IT Security Consultant
IT Security Consultant
My client, a financial services business based near Staines are actively looking for an IT security consultant to join their expanding team. The team is continuing to expand and now stands at around 15, UK wide. This is an organisation who are actively investing in their security capability and will allow you to have influence over the way in which the organisation manages its IT security capability.
- Within this role you will look at the information security proposals and detect where weakness may/ do occur. You will do this by analysis by conducting data flow analysis etc.
- You will also have responsibility for implementing non functional security into projects.
- Responsible for security leadership role across various business and IT driven projects and programs.
- Leading projects and risk owners through to point of risk closure - act as a leader, provide value to our business
- Security assurance services to internal Business and IT stakeholders
- Providing security requirements for every approved engagement, based on company policies, security standards and best practice.
- Working closely with project teams and business stakeholders to ensure risks within project solutions are identified and managed to point of closure (before being introduced into production).
- Responsible for identifying the need for, and managing arrangements of penetration testing within project lifecycles - also working with all parties post pen testing to ensure issues are remediated in a timely fashion.
- Responsible for supporting projects define security solutions - act as a virtual security architect in some engagements.
- Providing very clear and high quality risk reports and recommendations; enabling senior business risk owners to make the most appropriate risk decision for their line of business.
- Maintain information security risk register and ensure remediation actions are tracked and delivered on time;
- At least five years' experience of managing/performing information security consultancy / risk assessment of business systems
- Proven experience of successful delivery within both agile and waterfall structured projects
- Strong understanding of security consultancy or application security and infrastructure security
- Strong understanding, and recent experience of web application security, OWASP top 10, common security threats and how to defend against such threat vectors;
- Recent experience of security for business systems and common IT infrastructure
- Experience of operating within an ISO27001 certified environment
- Experience of working within Financial Services or similar heavily regulated business is necessary
- CISSP or CISM security qualification or equivalent experience