Cookies — it's your choice

At Bright Network we use cookies and similar technologies to help deliver you the best possible experience. Some are necessary to help our website work properly and can't be switched off, and some are optional but support Bright Network in building and running the service that we provide to you.

Data we store

You can find out more in our privacy policy at any time by going to the link in our footer.

    1. Home
    2. Graduate Jobs
    3. Technology & IT Infrastructure
    4. Information Security Manager Doncaster 2023
    Lock Applications for this job are now closed
    Closing soon

    We are ground breaking new digital technologies such as 4G mobile communications, cryptography, cloud computing and big data for use in physical protection systems, and critical information systems.Together we offer fantastic opportunities for committed employees to learn and develop their career with us. At Thales UK, we research, develop, and supply technology and services that impact the lives of millions of people each day to make life better, and keep us safer. We innovate across five major industries; Aerospace, Defence, Ground Transportation, Security and Space. Your health and well-being matters to us and that’s why we offer you the flexibility to do what’s important to you; whether that’s part time hours, job sharing, home working, or the ability to flex your start and finish times. Where possible, we support a working pattern that suits your lifestyle and helps you reach your ambitions.

    The Role

    The Information Security Manager will be responsible for the implementation and management of the ISO 27001 ISMS in the SCS business with Thales UK.

    Responsibilities – What success looks like

    • Maintain the ISMS for the SCS business:
    • Review Statements, policies and procedures to ensure that they are current for the services and products that are being delivered by the business.
    • Attend CAB to advise on the security aspects of change requests.
    • Undertake local surveillance audits within the scope of the ISMS.
    • Organise and Supervise IT Health Checks.
    • Attend customer Security Working Groups.
    • Provide security guidance to the engineering team.
    • Undertake risk assessments of the services being delivered to customers.
    • Identify and support the implementation of risk treatment controls.
    • Identify and monitor for vulnerabilities in the products, software being used in services, support any risk treatment for vulnerabilities.
    • Produce and maintain any customer security artefacts that are required for contracts.
    • Work with the NOC & SOC in ensuring that our protective monitoring continues to meet and exceed requirements.

    Typical Benefits

    • Competitive Salary
    • Pension – Thales match, plus 1%, with a max contribution of 7%
    • Health Insurance – 50% of Salary for 5 years
    • Life Assurance – 2 x Minimum (higher if part of the Pension Scheme)
    • Private Medical Insurance
    • Annual Leave 201 hours + 1 Company day (27 Days + Bank Holidays)
    • Annual Bonus
    • 37 Hours per week. (Half Day Friday typically)

    Experience / Skills Required

    • Identification of security risks through identification of vulnerabilities through assessment of exposure, likelihood and severity of the risk in a quantitative or qualitative format that follows an industry recognised risk assessment methodology.
    • Network and endpoint security and hardening using manufacture and industry best practices.
    • Selection of appropriate security components to provide security enforcing functions that can be justified through the evaluation of component's security function and implementation.
    • Identifying where cryptography can be applied, the fundamentals behind the technology and the ability to select the correct cryptographic product.
    • An understanding of the threats arising from the exploitation of vulnerabilities in the attack surfaces created across a distributed system and how these can be managed.
    • Articulate how security in the connected world is best implemented at the point where IT meets other industry domains such as manufacturing/CNI/Operational Technology and military environments.
    • Identification of the policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing.
    • Identification of suitable risk management activities (technical, physical or procedural) to direct and control an organisation or a system design to mitigate the identified risks.
    • Production of:
    • Policies and Standards that are required for systems operating in a controlled environments, such as ISO, industry specific for Nuclear / CNI / transportation or government/department policies.
    • Legal and regulatory topics that merit consideration when conducting various activities in the field of cyber security.
    • Understanding of human interaction with a system and developing controls that are will be effective, used by the operators and not disrupt user interaction with the system.
    • Creation of security documentation to support the development of a system, these could include: security Aspects, Risk Assessment, Risk Management, Security Policies, Security Test Plans/Results, Evaluation documents.
    • Development of tests that demonstrate the effectiveness of the design to meet the security requirements.
    • Knowledge of hardware, software, people and process vulnerabilities, how they occur, and of techniques that can be used to prevent or detect such vulnerabilities, or to mitigate their exploitation.
    • Understanding of the software development processes for implementing secure software from the design of the software to the operational use of the software.
    • High standards in written report and design documentation.
    • Presentation and communication skills.
    • Understanding of the UK Data Protection Act and the European General Data Protection Regulation.

    In line with Thales' Baseline Security requirements, candidates will be asked to provide evidence of identity, eligibility to work in the UK and employment and/or education history for up to three years. Some vacancies may require full Security Clearance which can require further evidence to be provided. For further details of the evidence required to apply for Baseline and Security Clearance please refer to the Defence Business Services National Security Vetting (DBS NSV) Agency.

    At Thales we provide CAREERS and not only jobs. With Thales employing 80,000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad, in their existing areas of expertise or by branching out into new fields. Together we believe that embracing flexibility is a smarter way of working.

    Thales UK is committed to providing an inclusive and barrier-free recruitment process. We will provide reasonable adjustments and support to ensure neuro-diverse applicants or those with a disability or long-term condition can be their best during the recruitment process. To request an adjustment, if you need this job advert in an alternative format or if you have any questions about the recruitment process, please contact Resourcing Ops for mid to senior roles, or the Early Careers Team for graduate and apprentice roles.

    Great journeys start here, apply now!