This job has been posted for more than 30 working days and has expired.

Information Security Consultant

Our client Is looking for Information Security Consultant.

The security of their information is critical to the ongoing success and reputation their business.

The role of will work closely with the business and IT across a broad range of activities (projects, new product developments, business processes, stake holder advice and strategy) to ensure that information is used in a secure and appropriate manner and that technological and organisational security practices are consistent with industry standards.

It is also important that the candidate can ensure their technical environments fully support these security requirements.

Central to this role will be leading and driving all aspects of an external cyber security oversight audit, which will include reviewing and understanding IT systems and security facilitating critical business systems, liaising with the business and other technical teams, and collating the data and documenting the data for audit submission.

It is therefore essential that the successful candidate is security qualified and has run audits and programmes for security accreditation, e.g., ISO27001, NIST, NIS D, PCI DSS.

The right candidate will be expected to make recommendations and complete work to improve IT security throughout the organisation.

It is important to have a strong technical background and current skills in network, server, desktop and cloud environments.

The duties shall also include ensuring all IT security policies, procedures, standards & practices are consistently and correctly implemented across our business.

The right candidate will be familiar with dealing with Information Security standards including Cryptography, access control systems, security models and architecture.

You will be required to understand these technologies and concepts at a process and technical level, supporting risk assessment, business impact analysis and similar security governance activities.

You will have a good understanding of information security and a degree or qualification(s) in a security related discipline.

Key responsibilities:

  • Lead and drive an external cyber security audit, including creating submission documentation and liaison with the external auditor.

  • Pro-actively identify areas for security improvement and complete technical changes as well as engaging with the IT Team to achieve these improvements.

  • Review and maintenance of IT security policies, standards, procedures and processes.

  • Take ownership of tracking non-conformities and risk.

  • Conduct internal audit assessments and risk assessments.

  • Support business project requirements and ensure appropriate security requirements are identified and tracked.

  • Support security testing processes and initiatives, such penetration testing and vulnerability scanning.

  • Monitor, log and review security incidents and ensure correct closure and future prevention.

  • Produce monthly reports to the Head of IT on progress of the external audit and general Information Security initiatives highlighting risks and issues and areas of improvement.

  • Drive security training and awareness campaigns.

  • The Information Security Consultant will not have any direct reports but will be required to work and organise personnel in the schedule of assessments and meetings related to the external cyber audit.

  • During Covid restrictions, the role will be home-based but as allowed there will be travel to the group's offices within the UK.

Skills, Knowledge and Experience:

  • Hold a recognised Information Security qualification (e.g.

    CISSP, CISM, CISA) and demonstrate strong capabilities in Information Security Compliance.

  • Experience of running an external cyber security audit/compliance process to achieve certification, e.g.

    NIST, NIS D, ISO27001, PCI DSS...

  • Demonstrable experience of applying Information Security controls and initiatives within an organisation.

  • A self-starter, keen to learn and be proactive in driving forward security for the benefit of the business.

  • Ability to write documentation for various audiences and ability to select appropriate document formats.

  • Ability to write, produce and deliver remediation action plans, including technical changes to environments including:

    • O365

    • Windows Server and Desktop

    • Virtual servers and hosting

    • Active Directory

    • L2 and L3 general networking and systems,

    • Network WAN and LAN routers and switches (mainly Cisco)

    • Firewalls (Cisco and Check Point)

    • Remote access technologies, e.g.

      VPN, RDP

    • Security systems/software/protocols - e.g.

      AV (365 and ESET), MFA, encryption, MDM, web filtering, spam filtering, ATP, device security etc.

    • Monitoring systems

    • 3rd party access systems

  • Knowledge and experience of risk management techniques.

  • Security Incident Management knowledge.

  • Security Training and Awareness experience.

  • Positive personal qualities including business focus, drive, professionalism, integrity and teamwork.

  • A proactive approach to problem management and personal development.

  • To be able to undergo the process of CTC clearance.

This is a 12-month Fixed Term contract that will probably move into a permanent tole.

The role is fully remote, but you must be prepared to travel to the business offices in the UK when required.

Please note that due to a high level of applications, we can only respond to applicants whose skills and qualifications are suitable for this position.

No terminology in this advert is intended to discriminate against any of the protected characteristics that fall under the Equality Act 2010.

Bowerford Associates Ltd is acting as an Employment Agency in relation to this vacancy.