Exciting opportunity for an experienced Senior Information Security Consultant to join a thought-leader in the Information Security sector. Based from home, with regular travel to client sites as required you will deliver information governance, risk, security, audit and compliance consultancy to our varied client base across the retail, insurance, financial services, and telecommunication sectors.
Senior Information Security Consultant
Based from Home / Hybrid, travel to client sites
£75,000 – £95,000
Plus Benefits Package (pension, private medical, life assurance, 25 days holiday, training and professional development)
The Senior Information Security Consultant Opportunity:
We are looking to add to our team of respected Information Security Professionals during this exciting time of growth. Ideal candidates will be experienced at leading, implementing or auditing IT Controls, Data Privacy compliance or Information Security Standards such as ISO 27001.
The role will involve undertaking risk, compliance, privacy and third-party supplier assessments, leading improvement projects and conducting controls and security audits. Utilising your thorough commercial and technical understanding of IT controls, information security frameworks, eco-systems and security standards and the GDPR, you will offer value-add advice and solutions to our clients to support our continued growth.
Essential Skills and Requirements, the majority of:
+ Ability to translate technical issues into business terms
+ Commercial and technical understanding of information security frameworks and eco-systems
+ Experience at leading, implementing or auditing IT controls or information security frameworks
+ Knowledge of common IT risk and controls standards such as COBIT, COSO, ISO 27001, ISO 3100, SANS CSC, Cyber Essentials and the Data Protection Act
+ Knowledge of at least one risk assessment methodology
+ Understanding of the range of technical IT and business controls available to protect the Confidentiality, Integrity and Availability (CIA) of data
+ Understand customer environments and be able to work with both technical teams and senior management to identify issues and risks
+ Excellent customer relationship skills, creation and presentation skills
+ Awareness of common attack vectors such as hacking, malware, DDoS etc.
+ Knowledge of common application vulnerabilities and mitigation approaches
+ A commitment to personal development and keeping a current knowledge of the security industry threats and best practices
+ Knowledge and experience of the GDPR
+ Knowledge and experience of PCI DSS
Relevant degree and/or relevant certification, including:
+ Certified Information Security Auditor (CISA)
+ Certified Information System Security Professional (CISSP)
+ Certified Information Security Manager (CISM)
+ ISO 27001 Lead Implementer
+ ISO 27001 Lead Auditor or Internal Auditor
+ Certified in Risk and Information Systems Control (CRISC)
Valued Additional Qualifications:
+ IAPP CIPP/E
+ IAPP CIPM
+ PCI DSS QSA or ISA
+ GIAC Systems and Network Auditor (GSNA), International Register of Certificated Auditors (IRCA), Information Security Management System Auditor (ISMS) or Certified Internal Auditor (CIA)
Consultancy activities will include a range of:
+ Working with the client’s management and technical teams, undertake risk, compliance, privacy and third party supplier assessments
+ Undertaking information security gap analysis and audits against established standards and regulations such as ISO 27001, SANS CSC, Cyber Essentials and the GDPR
+ Analysing findings and translating needs into actionable recommendations
+ Writing and presenting detailed findings and recommendations reports, providing added value and thought leadership
+ Creating and reviewing risk management and information security frameworks and policies
+ Creating and delivering security awareness training material
+ Chairing information security committee meetings with clients
+ Participating in lessons learned exercise to create recommendations for improving future engagements
Who we are:
We are an information audit, risk, security and compliance company supplying professional services across a broad range of sectors. The Company was initially formed in 2008 to specialise in payment security and has since grown organically into a highly respected thought-leading information risk, cyber security and compliance consultancy.
What we offer:
The Company is going through an exciting period of organisational growth and we work with high profile clients in a diverse and interesting landscape. Our business is continually evolving to meet the greater security needs of our clients. This is a great opportunity to join a fast paced entrepreneurial and thought-leading company and have an impact on the success of our information security managed service offering.
The right candidate will join a small, established, growing and thought-leading Information Security Consultancy. Working in a supportive and pragmatic culture, you will make a real impact on the service provision to our clients and be integral to the growth of our business, which in turn will lead to future career progression opportunities for our outstanding talent.
This role offers an attractive basic salary and benefits package of 25 days’ holiday, 4% employer pension contribution if the employee contributes the minimum employee contribution of 5% of salary, life assurance and private medical insurance after 6 months.
We reward on success and are fully committed to promoting the on-going career development and future growth of our staff.
If you have any pre-application questions please contact us first quoting the job title & ref. Good luck, Team RR.