The Information Security Consultant reports to the Information Security Manager within the Information Technology team. The role holder will be an experienced information security professional; strong technically; experienced in the procedural and people aspects of information security; confident in communicating with highly technical with non-technical individuals alike. They will be experienced in providing expertise on a consultancy basis, leading independently or embedded within a project team. They will make recommendations aligned to industry good practise; undertake governance and assurance activities, risk assessments and audits; and provide information security consultancy - all to a high standard in a highly dynamic environment, aligned with industry good practise.
ESSENTIAL REQUIREMENTS:
Must have a breadth of information security experience, technical and non-technical - CISSP certified
Must be technically sound with a background in infrastructure and application security
Able to operate and a high/summary level when dealing with C level individuals giving focused updates in a timely fashion, and able to explain in detail to business or technical language
Able to review a business proposal and make recommendations Represent the function within project teams, being embedded in the team and providing the InfoSec expertise to the project from inception to closure
Preference is someone from a financial services background, or regulated background
KEY RESPONSIBILITIES
Provide expertise on all facets of information security within information technology and the business as part of business-as-usual and within change programmes, either independently or embedded within a project team. Undertake information security reviews of technical designs and new business proposals, reporting findings and making recommendations to key stakeholders. Undertake technical risk assessments reporting findings and making recommendations. Undertake regular due diligence on third party security controls. Provide consultancy and develop policies and awareness training for secure application development good practise. Review, develop and maintain relevant policies and procedures. Managing information security related projects and initiatives through to successful delivery, on time and within budget. Undertake business-as-usual information security operational, monitoring and oversight activities. Undertake information security incident investigations, gathering and analysing data, writing up the findings and making recommendations. Develop and maintain policies that deliver compliance with information security requirements. Developing and maintaining information security processes and procedures. Manage vulnerability and penetration tests conducted by internal and/or external resources Undertake regular oversight of technical and administrative access controls.
SKILLS & EXPERIENCE
Knowledgeable and experienced in working in ISO27001 & PCI-DSS environments Knowledgeable about the relevant data security legislation and FSA regulation. Knowledgeable and experienced in the selection, definition, development and deployment of security controls for a wide range of technologies including security infrastructure, end user devices, databases, storage and applications architectures. Consultancy and analysis skills. Strong Negotiation Skills. Risk Assessing - Business and Technical. Strong audit and analytical skills. Defining and establishing segregation of duties requirements. Project Management. Change Management. Policy and procedure writing. Impact Assessments. Good written and verbal communication skills. Knowledgeable in the following technologies: Firewall and IDS Technologies LAN / WAN / MAN / WLAN Technologies Application Development Environments - SDLC Encryption / PKI Technology Microsoft Technologies Relational Databases SIEM Systems![]()
ESSENTIAL REQUIREMENTS:
Must have a breadth of information security experience, technical and non-technical - CISSP certified
Must be technically sound with a background in infrastructure and application security
Able to operate and a high/summary level when dealing with C level individuals giving focused updates in a timely fashion, and able to explain in detail to business or technical language
Able to review a business proposal and make recommendations Represent the function within project teams, being embedded in the team and providing the InfoSec expertise to the project from inception to closure
Preference is someone from a financial services background, or regulated background
KEY RESPONSIBILITIES
Provide expertise on all facets of information security within information technology and the business as part of business-as-usual and within change programmes, either independently or embedded within a project team. Undertake information security reviews of technical designs and new business proposals, reporting findings and making recommendations to key stakeholders. Undertake technical risk assessments reporting findings and making recommendations. Undertake regular due diligence on third party security controls. Provide consultancy and develop policies and awareness training for secure application development good practise. Review, develop and maintain relevant policies and procedures. Managing information security related projects and initiatives through to successful delivery, on time and within budget. Undertake business-as-usual information security operational, monitoring and oversight activities. Undertake information security incident investigations, gathering and analysing data, writing up the findings and making recommendations. Develop and maintain policies that deliver compliance with information security requirements. Developing and maintaining information security processes and procedures. Manage vulnerability and penetration tests conducted by internal and/or external resources Undertake regular oversight of technical and administrative access controls.
SKILLS & EXPERIENCE
Knowledgeable and experienced in working in ISO27001 & PCI-DSS environments Knowledgeable about the relevant data security legislation and FSA regulation. Knowledgeable and experienced in the selection, definition, development and deployment of security controls for a wide range of technologies including security infrastructure, end user devices, databases, storage and applications architectures. Consultancy and analysis skills. Strong Negotiation Skills. Risk Assessing - Business and Technical. Strong audit and analytical skills. Defining and establishing segregation of duties requirements. Project Management. Change Management. Policy and procedure writing. Impact Assessments. Good written and verbal communication skills. Knowledgeable in the following technologies: Firewall and IDS Technologies LAN / WAN / MAN / WLAN Technologies Application Development Environments - SDLC Encryption / PKI Technology Microsoft Technologies Relational Databases SIEM Systems