Information Security Consultant

Information Security Consultant required for market-leading financial services firm. The role will be centred on ensuring security is delivered into a wide range of projects. There will be a focus on working closely with DevOps teams and embedding security throughout a software development lifecycle.

Responsibilities

• Act as the main security point of contact & SME for required projects
• Manage security risk for the whole project lifecycle
• Perform security activities, including but not limited to, security design reviews, risk assessments, threat modelling, and vulnerability management and risk mitigation on internally & externally developed software
• Embedding security within DevOps (e.g. CI/CD pipelines), developing security requirements
• On-demand Security assessment of various components like Web apps, Containers, Platforms etc
• Reviewing security assessment reports and create a remediation pipelines
• Experience in web application security assessments like SAST, DAST etc.
• Act as the Security subject matter expert within Agile/waterfall project planning, development, and execution
• Obtain and review all required artefacts as part of the application security framework
• Drive security evaluation early in the cycles through iterative security testing
• Provide advisory services and direction to application development teams during development cycles
• Manage control exemptions/remediations identified through projects
• Advise on external regulatory requirements
• Provide metrics for relevant areas of responsibility when required

As an ideal candidate, you will have an industry certification such as CISSP/CISM/CRISC and have expert knowledge of project-based Information Security & DevSecOps. You will also have a proven track record of delivery in a similar role. Experience in financial services is highly advantageous.