Information Security Consultant

Technical Information Security Consultant required for global IT Infrastructure Service Provider. The role will be centred on understanding the client’s cyber risks, understand policies, and provide consultation on mitigation and remediation plans. This includes technical areas such as security tooling.

 

Your Role and Responsibilities

• As a Security Consultant on our team, you’ll use your experience to work with various customers to discover their cyber risks, understand policies, and provide consultation on mitigation and remediation plans.  This individual will be responsible for ensuring risks are captured correctly in various tools and ensuring they are closed in the remediation timeline based on company policy.
• The Security Consultant should be able to review technical, environmental, and personnel details from engineers and subject matter experts to assess the entire threat landscape.
• This individual should be able to build strong relationships and partner closely with security and technology partners across the customer organisation.
• The Security Consultant will assist in developing internal processes to increase team efficiencies and continually mature operations.

Required Technical and Professional Expertise

• Responsible for managing risks related to the use of processing, storing, or transmitting information to reduce or eliminate impact, integrity, or availability of information and information systems.
• Responsible for meeting both regulatory and non-regulatory compliance demands.
• May be responsible for management and enforcement of information security policies, training and educating end-users on proper security practices, conducting security and risk assessments using security frameworks (e.g., NIST, RMF, Common Criteria, etc.), mitigating risk via security controls, testing and evaluation to certify and accredit commercial security products, ensuring privacy of data throughout its life-cycle, vulnerability management (scanning, assessment, reporting, and mitigation verification), business continuity and disaster recovery.
• One or more security certification, e.g.CISSP, CISM, CISA, CASP+, CCSP or CCSK

Preferred Technical and Professional Experience

• Understanding and application of NIST Control Framework, Critical Security Controls, and other related regulatory and compliance frameworks.
• Past experience in assisting stakeholders in quantifying risks and developing mitigation and remediation strategies.
• Able to lead projects from start to finish and work independently.
• Experience with Enterprise Security Tooling, such as SIEM, Network Forensics, Network and Host Intrusion Prevention, PKI, Endpoint Detection and Response, Data Lost Prevention Tools/methods

As an ideal candidate, you will have an industry certification such as CISSP, CISM, CISA, CASP+, CCSP or CCSK and have expert knowledge of technical (security tooling) based Information Security Assurance. You will also have a proven track record of delivery in a similar role.