A leading Financial Regulator is looking for a Security and Information Assurance Consultant to join their Cyber and Information Resilience Team. This is a new department that has been formed to respond to the growing threat from cyber security and the organisation's increasing reliance on the data in order to effectively regulate of the financial sector and ensure that relevant markets function well. The team brings together the disciplines of cyber and information security, information management and privacy.
Simply put, the objectives of the department are:-
- ensuring that information is readily available to those with legitimate need;
- ensuring that information is protected from those that don't; and
- ensuring that information can be trusted and has demonstrable integrity.
The department is led by the Chief Information Security Officer, who is a direct report to the Chief Operating Officer.
What does this job involve?
- Supporting the design and operation of the new security assurance framework
- Overseeing the running and improvements of the security assessment & assurance activities
- Development of security assurance procedures and controls
- Planning and execution of remediation activity, working with relevant BAU teams as appropriate to ensure successful and timely completion of agreed actions
- Tracking and planning of vulnerability and compliance remediation
- Perform supplier assurance reviews (inc process and systems)
- Solid awareness of cyber and information security threats and their mitigations
- Monitoring compliance with policy and standards, particularly ISO 27001/NIST
- Develop assurance process of Tech Ops Security Operations and SOC
- Overseeing security due diligence against 3rd party suppliers ensuring findings are addressed with relevant stakeholders
- Operation of the pen testing process
- Firewall and proxy rule reviews
- Identifying new system and information assurance tools and controls
- Develop a dashboard/process to monitor core business information repositories content and classification
- SME input into a metadata taxonomy framework, in conjunction with an enterprise search facility
- Develop Information and data privacy assurance end to end business processes
- Auditing the business' information governance processes
- Ensuring the business meets Government information and data privacy assurance requirements
- Execution of Data Protection Health Checks
Which minimum, essential & desirable skills are required?
We're a signatory to the Government's Disability Confident scheme. This means that we guarantee an interview to any disabled candidates entering under the scheme, should they meet the minimum criteria for a role.
- Proven experience of leading security or information assurance teams and operating Information Security/Assurance Frameworks and Services.
- Strong Risk Management practices and application in a global or large corporate organisation.
- Experience in the security assessment and information assurance space
- Strong hands-on involvement in the delivery and execution of more than one of the areas listed in the job description key responsibilities
- Ability to plan strategically, arrange and consolidate resources in order to deliver assurance services to achieve CIR assurance objectives
- A technical qualification/professional certification e.g. CISSP, CISM, CISA, CCSP
- Stakeholder management experience at all levels
- Knowledge/familiarity with Skybox and/or Qualys
- Proven experience in ISO 27001 and/or NIST
- Experience of leading supplier security assurance programmes.
- Knowledge of security technologies including: Firewall, IDS/IPS/HIDS, Anti-Virus, Vulnerability Scanning
- Strong experience of managing penetration test vendors and other specialist suppliers of assurance services.
- Good understanding of Unix and Windows
- Knowledge and experience of writing technical reports, documentation, policies and standards accurately and to designated timescales
- Experience of leading companies through successful ISO 27001 accreditation, or similar. Strong experience of managing penetration test vendors and other specialist suppliers of assurance services
- Understanding of Information Management principles
- Knowledge of data privacy regulation, including the new EU General Data Protection Regulations.
- Professional IT Accreditations (CISM, CISA, CISSP, M Inst ISP).
- A recognised qualification in Information Management
- Significant experience of operating with highly confidential and business sensitive information
- Analytical, thorough and methodical.