Security Delivery Associate Manager, Cyber Generalist
Manchester, United Kingdom
Full Time Mid-level / Intermediate Clearance required GBP 28K - 67K *
Company Description
Our cyber practice is a fast-growing community of industry leading experts. The practice covers Assurance, Compliance, Security Operations, Offensive Security and Security Research.
We are looking for enthusiastic security professionals to join our fast-growing cyber practice. We work with both public and private sector clients, such as the UK central government and blue-chip companies, to deliver tailored solutions that meet their compliance and business requirements.
Job Description
Due to the nature of the client engagements, every employee needs to be able to achieve Security Clearance.
This means that you need to have the right to take up employment within the UK, do not have or require any visa to work, and have been resident in the UK for at least 5 years without any gap(s) totalling more than 6 months.
As an employer we believe in facilitating a flexible work pattern whilst taking into consideration operational requirements, client and individual needs. We are proud of our hybrid work pattern that typically sees employees in the office for a minimum of 2 days per week.
You should be able to easily commute to our Manchester office. For some roles/projects, travel to the clients offices will be required and the frequency is often determined by the client.
Diversity, equity and inclusion are integral to the success of 6point6. We welcome applicants with different perspectives, skills, life experiences and backgrounds, and are proud to have an organisational culture where employees can bring their authentic selves to work.
We are looking for a technical cyber security generalist consultant with experience in solving complex cyber security problems utilising your technical expertise and learned experience.
As a cyber generalist we expect you to demonstrate advanced skills and a high level of expertise across multiple facets of the cyber security domain, some examples of the types of experience that would be beneficial can be found below, we do not expect any candidate to have experience of all of these areas.
We expect a technical cyber security generalist consultant to align their work with SFIA Level 5 responsibilities, which include influencing policy, overseeing complex projects, and delivering high-quality security solutions.
Key responsibilities across our cyber roles:
Security Governance and Compliance
●Develop and implement security policies, standards, and guidelines
●Ensure compliance with relevant legal and regulatory requirements
●Conduct security audits and risk assessments to identify vulnerabilities
●Develop, implement, and maintain security policies, standards, and guidelines to ensure organisational security objectives are met
●Conduct regular security audits and assessments to ensure compliance with internal policies and external regulatory requirements
●Monitor and evaluate compliance with legal and regulatory requirements
●Develop and oversee a comprehensive risk management program to identify, assess, and mitigate security risks
●Ensure the organisation adheres to industry best practices and frameworks, such as ISO 27001, NIST, and COBIT
●Prepare and deliver compliance reports to senior management, detailing the organisation’s compliance status and areas for improvement
●Collaborate with internal and external stakeholders to ensure security policies are effectively communicated and understood
●Provide guidance and support to business units on compliance-related issues and the implementation of security controls
●Maintain documentation of all compliance-related activities, including risk assessments, audit findings, and remediation efforts
●Stay current with evolving laws, regulations, and industry standards to ensure the organisation’s security posture remains compliant and up-to-date
Security Operations
●Monitor security systems and develop alerting use cases
●Provide best practice advice for SecOps/SOC teams
●Support the establishment and delivery of SecOps strategies
●Perform SOC Maturity Assessments via SOC-SMM framework
●Perform threat hunting and vulnerability management
●Manage and analyse security incidents, and provide recommendations for containment and resolution
●Create and present incident and SecOps performance reporting
Security Assurance
●Conduct security assessments and facilitate penetration testing
●Provide assurance on the effectiveness of security controls
●Develop and maintain security documentation and reports
●Advise on full Policy Life Cycle Management
●Apply standard Information Assurance models to new and existing client engagements
●Conduct comprehensive security assessments to identify vulnerabilities in systems and networks
●Develop and maintain security testing plans, procedures, and documentation
●Ensure security measures are implemented effectively during system development and deployment
●Review and assess the security posture of third-party vendors and partners
●Validate the effectiveness of security controls through regular testing and audits.
