Information Security Consultant (CISSP)

Peoplecom Ltd
18 May 2017
16 Jun 2017
Contract Type
Full Time

cissp cism cisa "information security" infosec cyber security "iso 27001" consultant

CISSP Information Security Consultant for a major global communications services provider

Up to £65k base plus 15% bonus and benefits



  • Subject matter expertise (SME) on matters relating to information and cyber risk management.
  • Information security and Cyber security governance over internal projects and programmes.
  • Information security and cyber policies development.
  • Undertaking Information security and Cyber security risk assessments and compliance reviews.
  • Provision of information risk management SME advice and guidance to key stakeholders across the Business Units.
  • Management of the ISMS and associated industry Information and Cyber security certifications.

Key accountabilities

Supports Information Security Manager in achieving the following,

  • Maintaining the ISO 27001:2013 certification and managing the certification life cycle.
  • Planning, managing and facilitating external information security audits (BSI, regulators, customers)
  • Developing and maintaining ISMS across all geographically dispersed locations.
  • Developing and managing information security and cyber risk methodologies and procedures.
  • Provide coaching and cross-training to Information and Cyber risk management colleagues in order to increase the skills maturity of the function as a whole.
  • Information and cyber security risk assessments of internal systems, networks and outsourcing/third-party agreements.
  • Provides information security support to internal projects and programmes, ensuring a security lifecycle approach is taken during development activities.
  • Ensuring adequate monitoring capability is incorporated into solutions in order to provide information and cyber risk metrics and key risk indicators.
  • Identify and assess key information risk management risks arising from significant events, audit observations, investigations and control issues
  • Tracking Information and Cyber security roles, issues, risks and be a point for escalation as appropriate.
  • Developing and maintaining Information and Cyber security policy, standards, procedures and documentation, taking account of current best practice, legislation and regulation.
  • Monitoring compliance with policy and standards and driving the closure of gaps.
  • Supporting customer bid process ensuring that technical information security input is provided in a timely manner.
  • Keeping current with Information and Cyber security threats and technical controls/solutions.
  • Day-to-day management of our security risk management toolset.

Key performance indicators (financial and non-financial)

  • Identify, assess and report key information risk management risks arising from significant events, audit observations, projects, investigations and control issues.
  • Planning and execution of remediation activity, working with relevant BU teams as appropriate to ensure successful and timely completion of agreed actions.
  • Implementation of an agenda of consistency, effectiveness and efficiency for Information and cyber risk management across the company.
  • Continual development of the ISMS processes.

Relationships and key contacts

  • Senior stakeholder management, close engagement with Business Units, particularly with Operations and Technology areas.

Role specific requirements

Skills & Experience

  • Has a comprehensive level of technical knowledge, and practical experience, in information security in a large-scale enterprise environment. Experience in a telecommunications industry would be preferable.
  • Has experience of working within information security, including network technologies, infrastructure/cloud security architectures and configurations, application/database security, encryption mechanisms, logical data/information storage techniques, data management and mobile technologies.
  • Has experience in conducting complex risk assessments in accordance with a recognised risk assessment/management methodology such as COBIT, ISF/IRAM, ISO27005.
  • Has experience of working with ISO 27001.
  • Has strong analytical and project management skills would be beneficial.
  • Has strong communication skills, both written and verbal and able to translate the technical risk jargon into clearly understood business language.


  • CISSP, CISA (mandatory).
  • Degree in technical subject (MSc in Information Security preferred).
  • Member of the Institute of Information Security Professionals (preferred).
  • ISO 27001 Implementer or Lead Auditor (preferred).
  • Any GIAC certification(preferred).