Information Security Consultant

Information Security Consultant required leading financial services firm. The role will be focused on providing security project reviews. As the Security Project Assurance Consultant, you will be the Subject Matter Expert (SME) and point of contact for Cyber & Information Security assurance in projects and Business as Usual (BAU) activities within the client. This role is fully remote.

Responsibilities:

General

• Owns, maintains, and has responsibility for making updates to the documentation, as well as the implementation of the policy and procedure.
• Develops policies and procedures within their subject area, where required.
• Coordinates engagement with the business and suppliers where there are new projects and BAU changes that have a security impact. Remit of engagement expands to all facets of the business including IT, IT Engineering, third-party, software development life cycle (SDLC), information system acquisitions, product development, physical & personnel security.
• Will develop and implement cloud security principles and ensure compliance for cloud initiatives.
• Will provide oversight and guidance for information security testing for projects and BAU activities.
• Organises Information Security Project resources where demand dictates.
• Owns and manages the Project Trackers and updates risk register and treatment plans.

Security Consultancy

• Provides security consultancy to projects and ad-hoc queries from the business.

 Business Partnering

• Promotes the requirement for early engagement with the GSO for project and BAU changes.
• Engages with, assists internal and external business stakeholders to resolve matters within subject area/s
• Establishes working partnership with other client functions e.g. Business Partnering, Applications, Infrastructure, software, and product development and is aware of pipeline for project and BAU work, that requires GSO Project Assurance activities.

Project Engagement

• Works with client project teams to deliver secure business solutions that enable and meet business objectives.

 Software Development Life Cycle

• Engages with any client programmes for systems acquisitions.

 Security Testing

• Provides advice and guidance on security testing requirements, Works with project / BAU stakeholders to organise testing including assisting in the development of testing scope, Reviews test reports, provides advice on remediation actions. Notifies the Vulnerability Manager

As an ideal candidate, you will have an industry certification such as CISSP/CISM/CRISC and have expert knowledge of project-based Information Security. You will also have a proven track record of delivery in a similar role. Experience in Financial Services is preferable but not essential.