Cyber Security Lead

Doherty Associates (DA) have delivered IT solutions for over 32 years to world-renowned, international clients. Our customers operate mainly in the professional and financial services sector, including leading private equity and venture capital firms and top 10 UK law firms.

We are a Microsoft Solutions Partner with four designations, hold a Tier 1 Microsoft CSP relationship and are ISO27001 & ISO9001 accredited. We work to the NIST Cyber Security Framework, and our solutions typically build upon the Microsoft security stack. Our customers value our consultative, holistic, and risk-based approach to security, and have built a reputation as a company that keeps its promises and delivers quality.

About the role

Reporting to the Professional Services Director, the Cyber Security Lead will play a key role in the delivery of our Security Managed Service and Professional Services functions, helping evolve and develop DA’s offerings and our service capability.
This is a technically hands-on role, focused on the continued success of our security function. As such, you will provide the day-to-day technical expertise and guidance on security operations activities, such as vulnerability management, major incident response, and security monitoring improvements.
You will be comfortable working with Sales and Marketing functions to raise our public profile by contributing to online blogs and webinars or thought leadership discussions. You will also provide insights and guidance to our customers as a vCISO and therefore, will be expected to demonstrate significant technical expertise in the audit, assessments, design, implementation, testing, compliance, reporting, support, and handover of security projects.

Responsibilities

Development of the security strategy (in conjunction with the Professional Services Director)

• Contribute to the evolution and growth of the Managed Security Service. Recommend solutions to address the constantly changing threat landscape.
• Keep up to date with developments in the security field, especially significant new threats, and emerging technologies.
• Contribute to the blogs and deliver webinars, slide decks and security briefings.
• Deliver the technical and advisory aspects of Managed Security Services across the customer base.
• Understand and consult with customers (and internal colleagues) on governance and compliance matters.
• Own the relationship with security vendors, ensuring DA continues to leverage the best product stack efficiently.
• Gather and understand requirements for security projects.

Leadership of the security function

• Represent the security function (including the 24/7 Incident Response capability) within the business.
• Lead the team of security professionals. Foster the culture of continuous feedback and personal growth, inspire and encourage innovation.
• Ensure effective cross-functional collaboration.
• Project delivery and customer engagement
• Lead the customer engagement as the trusted security advisor.
• Perform ad-hoc onsite consultancy as and when required.
• Perform requirements analysis following customer engagements.
• Design, architect, and deliver security projects.
• Document and transition projects into support.
• Assist in resolving issues post-implementation.
• Be the escalation point for complex security issues that can’t be resolved by junior engineers.
• Complete project time reporting requirements in a timely manner.

Qualifications, experience, and skills

• Some of the following certifications: CISSP, CISA, CYSA+, Security+, CISM, CEH, Microsoft Security (SC-200, AZ-500, MS-500).
• Previous experience of working in roles such as Cyber Security Consultant or vCISO, consulting to external clients (delivering workshops and reporting sessions).
• Background of working in roles such as Security Operations, Network Engineering, Software Development, or Infrastructure Support Engineer.
• Experience in overseeing and leading remediation of security assessments, technical testing, and vulnerability analysis including Cyber Essentials, Cyber Essentials Plus, and NIST CSF.
• Hands-on experience in delivering security projects, including implementation and post-implementation support, providing guidance and support to customers throughout.
• Evidence of successful leadership, both leading the function and people.
• Technical knowledge and broad hands-on experience of working with security technologies such as the
• Microsoft XDR stack, vulnerability management tools, SIEMs including Sentinel.
• Experience in incident response and overseeing operational improvement actions such as development and tuning of security monitoring, alerting, and reporting.
• Strong communication skills, both verbal and written.
• Fluent English.
• Leadership qualities

Professional with gravitas (influential and senior level)
Accountability – a sense of full responsibility for the team’s performance
Empathy – ability to listen to understand, support, and acknowledge challenges staff may be facing.
Adaptability – ability to apply a flexible approach that allows you to pivot as necessary. Able to overcome unexpected challenges rather than resisting them. Able to respond to a fast-changing economic and technical environment.
Focus – ability to maintain the big picture view to help steer the team.
Positivity – the ability to motivate the team to achieve goals, do their best and exceed expectations.

What we offer in return

• Basic salary plus bonus
• 34 days of annual leave (incl. 8 UK bank holidays and a day off on your birthday)
• We are passionate about our success being driven by ‘better together’ and offer hybrid working with subsidised home-to-office travel costs
• Enhanced family-friendly benefit schemes including company sick pay
• Sponsored training and development, technical exams incentive scheme
• Private medical insurance and Employee Assistance Programme
• Income protection and life insurance
• Company Pension scheme
• And many more other benefits!