Senior Security Project Assurance Consultant
Our client, a well known organisation within the UK, are looking for a Senior Information Security Consultant to help ensure that IT projects are delivered securely, protecting client and employee data.
Duties & Responsibilities of the Senior Information Security Consultant
- As an experienced Senior Information Security Consultant, you’ll be a trusted consultant to the business. Your brief will span security assurance, BAU, and a diverse portfolio of IT projects. Working closely with project and programme teams, including Security Architects, Technical Designers and Product Owners, you’ll see that projects are delivered securely and compliantly, protecting all sensitive data. Put simply, you will make sure the right security controls are always built in.
- Supporting in-house development utilising Agile and Waterfall methodologies, a strong knowledge of security testing will be particularly important.
- Review projects; provide options on the best security solutions; engage with external and internal security testing resources to agree the scope of testing required; coordinate the testing process; explore the results, then assess and mitigate the risks in collaboration with the project team.
- Taking ownership of security solutions, ensuring compliance with Information Security policies and standards
- Manage external resources to ensure that penetration testing is carried out to a suitable standard on time and within budget
- Working with development teams ensuring SDLC
- Responsible for ensuring that any vulnerabilities identified are processed in accordance with the latest Information Security Risk Management process including; risk analysis, identifying and applying appropriate controls, recording, reviewing and approval
- Assess the current technology infrastructure to identify information security and compliance risk areas and recommend controls to address those risks
- Undertake technical delivery of security aspects of solutions
- Review architectural and design documents from a security standpoint
- Define security non-functional requirements
- Carry out PCI assessments on projects where necessary
- Escalate security when necessary
Desired Skills & Experience of the Senior Information Security Consultant
- Strong risk management knowledge and experience
- Strong stakeholder management
- Experience providing security consultancy throughout whole project lifecycles
- Experience managing penetration tests
- Track record in security assurance and compliance,
- Comfortable in a Hybrid environments, ideally be familiar with On-Premise Data Centre infrastructure and various Cloud Service Providers.
- Understanding of architecture principles and frameworks
- Broad knowledge and understanding of IT concepts
- Knowledge of OWASP vulnerabilities, tools and methodologies
- Knowledge of security compliance standards such as ISO27001 & PCI DSS
- Extensive knowledge of "good" security practice
- CISSP, CISM, CRISC, CEH, CCSP etc are desirable