Share this Job
Apply now »

Security Assurance Manager

Posting Country:  United Kingdom
Date Posted:  21-Jul-2021
Full Time / Part Time:  Full Time
Contract Type:  Permanent

At Vodafone, we’re working hard to build a better future. A more connected, inclusive and sustainable world. As a dynamic global community, it's our human spirit, together with technology, that empowers us to achieve this. 

We challenge and innovate in order to connect people, businesses, and communities across the world. Delighting our customers and earning their loyalty drive us, and we experiment, learn fast and get it done, together.

With us, you can be truly be yourself and belong, share inspiration, embrace new opportunities, thrive, and make a real difference.

Role Title:  Security Assurance Specialist    
Function: Global Cyber Security
Band: G Band    
Department: Cyber Governance, Risk & Control
Reports to: Senior Manager Control Testing & Assurance     
Location: Newbury


Role Purpose: 

The Cyber Security Assurance Specialist is responsible for ensuring that the level of control effectiveness and compliance with security policies and standards across a wide range of security domains are understood and appropriate actions taken to reduce risk.
The role will have a strong bias towards Cyber protection in a complex and fast moving technology environment. Experience of deeper, more technical control testing and vulnerability assessment will help to succeed in this role. They will work with security teams across Vodafone Group and Local Markets to
•    plan, organize, and execute deep dive control tests within the IT, Mobile and Fixed Telecommunications network environments;
•    document testing, discuss findings with key stakeholders, recommend improvement opportunities to remediate identified vulnerabilities and prepare management reports; 
•    track remediation of raised issues and work with stakeholders on overdue actions. 
They will also drive automated control testing, the evolution of the overall assurance programme and methodology to increase its maturity over time and provide guidance to other security staff on security assurance and control testing techniques and best practice.
Communication across multiple stakeholders is expected to ensure that there is awareness of the risks and consequences. In addition, they will be responsible for reporting and ensuring that the information reaches the appropriate governance forums.
They will be expected to have a good working knowledge of security principles, techniques and technologies with a good understanding of network protocols, design and operations.


Key accountabilities and decision ownership:

•    Maintain an up to date picture of Vodafone’s control effectiveness and compliance with security policies and standards, including deviations, weaknesses and the associated risks
•    Apply intelligence/ situational awareness to prioritise assurance activities based on risk
•    Carry out control testing, undertake deep dive reviews and track remediation activities
•    Prepare metrics and KPIs on control effectiveness and remediation status, and report status of Vodafone Group and Local Markets to relevant governance bodies
•    Provide guidance to other security staff on security assurance and control testing techniques and best practice
•    Drive automated control testing by working with other teams and Technology Security programmes


Core competencies, knowledge and experience:

•    3+ years technical experience in controls testing in complex IT or Telecommunications environments
•    Familiarity with of security risks as well as processes, technologies and tools to mitigate these risks – preferably including the specific risks and countermeasures in the Telecommunications environment
•    Experience in technical control testing, assurance and compliance
•    Excellent reporting (oral and written) and stakeholder management skills
•    Attention to detail, strong analytical skills and efficient problem solving capability
•    Used to work in a global environment and ability to adapt style to different cultures and audiences


Must have technical and professional qualifications: 

•    Solid knowledge and experience of different technologies (web applications, infrastructure, operating systems, cloud)
•    Ideally certifications as CISA, CISSP, SSCP, CISM, ISO27001 lead auditor and experience in working with ISO27001 and NIST security frameworks

Vodafone is committed to attracting, developing and retaining the very best people by offering a motivating and inclusive workplace in which talent is truly recognised and rewarded. We are committed to promoting Inclusion for All with the belief that diversity plays an important role in the success of our business. We actively encourage everyone to consider becoming a part of our journey.

Apply now »