The Information Security Consultant reports to the Information Security Manager within
the Information Technology team. The role holder will be an experienced information
security professional; strong technically; experienced in the procedural and people aspects
of information security; confident in communicating with highly technical with
non-technical individuals alike. They will be experienced in providing expertise on a
consultancy basis, leading independently or embedded within a project team; making
recommendations aligned to industry good practise; undertaking risk assessments and
audits; and delivering practical information security solutions - all to a high standard in a
highly dynamic environment, aligned with industry good practise.
KEY RESPONSIBILITIES
Provide expertise on all facets of information security within information technology and
the business as part of business-as-usual and within change programmes, either
independently or embedded within a project team. Undertake information security reviews
of technical designs and new business proposals, reporting findings and making
recommendations to key stakeholders. Undertake technical risk assessments reporting
findings and making recommendations. Undertake regular due diligence on third party security controls. Provide consultancy and develop policies and awareness training for
secure application development good practise. Managing information security related
projects and initiatives through to successful delivery, on time and within budget.
Undertake business-as-usual information security operational, monitoring and oversight
activities. Undertake information security incident investigations, gathering and analysing
data, writing up the findings and making recommendations. Develop and maintain policies
that deliver compliance with information security requirements. Developing and
maintaining information security processes and procedures. Manage vulnerability and
penetration tests conducted by internal and/or external resources Undertake regular
oversight of technical and administrative access controls.
SKILLS & EXPERIENCE
Knowledgeable and experienced in working in ISO27001 & PCI-DSS environments
Knowledgeable about the relevant data security legislation and FSA regulation.
Knowledgeable and experienced in the selection, definition, development and deployment
of security controls for a wide range of technologies including security infrastructure, end
user devices, databases, storage and applications architectures. Consultancy and analysis
skills. Strong Negotiation Skills. Risk Assessing - Business and Technical. Strong audit and
analytical skills. Defining and establishing segregation of duties requirements. Project
Management. Change Management. Policy and procedure writing. Impact Assessments.
Good written and verbal communication skills. Knowledgeable in the following
technologies: Firewall and IDS Technologies LAN / WAN / MAN / WLAN Technologies
Application Development Environments - SDLC Encryption / PKI Technology Microsoft
Technologies Relational Databases SIEM Systems
KEY COMPETENCIES
Definition Personal Ethics Act honourably, honestly, justly, responsibly, and legally, at all
times. Business Awareness Maintains a broad knowledge of the financial sector and the
market, understands the business environment and their role within it. Information
Systems Accepts personal responsibility for developing their information security
awareness and capability. Organisation & Planning Prioritises and plans to make the good
use of resources to deliver tasks within timescales. Organised and well structured.
Achievement and Drive Self motivated and able to work on own or as part of a team.
Passionate about information security. Embraces change. Decision Making Demonstrates
good judgement. Analyses, evaluates and interprets information to reach an effective
decision. Operational Knowledge Accepts personal responsibility for developing own
operational knowledge and skills to improve effectiveness. Customer Focus Consistently
delivers a high level of service and takes pride in meeting end users requirements.
Effective Communication Communicates effectively, clearly and appropriately by using a
range of styles to engage the required audience. Handles objections well and can adapt
arguments to be presented differently when challenged.
![]()
the Information Technology team. The role holder will be an experienced information
security professional; strong technically; experienced in the procedural and people aspects
of information security; confident in communicating with highly technical with
non-technical individuals alike. They will be experienced in providing expertise on a
consultancy basis, leading independently or embedded within a project team; making
recommendations aligned to industry good practise; undertaking risk assessments and
audits; and delivering practical information security solutions - all to a high standard in a
highly dynamic environment, aligned with industry good practise.
KEY RESPONSIBILITIES
Provide expertise on all facets of information security within information technology and
the business as part of business-as-usual and within change programmes, either
independently or embedded within a project team. Undertake information security reviews
of technical designs and new business proposals, reporting findings and making
recommendations to key stakeholders. Undertake technical risk assessments reporting
findings and making recommendations. Undertake regular due diligence on third party security controls. Provide consultancy and develop policies and awareness training for
secure application development good practise. Managing information security related
projects and initiatives through to successful delivery, on time and within budget.
Undertake business-as-usual information security operational, monitoring and oversight
activities. Undertake information security incident investigations, gathering and analysing
data, writing up the findings and making recommendations. Develop and maintain policies
that deliver compliance with information security requirements. Developing and
maintaining information security processes and procedures. Manage vulnerability and
penetration tests conducted by internal and/or external resources Undertake regular
oversight of technical and administrative access controls.
SKILLS & EXPERIENCE
Knowledgeable and experienced in working in ISO27001 & PCI-DSS environments
Knowledgeable about the relevant data security legislation and FSA regulation.
Knowledgeable and experienced in the selection, definition, development and deployment
of security controls for a wide range of technologies including security infrastructure, end
user devices, databases, storage and applications architectures. Consultancy and analysis
skills. Strong Negotiation Skills. Risk Assessing - Business and Technical. Strong audit and
analytical skills. Defining and establishing segregation of duties requirements. Project
Management. Change Management. Policy and procedure writing. Impact Assessments.
Good written and verbal communication skills. Knowledgeable in the following
technologies: Firewall and IDS Technologies LAN / WAN / MAN / WLAN Technologies
Application Development Environments - SDLC Encryption / PKI Technology Microsoft
Technologies Relational Databases SIEM Systems
KEY COMPETENCIES
Definition Personal Ethics Act honourably, honestly, justly, responsibly, and legally, at all
times. Business Awareness Maintains a broad knowledge of the financial sector and the
market, understands the business environment and their role within it. Information
Systems Accepts personal responsibility for developing their information security
awareness and capability. Organisation & Planning Prioritises and plans to make the good
use of resources to deliver tasks within timescales. Organised and well structured.
Achievement and Drive Self motivated and able to work on own or as part of a team.
Passionate about information security. Embraces change. Decision Making Demonstrates
good judgement. Analyses, evaluates and interprets information to reach an effective
decision. Operational Knowledge Accepts personal responsibility for developing own
operational knowledge and skills to improve effectiveness. Customer Focus Consistently
delivers a high level of service and takes pride in meeting end users requirements.
Effective Communication Communicates effectively, clearly and appropriately by using a
range of styles to engage the required audience. Handles objections well and can adapt
arguments to be presented differently when challenged.