We have an exciting opportunity for an experienced Senior Cyber Security Consultant to deliver cyber security support and consultancy to our varied client base across the retail, insurance, financial services and telecommunication sectors. The role will be based from home or from our Central London offices near Liverpool Street Station, with travel to client sites as required.
Senior Cyber Security Consultant
Location: Remote / hybrid – UK
Client Location / South East Based
Salary: £65,000 to £80,000
Who we are:
Blackfoot UK are an information audit, risk, security and compliance company supplying professional services across a broad range of sectors. The Company was initially formed in 2008 to specialise in payment security and has since grown organically into a highly respected thought-leading information risk, cyber security and compliance consultancy.
By combining creative thinking, selective hiring, passionate vision and exceptional service, our small and highly experienced team provides a commercially balanced blend of strategic and tactical advice, technical assessments and assurance & audit services. We supply to companies across many sectors including retail, insurance, financial services and telecommunication.
We offer a number of products and services sitting across our functions:
+ Governance, Risk and Compliance
+ Technical Assurance, Threat and Vulnerability Management Services
+ Audit and Certification Services
+ Security Architecture
+ Virtual CISO and Managed Security Services + Training
The Senior Cyber Security Consultant Opportunity:
We are looking to add to our team of respected Cyber Security Professionals during this exciting time of growth. Ideal candidates will be experienced at leading, implementing, advising and supporting cyber security programmes.
The role will involve undertaking risk, compliance and third-party supplier assessments, leading improvement projects and acting as a trusted advisor to our clients. Utilising your thorough commercial and technical understanding of IT controls, information security frameworks, eco-systems and security standards, you will offer value-add advice and solutions to our clients to support our continued growth.
Consultancy activities will include a range of:
+ Working with the client’s management and technical teams, undertake risk, compliance and third party supplier assessments
+ Undertaking information security gap analysis and audits against established standards and regulations such as ISO 27001, SANS CSC, Cyber Essentials and the GDPR
+ Analysing findings and translating needs into actionable recommendations
+ Writing and presenting detailed findings and recommendations reports, providing added value and thought leadership
+ Creating and reviewing risk management and information security frameworks and policies
+ Chairing information security committee meetings with clients
+ Participating in lessons learned exercise to create recommendations for improving future engagements
+ Acting as a virtual CISO to a number of clients, assisting, advising and supporting their multi-year cyber security programmes
Essential Skills and Requirements, the majority of:
+ Ability to translate technical issues into business terms
+ Commercial and technical understanding of information security frameworks and eco- systems
+ Experience at leading, implementing and managing cyber security programmes
+ Knowledge of common IT risk and controls standards such as COBIT, COSO, ISO 27001, ISO 3100, SANS CSC, Cyber Essentials and the Data Protection Act
+ Knowledge of at least one risk assessment methodology
+ Understanding of the range of technical IT and business controls available to protect the Confidentiality, Integrity and Availability (CIA) of data
+ Understand customer environments and be able to work with both technical teams and senior management to identify issues and risks
+ Excellent customer relationship skills, creation and presentation skills
+ Awareness of common attack vectors such as hacking, malware, DDoS etc.
+ Knowledge of common application vulnerabilities and mitigation approaches
+ A commitment to personal development and keeping a current knowledge of the security industry threats and best practices
+ Knowledge and experience of cloud security
Relevant degree and/or relevant certification, including:
+ Certified Information System Security Professional (CISSP) + Certified Information Security Manager (CISM)
+ Certified in Risk and Information Systems Control (CRISC)
Valued Additional Qualifications:
+ IAPP CIPP/E
+ IAPP CIPM
+ PCI DSS QSA or ISA
GIAC Systems and Network Auditor (GSNA), International Register of Certificated Auditors (IRCA), Information Security Management System Auditor (ISMS) or Certified Internal Auditor (CIA)
What we offer:
The Company is going through an exciting period of organisational growth and we work with high profile clients in a diverse and interesting landscape. Our business is continually evolving to meet the greater security needs of our clients. This is a great opportunity to join a fast paced entrepreneurial and thought-leading company and have an impact on the success of our information security managed service offering.
The right candidate will join a small, established and thought-leading Consultancy. Working in a supportive and pragmatic culture, you will make a real impact on the service provision to our clients and be integral to the growth of our business, which in turn will lead to future career progression opportunities for our outstanding talent.
This role offers an attractive basic salary and benefits package of 25 days’ holiday, 4% employer pension contribution (employee contribution 4% of salary) after 3 months, life assurance and private medical insurance after 6 months, training and professional development.
We reward on success and are fully committed to promoting the on-going career development and future growth of our staff.
If you have any pre-application questions please contact us first quoting the job title & ref. Good luck, Team RR.