Security Consultant - Technical project assurance
||Security Consultant - Technical project assurance
Security Consultant - Technical Project Assurance
My client, an international insurance provider based in Surrey are actively looking for a permanent security consultant to join their rapidly expanding security team to provide technical project assurance across all areas of the organisation. You will be working closely with a team of analysts and apprentices and may also have the opportunity to help to develop and mentor others in the wider team.
- Providing Information Security advice and consultancy to a wide range of stakeholders across business and IT, communicating complex technical subjects in simple language, and ensuring that information security risk is understood across the business. This includes:
- Ensuring threat and risk assessments are completed for change activities, and appropriate information security controls included within project requirements
- Engagement with project teams to review and provide advice and recommendations on requirements, solution designs, test plans and other change artefacts to ensure that they comply with security policies and standards,
- Ensure residual risks are identified, documented and managed through the information security risk management framework.
- Working closely with the Change and IT teams to embed and continually improve the information security development lifecycle.
- Developing relationships and influencing key business stakeholders.
- Working closely with our Architecture function to provide information security advice so that Architecture artefacts remain update to reflect emerging information security threats and trends. .
- Assisting with addressing questions from internal and external audit reviews conducted on and recommending remediation and corrective actions
- Assisting the team with compliance activities including Audits and Risk assessments against PCI DSS, ISO27001, Cyber Essentials and Group Information Security Framework Controls.
Skills & Experience The successful candidate must have the following skills/experience:
- Hands-on experience conducting security risk assessments and managing the follow up remediation activities
- Experience in reviewing technical architecture and design documentation and advising on related security aspects.
- Previous experience in an information security advisory capacity, interfacing with customers and ensuring consistency and accuracy of advice given
- Ability to understand business drivers and risk appetite and to align information security compliance accordingly
The successful candidate must be able to demonstrate the following competencies:
- Ability to translate technical subject matter into simple terms, to ensure that business stakeholder can make informed decisions on information security risk matters.
- A strong understanding of application security and systems development life cycle (SDLC), systems integration and enterprise architecture. Experience of Scaled Agile Transformation and Cloud technologies.
- Good understanding of Information Security and other IT governance frameworks, including ISO27001, PCI DSS, COBIT5
- CISSP, CISM, CEH