Information Security Delivery Manager

Information Security Delivery Manager

Contract: Permanent
Location: London or Newcastle, hybrid working. On-site minimum, 2 days pw
Base Salary: c 62,000 - a higher base would be considered for exceptional candidates

Context and main purpose of the job:

Why are we recruiting for this role??

Integral to the delivery of the NAOs Information Security Plan is a focussed delivery specialist dedicated on progressing the new initiatives, projects, and improvements to further its protect, detect, and respond capabilities.

This InfoSec Delivery Manager role will enable the teams planned objectives, ensuring that projects are both managed in line with the organisations governance procedures as well as getting hands-on with the delivery and implementation of new technologies, processes and controls, supporting our ambition of being an exemplar organisation.

Who are the team??

The InfoSec Delivery Manager role sits within an inclusive, respectful, and agile team of information security professionals, responsible for enabling the business to better understand, identify and manage the threats and risks that may impact the NAOs ability to deliver on its vision and strategy.

What are the main responsibilities of this role??

The Delivery Manager will support Information Security leadership with mapping out the teams deliverables into prioritised work packages, supporting scoping, requirement selection, stakeholder engagement, project governance and procurement, through to enabling implementation, embedding new security capabilities into the operation, and handing over to InfoSecs operational Run team.

About the National Audit Office

The National Audit Office (NAO) is the UKs main public sector audit body. Independent of government, we have responsibility for auditing the accounts of various public sector bodies, examining the propriety of government spending, assessing risks to financial control and accountability, and reviewing the economy, efficiency and effectiveness of programmes, projects, and activities. We report directly to Parliament, through the Committee of Public Accounts of the House of Commons which uses our reports as the basis of its own investigations. We employ some 800 staff, most of whom are qualified accountants, trainees, or technicians. They work in one of two main areas, financial audit, or value for money (VFM) audit.

The NAO welcomes applications from everyone. We value diversity in all its forms and the difference it makes to our organisation. By removing barriers and creating an inclusive culture all our people have the opportunity to develop and maximise their full potential. As members of the Business Disability Forum and the Disability Confident Scheme we guarantee to interview all disabled applicants who meet the minimum criteria.

The NAO supports flexible working and is happy to discuss this with you at application stage.

Relationships:

Reporting to: Head of Information Security Assurance

Internal: Close working relationships with Info Sec peers, Digital Services, and development teams.

External: Microsoft and other key suppliers, vendors, and peers in similar organisations.

Resources Managed: None

Responsibilities:

The post-holder is responsible for coordinating and supporting the delivery of all Information Security projects, ensuring their successful delivery, and embedding their processes into the organisation. The post holder will provide information to project boards, Information Security leadership, and other stakeholders.

The post holder will maintain standard templated documents to inform project participants on progress and matters of concern. They must have experience of using PRINCE2 or Agile methodologies whilst working with mixed teams to achieve common goals.

The post includes responsibility for:

Cyber Security Capability Delivery

Setting up and running concurrent projects within the NAOs governance processes, ensuring that major milestones and activities to achieve them are captured, monitored, and reported against.

Requirements gathering from stakeholders to ensure that the capabilities and solutions deliver the necessary improvements, meeting stakeholders expectations.

Presenting to management, proactively raising concerns/issues/risks professionally with project members and escalating to management as required.

Engaging with business and technical architects, designers, and analysts to ensure projects adhere to standards.

Engaging and working with procurement teams

Working closely with stakeholders throughout the lifecycle of the project.

It is essential that the post holder can recognise when and how to best apply themselves across a range of initiatives that are running concurrently for best impact.

There will be no formal line management responsibilities, but individual projects will entail coordinating project teams of NAO staff, typically through a matrix-management model and third-party resources. Performance snapshots may be produced on project contributors where appropriate.

Resources managed:

Staff: No line management responsibilities, staff allocation management will depend on the size of projects. Projects can comprise cross-functional teams at a range of seniorities.

External resources: Management of external consultants, suppliers and specialists, as required.

Budget: Some aspects of project finances will be managed.

Key skills/competencies required:

Essential

Qualifications and Experience:

Formal training and experience in at least one modern software development lifecycle / methodology (e.g., PRINCE2, Agile).

Experience of delivering Information Security or other complex technical delivery initiatives.

A demonstrable understanding of information security concepts and the threat environment technology and data driven organisations operate within.

Behavioural skills and personal qualities:

A great team player who will confidently fit into a small, dedicated function of security professionals, where everyones contributions are recognised and appreciated.

Strong leadership and management skills with experience of leading and directing multi-disciplinary business and technology teams (consisting of information security, professional audit, and technology colleagues).

Ability to co-ordinate resources to ensure timely delivery.

Ability to negotiate, manage conflict, influence outcomes and gain buy-in for new initiatives and ways of working.

Strong verbal and written communication skills with customers, key stakeholders, and technical staff at all levels, and an ability to clearly articulate and communicate complex security concepts and issues to both technical and non-technical staff.

Ability to influence outcomes and gain buy-in.

Experience of planning, monitoring, and reporting using relevant tools.

An understanding of business analysis techniques and how their application can aid delivery.

Strong workshop facilitation skills.

Ability to effectively prioritise and execute tasks in a complex and changing environment.

Desirable

Experience working within either the ISO 27001 ISMS or NIST CSF

Experience delivering any information security tools/capabilities such as, but not limited to, Data Loss Prevention, SIEM, Identity and Access Management, EDR/XDR

The deadline for applications is 11.55pm Sunday 28th April. Please apply with a CV and a covering letter outlining your suitability for the role.

ADZN1_UKTJ

---