Recruitment

• Salary: £70-80k
• Full Time
• Permanent

 Who we are: SubSea Craft is a fast growing, privately-funded, UK-based SME delivering Advanced Maritime Technology. We leverage our team’s defence experience with cross-industry partnerships in the field of advanced naval engineering. Our flagship product, VICTA, is a Diver Delivery Unit – a surface submersible craft designed to operate at speed over range and capable of rapid transition beneath the surface to operate submerged, enabling the discreet delivery and recovery of divers. It is a unique, innovative British product focused primarily on the defence market but with utility beyond.

What we offer:

• Private Healthcare
• Life Insurance
• Critical Illness Cover
• Unlimited Paid Holiday
• Ongoing professional development and training
• Pension contribution
• Flexible Working
• A culture of diversity and innovative thinking

 Responsibilities will include:

Security Strategy: Define the organisation’s overall security strategy, taking into consideration business objectives, regulatory requirements, and risk assessments.

Policy and Procedure Development: Develop, implement, and enforce security policies and procedures throughout the organisation.

Risk Management: Lead the identification, assessment, and mitigation of security risks. This includes making decisions regarding risk tolerance and prioritising risk treatment measures.

Physical Security: Maintaining the integrity of the physical security at the site.

ISMS. Implementing, managing and reviewing Subsea Craft’s information security policies and procedures, ensuring that relevant ISMS information is shared with all employees.

Vendor and Third-Party Management: Evaluate and approve third-party vendors based on their security practices and compliance with security standards.

Incident Response: Lead the incident response team in the event of a security breach, making decisions related to containment, investigation, communication, and recovery efforts.

Technology: Oversee the management and security of the technological estate, including management of our IT service providers.

Cyber Security: Conduct security, vulnerability and threat assessments, ensuring mitigation actions are taken against identified cyber threats and vulnerabilities.

Project Management: Managing multiple security projects and initiatives, inclusion as the security expert in wider company projects ensuring security risks are addressed throughout the project lifecycle.

Training and Awareness. Promoting the participation in security training and awareness programs for all employees.

Compliance. Ensuring appropriate policies and processes are in place to meet relevant legal, regulatory and contractual security requirements.

Performance Metrics and KPIs. Developing and monitoring security performance metrics and KPIs to provide board level assurance.

Communication and Reporting: Communicate with executive leadership, the board of directors, and other stakeholders regarding the organisation’s security posture, incidents, and initiatives.

Data Protection: Ensuring compliance with GDPR regulations, responding to DSAR requests and managing the response in the event of a breach of personal data.

 

Experience:

• Proven experience (5+ years) within a digital security environment.
• Previous experience in facility management and security.
• Excellent project management skills with the ability to manage multiple projects simultaneously.
• Ability to manage cross-functional teams delivering assurance to senior management.
• Experience in reporting to senior/executive level stakeholders.
• Deep understanding of Information Security principles, frameworks and applicable regulations, e.g. ISO27001, NIST, GDPR and similar.
• Awareness of NCSC 14 Cloud Security Principles.
• Strong knowledge and experience of risk assessment and management within physical and digital security domains.
• Sound understanding of security threats, vulnerabilities, technologies and mitigating controls.
• Proven problem-solving skills and the ability to work effectively as part of a team.
• A high standard of communication, inter-personal and writing skills.

Qualifications:

Whilst not all are essential, the ideal candidate will have industry recognised certifications such as:

• Bachelor’s degree in Information Security, Computer Science, Engineering Management or a related field.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)
• ISO27001 Lead Auditor/Implementor
• NIST Foundation or Practitioner
• Certified Cloud Security Professional (CCSP)
• Chartered Security Professional (CSyP)

Required:

• Existing right to live and work in the UK and no known bar to obtaining appropriate UK security clearance as required.[1]

 

Values: Our people are our greatest asset, we continually strive to provide an excellent working environment to enable our team to do their best work. We have an agile professional workforce: we are founded on the belief that our people are valued and our business is trusted, inclusive and commercially-adept.

 

What we expect from you:

• Teamwork, mutual respect and collaboration
• Initiative and independent working
• Honesty and integrity
• Business and commercial awareness
• Agility, adaptability and continuous development

We regret that due to the high volume of applications we are unable to acknowledge every application. Please bear in mind that if you are selected for an interview we will aim to contact you within 14 days of your application or the closing date (if stated). However, if we think that your skills and qualifications may be suitable for other similar positions we may hold your details on our database and contact you in the future. Please let us know if you do not wish us to keep your details on file.

[1] Please note that DBS, Driving Licence and reference checks will be carried out and all offers of employment are subject to meeting our requirements.