●Provide detailed reports on security assessment findings, including risk analysis and remediation recommendations
●Collaborate with development and operations teams to ensure security requirements are met throughout the project lifecycle
●Implement and manage security tools and technologies to enhance security posture
●Stay up-to-date with the latest security trends, vulnerabilities, and regulatory requirements
●Develop and deliver security training and awareness programs for clients
●Perform incident response activities, including investigation, mitigation, and reporting
●Ensure compliance with industry standards, such as ISO 27001, NIST, GDPR, and others
●Support the development of security policies, procedures, and guidelines
●Provide expert advice on security best practices to enhance overall security resilience
Security Architecture
●Design and review security architectures for new and existing systems
●Provide security input during project design and implementation phases
●Ensure that security architecture aligns with business objectives and compliance requirements
●Define the Security Architecture roadmap
●Investigate and thoroughly understand applications and systems
●Ensure that the scope, context and constraints are documented and accepted
●Identify, engage and manage stakeholders
●Facilitate the making of system-level security decisions, ensuring that they are made on the basis of the best information and are aligned with risk owner needs
●Define and document strategies, standards and guidelines to direct the build and deployment of the system
●Ensure that agreed upon architectural principles and standards are applied to the finished system or product
●Provide security architecture and technical leadership
Offensive Security
Carry out broad-scope ethical hacking engagements typically encompassing all of the customer's digital assets
Execute penetration testing on web applications, networks, and systems to uncover vulnerabilities
Craft, refine, and deploy custom exploits
Record findings, generate penetration test reports, and convey results to both technical and non-technical stakeholders
Collaborate with the security team to provide insights and recommendations for security enhancements
Engage in red teaming exercises, emulating advanced adversarial tactics and techniques
Stay updated with the latest vulnerabilities, exploits, and industry best practices
Partner with the Blue Team and other security experts to hone detection and response capabilities
Security Strategy
●Develop the security practice strategy in alignment with corporate strategy
●Evolve current, retiring and developing new services in conjunction with practice owners and aligned to corporate strategy
●Work with business development as the “voice of the customer”
●Work with suppliers to maintain relationships and develop new services that complete the “kit list” that 6point6/ Accenture recommends to customers
●Monitor emerging trends
●Engage with industry bodies
●Aligning and maintaining certification for the organisation with individual goals
●Influence training plans to align with corporate goals
●Maintain awareness of regulatory changes that will impact service and drive opportunity
●Work with business development to respond to bids
Consultancy and Advice
●Provide expert advice on security best practices to clients
●Assist clients in developing and enhancing their security posture
●Deliver security awareness training and workshops
Skills and Knowledge
This is a generalist role but some of the key skills we are looking for are:
●Proven experience in a cyber security role, with a focus on consultancy
●Comprehensive understanding of security principles, techniques, and technologies
●Experience with security frameworks and standards (e.g., ISO 27001, NIST, GDPR, CAF)
●Knowledge of Incident response and management frameworks such as NCSC, NIST, and CREST
●Experience performing maturity assessments and utilising their outcomes to drive security strategy
●Strong analytical and problem-solving skills
●Excellent communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders
●Proficiency in security tools and technologies, such as SIEM, IDS/IPS, and vulnerability scanners
●Relevant certifications such as CISSP, CISM, or equivalent are highly desirable.
●Autonomy: Works under broad direction. Work is often self-initiated
●Influence: Influences organisation, customers, suppliers, partners, and peers on the contribution of their own specialism. Builds appropriate and effective business relationships
●Complexity: Performs an extensive range and variety of complex technical and professional work activities. Work requires application of fundamental principles in a wide and often unpredictable range of contexts
●Business Skills: Advises on the available standards, methods, tools, and applications relevant to own specialism and can make appropriate choices from alternatives. Analyses, designs, plans, executes, and evaluates work to time, cost, and quality targets. Communicates effectively, both formally and informally.
Qualifications
We will consider all applications but some of the qualifications we would like to see are:
● Bachelor’s degree in Cyber Security, Information Technology, or a related field.
● Professional certifications (e.g., CISSP, CISM, CEH, CompTIA Network+, CompTIA Security+, SANS certifications).
● Professional memberships
● NCSC CCP Scheme
Whilst having experience in a consultancy is beneficial, demonstrable experience in working with clients/external partners in other settings will always be considered.
During your career with us, we actively encourage and support employees to continually up-skill and develop their skills and knowledge.
Additional Information
Who are 6point6, part of Accenture?
Now part of Accenture, 6point6 drives the right change in every organisation through the positive impact of technology. Leading with strategy, architecture, and design, we connect cloud, data, and cyber to engineer and deliver large-scale, complex transformations across public and private sectors.
We help organisations realise the value of their business strategy, allowing them to engage in a more meaningful way with their end customers. Our clients work with us because they know for us it’s never just about the project at hand. It’s about creating lasting partnerships built on trust and enabling their long-term success.
We have lead offices in central London and Manchester, as well as access to other Accenture office locations around the UK.
Why us?
6point6 strives to create and maintain a work environment in which people are treated with dignity, decency and respect. We champion diversity and are committed to creating an inclusive environment for all employees. A number of employee-led groups work with us to create a unique, fun and fulfilling environment that contributes positively to our culture and our corporate social responsibility commitments.
We are fully committed to hiring, developing and retaining the best people and operate a zero tolerance culture towards any discrimination.
Irrespective of your needs, and no matter how small, please let the Recruitment Team know if there are any ways that we can support you during the hiring process.
Benefits
From health and wellness to lifestyle and finances, we have your best interests at heart.
We offer a competitive salary and benefits package that includes all the standard offerings you’d expect like company bonus plan, pension, private medical, life assurance and income protection. Employee wellbeing is also of the utmost importance to us and we have many benefits supporting wellbeing including an employee assistance programme, life coaching, a cycle to work scheme with bike storage and much more.
Our Values
Our people shape our culture and our values are embedded into everything we do.
HUMAN: We celebrate our differences and bring our authentic selves to work. We are one, inclusive, team.
DEDICATED: We are dedicated to each other, our clients and to our profession. We care.
HONEST: We embrace transparency, act with integrity and encourage everyone to speak openly.
BRAVE: We empower each other to make bold decisions, to take ownership and to challenge with respect.
We are a disability confident committed employer.
If you have access requirements and would like to discuss with us, please contact us: recruitment@6point6.co.uk
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits Blue team CEH CISM CISSP Clearance Cloud COBIT Compliance CompTIA CREST Ethical hacking Exploits GDPR Governance IDS Incident response IPS ISO 27001 NIST Offensive security Pentesting Red team Risk analysis Risk assessment Risk management SANS SecOps Security assessment Security Clearance Security strategy SIEM SOC Strategy Vulnerabilities Vulnerability management
Perks/benefits: Career development Competitive pay Equity / stock options Flex hours Health care Salary bonus Wellness
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.