Purpose of Role
The IT Security Consultant is apart of the wider IT strategy and architect division. The IT Security Consultant is accountable for the development of security architecture and strategy, as well as high level security designs where the solution is new or technology is complex. Provides security solution assurance and approval.
Key Accountabilities
Strategy
* Ensuring projects are aligned to the IT Security strategy, technology roadmaps and standards.
* Where new strategy and standards are required, the role will be required to drive those strategies, define supporting standards and documenting operational procedures. Each of these will be required to follow internal governance processes for approval.
Project engagement
* Having the ability to multi-task when working on a variety of different projects across the IT change portfolio and being able to prioritise workload.
* Using the risk assessments methodology to provide expert advice and guidance and being recognised as an IT security expert across the group.
* Accountable for the documentation of the security risk assessments to identify any issues or risks that need to be articulated to senior management for remediation and/or to follow formal risk acceptance governance processes.
* Designing new controls to be implemented internal teams or third parties.
* Working with the IT solutions team to detail the security design into project templates.
* Manage on behalf of the project any penetration testing needs, engaging with the IT Security operations functions and IT to remediate any risks/issues identified before go-live.
* Working from the IT Security standards, developing processes and configuration documents to be followed by IT operations and/or third party suppliers.
* Develop and maintain standards for security management, interpret security policies and contribute to development of compliant IT standards and guidelines
* Provide technical leadership on security technology and regulation and define the principles and standards that guide security decisions for the enterprise
* Undertake technology evaluations (including creating the Architecture Assessment) and provide recommendations for the security aspects of new applications
Risk & Control
* Interpreting the Information Security policy and aliasing with the second line teams to ensure solutions are delivered securely
* Support deliveries with robust risk assessment/mitigation, and ensure that they align to the appropriate technology change framework and that solutions meet the relevant operating principles, in order to protect the Business, whilst continuing to deliver change
Stakeholder Management
* Maintain relationships with IT Business Solutions, Development Services and Infrastructure Services, and the policy owners.
* Engagement with the business to highlight risks to ensure they are making informed decisions around technology and implementation choices.
Additional Technical Knowledge and Experience
* Knowledge of regulatory, and legal frameworks e.g. FSA, Data Projection etc
* In-depth knowledge of technical security controls and techniques, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL)
* Proficient in performing risk, business impact, control and vulnerability assessments
* Strong understanding of security issues, and experience of the solution delivery lifecycle including typical problems associated with security, from initial concept through build and implementation to operation and support
* Experience of implementing and assuring security for business functions and divisions
* Acknowledged technical leadership for security
* Experience of ownership and management of the technical relationship with strategic suppliers
* Experience with the implementation of security standards and solutions for major business including the validation and assurance of all solutions and proven reuse
Job level: M1
Possibility of flexible working? - No
Possibility of part-time working? - No
Career benefits and rewards
It all starts with a competitive salary, benchmarked against our competitors, which will grow as you do. We’ve made sure your annual holiday entitlement is attractive too - and what’s more, we let you choose the rewards that suit your lifestyle.
That kind of flexibility is a key feature of our benefits package. And there’s plenty to choose from, including:
* Pension funding of 9% of your base salary - you can choose to contribute less or more than this
* Income protection
* Life assurance
* Private medical cover (anyone can choose this through our flexible benefits scheme, and managers receive this as standard)
![]()
The IT Security Consultant is apart of the wider IT strategy and architect division. The IT Security Consultant is accountable for the development of security architecture and strategy, as well as high level security designs where the solution is new or technology is complex. Provides security solution assurance and approval.
Key Accountabilities
Strategy
* Ensuring projects are aligned to the IT Security strategy, technology roadmaps and standards.
* Where new strategy and standards are required, the role will be required to drive those strategies, define supporting standards and documenting operational procedures. Each of these will be required to follow internal governance processes for approval.
Project engagement
* Having the ability to multi-task when working on a variety of different projects across the IT change portfolio and being able to prioritise workload.
* Using the risk assessments methodology to provide expert advice and guidance and being recognised as an IT security expert across the group.
* Accountable for the documentation of the security risk assessments to identify any issues or risks that need to be articulated to senior management for remediation and/or to follow formal risk acceptance governance processes.
* Designing new controls to be implemented internal teams or third parties.
* Working with the IT solutions team to detail the security design into project templates.
* Manage on behalf of the project any penetration testing needs, engaging with the IT Security operations functions and IT to remediate any risks/issues identified before go-live.
* Working from the IT Security standards, developing processes and configuration documents to be followed by IT operations and/or third party suppliers.
* Develop and maintain standards for security management, interpret security policies and contribute to development of compliant IT standards and guidelines
* Provide technical leadership on security technology and regulation and define the principles and standards that guide security decisions for the enterprise
* Undertake technology evaluations (including creating the Architecture Assessment) and provide recommendations for the security aspects of new applications
Risk & Control
* Interpreting the Information Security policy and aliasing with the second line teams to ensure solutions are delivered securely
* Support deliveries with robust risk assessment/mitigation, and ensure that they align to the appropriate technology change framework and that solutions meet the relevant operating principles, in order to protect the Business, whilst continuing to deliver change
Stakeholder Management
* Maintain relationships with IT Business Solutions, Development Services and Infrastructure Services, and the policy owners.
* Engagement with the business to highlight risks to ensure they are making informed decisions around technology and implementation choices.
Additional Technical Knowledge and Experience
* Knowledge of regulatory, and legal frameworks e.g. FSA, Data Projection etc
* In-depth knowledge of technical security controls and techniques, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL)
* Proficient in performing risk, business impact, control and vulnerability assessments
* Strong understanding of security issues, and experience of the solution delivery lifecycle including typical problems associated with security, from initial concept through build and implementation to operation and support
* Experience of implementing and assuring security for business functions and divisions
* Acknowledged technical leadership for security
* Experience of ownership and management of the technical relationship with strategic suppliers
* Experience with the implementation of security standards and solutions for major business including the validation and assurance of all solutions and proven reuse
Job level: M1
Possibility of flexible working? - No
Possibility of part-time working? - No
Career benefits and rewards
It all starts with a competitive salary, benchmarked against our competitors, which will grow as you do. We’ve made sure your annual holiday entitlement is attractive too - and what’s more, we let you choose the rewards that suit your lifestyle.
That kind of flexibility is a key feature of our benefits package. And there’s plenty to choose from, including:
* Pension funding of 9% of your base salary - you can choose to contribute less or more than this
* Income protection
* Life assurance
* Private medical cover (anyone can choose this through our flexible benefits scheme, and managers receive this as standard)