Technical Requirements & Triage Manager (Information Security)

The Technical Requirements & Triage Manager will be responsible for the end-to-end management of the security triage process, taking business and technical security requirements and ensuring that they are effectively analysed, prioritised and remediated. This may be through the security transformation programme, supporting ‘Sprints’, BAU or related functions such as I.T or Data Management. They will also be responsible for managing the security backlog in Jira where these requirements are itemised and specific tasks are assigned. This role is essential in ensuring that the security function is responding appropriately to potential security risks and that the overall security transformation process is successfully delivering to business needs.

Responsibilities:

• Responsible for the end to end security triage process, from analysing incoming security requirements, prioritising, risk assessing and supporting through to successful delivery / remediation.
• Ownership of the security backlog within the InfoSec Jira instance and the allocation of tasks to the relevant people/functions.
• Conduct risk assessments against incoming requirements to identify the related security implications and ensure that these are effectively logged.
• Ensure that critical or high risks items are prioritised effectively as part of BAU, transformation or sprint related activities.
• Liaise with project teams and delivery owners to ensure that backlog items are being effectively remediated as part of ongoing project work streams.
• Manage the InfoSec triage meetings to ensure that all stakeholders are aligned and agreed on ownership, actions and processes.
• Ensure that there is effective reporting to senior management (inc. CISO, Audit Committee and Board of Directors) on the remediation of backlog issues.
• Work closely with Head of Digital Awareness 
• Manage and build relationships across multiple internal functions and external third party suppliers.
• Ensure that key policy and process documentation is prepared and maintained.
• Liaise and communicate with teams across the business (IT, Data etc) to identify dependencies, potential efficiencies and cost saving.
• Ensure that appropriate escalation processes are in place for risks and issues that may cause significant business impact.
• Work closely with audit and compliance teams to ensure that regulatory issues are effectively logged and prioritised within the triage process.

Required Skills & Experience:

• Knowledge in the use of Jira as a tool to support Sprint and Programme delivery is preferred.
• A broad understanding of IT principles including: ITIL, hardware and software architecture, SDLC, operating sysadmin, networking technologies, virtualisation, shared storage, cloud, access management and mobile technologies.
• Tangible experience within an information security function with knowledge across multiple security domains.
• Strong knowledge of security risk management, including identification, prioritisation and remediation of issues.
• Wide ranging knowledge of information security and IT security frameworks, standards and application of best practice, such as ISF SoGP and ISO27001.
• Knowledge of compliance requirements, such as GDPR and PCI-DSS is preferred.
• Experience of working closely with multiple managed service providers and internal teams to deliver technical changes to strict deadlines.
• Excellent oral and written presentations skills, with the ability to discuss both technical and business issues, with a varied audience.
• Broad knowledge of security trends and incidents and their potential business impacts.