Cybersecurity Lead

At AND, we accelerate the development of digital capabilities. In practice, that means helping ambitious leaders and organisations build the teams, products, processes and even operational structures they need to close the digital skills gap within their organisation today, so that they thrive tomorrow.

Clients rely on our experience, agility and craft skills across tech and business strategy, software development and product management to address some of the toughest challenges facing their businesses.

We bring aboard thinkers, tinkerers, passionate software craftspeople and inspiring technologists to help us solve these challenges. Together, we’re united by a sense of pragmatism, purpose and a deeply-held belief that digital products and technology alone won’t transform a business or save the world: it’s the people that count.

As a Cybersecurity Lead, you will be responsible for developing and implementing a company wide Cyber Security Strategy and Roadmap which includes hands-on development and implementation of security technologies and processes. As a result, you will need to be able to:

  • Lead the development and implementation of the Cyber Security Strategy and Roadmap which includes coordinating closely with appropriate stakeholders throughout the business to implement key initiatives.

  • Perform technical security assessments across our client work, identify and prioritise security issues, and work the key stakeholders to develop remedial actions for non-compliance areas.

  • Evaluate alerts from security tools to determine the impact of security issues on company deployed client solutions and help to formulate action plans for remediation.

  • Perform external and internal network scans to discover potential threats and work with other IT teams to remediate issues.

  • Respond to security incidents as they arise which includes coordinating with the appropriate stakeholders across the business to contain and eradicate the security issue.

  • Develop security policies and standards and ensure they are communicated and adhered to across the business.

  • Build and develop long term relationships with various business stakeholders which includes regular updates to the Cyber Security Committee.

  • 8+ years of cyber / information security experience in a mix of industry and consulting work .

  • Experience achieving security compliance certifications such as ISO27001, PC DSS, and Cyber Security Essentials.

  • Good understanding and experience leveraging a cyber security controls framework such as NIST.

  • Application security / development background and proven experience working with developers including implementing various security controls within the SDLC process.

  • Strong hands-on, technical skills across many types of security technologies (e.g., firewalls, vulnerability management, IAM, DLP, etc.) including experience working in a cloud environment.

  • Hands-on experience in responding to security incidents, performing forensics and attack analysis.

  • Strong interpersonal skills and experience of developing strong relationships, either as a consultant or demonstration of significant influencing abilities within an organisation.

  • Strong business acumen with the ability to build business cases for technology initiatives and to effectively communicate the value proposition to non-technical stakeholders

  • Highly motivated individual who has the natural ability to work independently.

  • Certifications in one or more of the following areas are highly desired: CISSP, CISM, GISO, GCIH.

From the work we deliver, to the way we serve and support our people, we work hard to ensure that there’s nowhere quite like AND. But joining a company is a two-way street: the fit has to work on both sides. So before you apply, here’s three key things to understand about us:

  • We’re built for people - like, real humans. Not ‘resources’ or ‘staff’. That means happiness and wellbeing really do matter to us, and we hate unnecessary hierarchy and bureaucracy.

  • There’s no well-trodden path ahead: AND is growing fast and forging a new trail. That’s exciting, and gives us all the autonomy and opportunity we love - but bear in mind it also demands focus, patience and resilience.

  • Diversity is a priority. After all, to build great products that a wide variety of different people love to use, we need a wide variety of people to help us build them. So diversity is more than a policy or a word: it’s business critical for us.