Threat and Vulnerability Management Lead

  • Job Reference: 1400
  • Date Posted: 25 March 2021
  • Employer: DWR Cymru Cyfyngedig Welsh Water Plc
  • Location: Cardiff/Remote (CF30LT), United Kingdom
  • Salary: £46,321 to £56,743
  • Sector: Information Technology (IT)
  • Job Type: Permanent
  • Duration: Undefined
  • Work Hours: Full Time

Job Description

Who we are

 

Dŵr Cymru Welsh Water keep 3 million people healthy each day with safe, reliable water, and take away wastewater to clean, before returning it safely to our beautiful rivers and seas.

To be able to deliver high quality, essential services which help to protect the health of our customers, colleagues and our environment, we need the right people to deliver on our vision.  This is achieved by living our core values and demonstrating the core behaviours that underpin them.  The security of our people, assets and information is key to us, so we are looking for people who understand and comply with the company’s required security objectives.


We know that the most successful teams are the most diverse teams. Equality, diversity and inclusion provide the very foundation to our culture at Welsh Water. We want every individual to feel confident, proud and able to bring their whole selves to work. 
To ensure an improved representation in our workforce, applications are particularly welcome from minority groups including Black, Asian and Minority Ethnic people, Females, LGBT+, Non-binary and people with disabilities. Together we continue to build a workplace that not only celebrates the diverse voices of our colleagues but also represents each customer we serve.


In essence, ours is a company based on trust, openness, respect, commitment and honesty. A company that our colleagues are proud to work for.
 

What you’ll be responsible for


Reporting into the Security Risk & Governance Manger, the Threat and Vulnerability Management Lead will be responsible for defining and embedding of the relevant processes required to both identify and evaluate critical vulnerabilities and threats. You will be responsible for reporting and overseeing the successful mitigation of the issues identified. This is expected to be a highly proactive role, acting on initiative to seek out vulnerabilities, keeping track of current events and changes in the technology landscape, and responding appropriately to address risk. 

 

Responsibilities: 

 

  • Define and embed the forward-looking threat & vulnerability management strategy for the Business
  • Define and create the necessary reporting and dashboarding to enable stakeholders across the business to understand the threat and risk profile
  • Partner with Technical and non-technical stakeholders to develop and agree effective mitigation plans for vulnerabilities
  • Establish and lead efforts of cross functional technical resources to respond to highest risk/most complex vulnerabilities, contribute technical specialist knowledge
  • Understand and stay current with regard to the critical threats faced by the Business by continually analysing cyber threat intelligence sources.
  • Monitor threat intelligence sources proactively to ensure any potential Business exposure is spotted swiftly and the appropriate actions taken
  • Promote a proactive approach to addressing the changing threat landscape by recommending architectural improvements to security infrastructure.
  • Undertaking on demand vulnerability exposure of key staff across the organisation   
  • Undertaking any other requirements as outlined by the line manager
Who you’ll work with

 

Internal
CTO & CISO direct reports, Senior Executives, Technical Operations Managers, Business Application owners, IT System owners

 

External
UK Government NCSC, Welsh Government, Sector Security Collaboration Groups, IT Outsource partners, Security Outsource partners
 

About you

 

These qualifications, experience, knowledge & skills are deemed essential criteria for this role, unless otherwise stated:

 

Qualifications

  • Excellent knowledge of MITRE ATT&CK, OWASP Top 10, CVSS (Common Vulnerability Scoring System), and CVE
  • Professional certifications such as CEH, OCSP, LPT, GPEN are advantageous - Desirable, not essential


Experience

  • Experience of using Tenable, Qualys, or other best of breed vulnerability scanning technologies.
  • Excellent knowledge of MITRE ATT&CK, OWASP Top 10, CVSS (Common Vulnerability Scoring System), and CVE
  • Experience in a Threat and Vulnerability / SOC related role. 
  • Experience of penetration testing and vulnerability scanning

Experience of managing and developing direct reports 


Knowledge & Skills

  • Enthusiastic about putting our customers first every day
  • Good knowledge of cyber threat landscape, current affairs and geopolitics, threat actors and how to apply this knowledge within a CNI regulated environment
  • Strategic thinker, data-driven and analytical in approach to problem solving. 
  • Strong team player and ability to take responsibility and act autonomously. 
  • Ability to plan, organise and prioritise tasks and projects. 
  • Ability to interact proactively, professionally and confidently with all levels across the business, including executive management
  • Ability to communicate effectively in Welsh - Desirable, not essential
Benefits

 

As well as a market competitive salary and 24/25 days* annual leave (pro rata), we offer a range of employee benefits including:

 

 

  • Variable pay schemes
  • Enhanced employer pension contributions
  • Reduction on gym memberships and high street shopping
  • Cycle to work scheme
  • Car-leasing scheme
  • Health CashBack scheme
  • An employee assistance programme for employees and their immediate family


And many, many more.


INDMP