Security Consultant - Security Risk and Governance
60,000 - 80,000 per annum
The Cyber & Security Division is at the forefront of supplying technology and services for both civil and defence markets, in both the UK and around the world, to enhance the capabilities of its Customers. Within the Cyber & Security Division is our Cyber Consulting Practice which is where this role is positioned.
Cyber Consulting practice works across a diverse array of sectors including Defence, Telecommunications, Energy and Finance to help secure national infrastructure in the UK and beyond. Our Practice is certified by the UK NCSC in the provision of advice and guidance to our customers across both enterprise and operational technology across all of the NCSC defined security domains of Governance and Risk Management, Security Architecture and Compliance.
This is a highly rewarding and hands on role with exposure across both traditional and cutting edge enterprise IT as well as bespoke Operational Technology systems with a clear and defined pathway to achieve chartership, NCSC certification and greater responsibility.
What we are looking for:
- A confident understanding of TCP/IP based networking concepts across the OSI model layer as well as the common protocols and their risks.
- At least 1 recognised professional certifications in in Cyber Security such as Sec+, CISMP, and CCNA Security.
- Experience of indirectly managing project delivery and associated metrics such as time, cost and quality.
- Experience of and ability to manage multiple stakeholders and their needs with empathy, finding an appropriate balance of listening and speaking.
- An ambitious and creative drive to help safeguard UK national infrastructure and become a recognised cyber expert.
- Varied experience in the development and mentoring of junior team members.
- UK SC Clearance or the ability obtain it as well as other more in depth security clearances.
- Confident understanding of risk management and general best practice with knowledge of best practice standards such as NIST SP800-37, 30 and ISO-31000, 27005.
- Varied Experience of assessing risk and building or evolving risk management framework components such as measurement criteria.
- Good ability to articulate abstract risk based concepts and approaches and its relationship to threat and vulnerability.
- Varied experience of assessing, defining and implementing security governance frameworks.