities, both in providing a response to security questions, and in helping the business assess the level of risk that new business may bring;
Providing advice on wider HMG security policy;
Assisting the regional team with security questions and concerns.
Existing, or willingness to achieve, UK Government SC security clearance;
Security certification such as CISSP, CISM or equivalent;
Previous experience working with UK government systems at OFFICIAL-SENSITIVE / RESTRICTED or above;
Knowledge of the Government Security Classification scheme;
Knowledge of the General Data Protection Regulation;
Working knowledge of compliance with IT security policy and procedures including Cabinet Office SPF, HMG IA Standards, NCSC Cloud Security Principles and Central Government departmental security policies;
Experience in achieving Government Certification and Accreditation;
Technical understanding of hosting infrastructure security requirements. (Networks, operating systems, storage area networking, virtualisation);
Good documentation skills;
Confident in representing CenturyLink Information Security in both internal and customer meetings.
University degree in information security;
Working knowledge of HMG IAS 6 and the Data Protection Act / GDPR;
Working knowledge of HMG Vetting Policy;
Experience in custody of cryptographic items in accordance with HMG policy and procedures;
All employees or contractors that work on behalf of CenturyLink UK Ltd may be asked to undergo vetting or security clearance based on the work carried out and the requirements of our Clients. It is a condition the successful applicant is able to pass these checks.
- This position description is not designed to contain a comprehensive list of activities, duties or responsibilities that are required of the employee.
Alternate Location: UK-Berkshire-Winnersh
Requisition #: 175316
The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.
We are committed to making reasonable adjustments to the recruitment process for people with disabilities. If there is anything we can do to help you, please let us know
We are committed to providing equal employment opportunities to all persons regardless of race, religion, colour, sex, age, disability or sexual orientation or any other status protected by local or national law. We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training. We participate in the A-Check Pre-employment Screening Program or the Electronic Employment Verification Program, depending on location.
This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at http://find.centurylink.jobs/testguides/