Information Security Consultant (CISSP)
cissp cism cisa "information security" infosec cyber security "iso 27001" consultant
CISSP Information Security Consultant for a major global communications services provider
Up to £65k base plus 15% bonus and benefits
- Subject matter expertise (SME) on matters relating to information and cyber risk management.
- Information security and Cyber security governance over internal projects and programmes.
- Information security and cyber policies development.
- Undertaking Information security and Cyber security risk assessments and compliance reviews.
- Provision of information risk management SME advice and guidance to key stakeholders across the Business Units.
- Management of the ISMS and associated industry Information and Cyber security certifications.
Supports Information Security Manager in achieving the following,
- Maintaining the ISO 27001:2013 certification and managing the certification life cycle.
- Planning, managing and facilitating external information security audits (BSI, regulators, customers)
- Developing and maintaining ISMS across all geographically dispersed locations.
- Developing and managing information security and cyber risk methodologies and procedures.
- Provide coaching and cross-training to Information and Cyber risk management colleagues in order to increase the skills maturity of the function as a whole.
- Information and cyber security risk assessments of internal systems, networks and outsourcing/third-party agreements.
- Provides information security support to internal projects and programmes, ensuring a security lifecycle approach is taken during development activities.
- Ensuring adequate monitoring capability is incorporated into solutions in order to provide information and cyber risk metrics and key risk indicators.
- Identify and assess key information risk management risks arising from significant events, audit observations, investigations and control issues
- Tracking Information and Cyber security roles, issues, risks and be a point for escalation as appropriate.
- Developing and maintaining Information and Cyber security policy, standards, procedures and documentation, taking account of current best practice, legislation and regulation.
- Monitoring compliance with policy and standards and driving the closure of gaps.
- Supporting customer bid process ensuring that technical information security input is provided in a timely manner.
- Keeping current with Information and Cyber security threats and technical controls/solutions.
- Day-to-day management of our security risk management toolset.
Key performance indicators (financial and non-financial)
- Identify, assess and report key information risk management risks arising from significant events, audit observations, projects, investigations and control issues.
- Planning and execution of remediation activity, working with relevant BU teams as appropriate to ensure successful and timely completion of agreed actions.
- Implementation of an agenda of consistency, effectiveness and efficiency for Information and cyber risk management across the company.
- Continual development of the ISMS processes.
Relationships and key contacts
- Senior stakeholder management, close engagement with Business Units, particularly with Operations and Technology areas.
Role specific requirements
Skills & Experience
- Has a comprehensive level of technical knowledge, and practical experience, in information security in a large-scale enterprise environment. Experience in a telecommunications industry would be preferable.
- Has experience of working within information security, including network technologies, infrastructure/cloud security architectures and configurations, application/database security, encryption mechanisms, logical data/information storage techniques, data management and mobile technologies.
- Has experience in conducting complex risk assessments in accordance with a recognised risk assessment/management methodology such as COBIT, ISF/IRAM, ISO27005.
- Has experience of working with ISO 27001.
- Has strong analytical and project management skills would be beneficial.
- Has strong communication skills, both written and verbal and able to translate the technical risk jargon into clearly understood business language.
- CISSP, CISA (mandatory).
- Degree in technical subject (MSc in Information Security preferred).
- Member of the Institute of Information Security Professionals (preferred).
- ISO 27001 Implementer or Lead Auditor (preferred).
- Any GIAC certification(preferred).