Information Security Consultant

Information Security Consultant

Permanent

Reading/Hybrid - 2 days per week on-site

This role is responsible for providing subject matter expertise and guidance to Business teams and Partners that own the day to day management and safeguarding of customer information and protection of physical/logical assets of the company.

Responsibilities

• Actively represent the Security Organisation by developing and maintaining relationships with business stakeholders and partners to ensure security is considered throughout the lifecycle of projects from conception to operation
• Collaborate closely with architects, designers, engineers, and other cross-functional team members within the organisation to ensure that our solutions are built to the highest security standards.
• Communicates information security risks and issues to business managers and others
• Applies and maintains specific security controls as required by organisational policy and local risk assessments
• Supports with the effective governance of external partners and internal teams to deliver and assure Security Operations services to the business
• Maintain an in-depth knowledge of industry standards relevant to the role.
• Maintain a broad understanding of security products, an understanding of their architectural principles and integration capabilities

Experience

• Must have at least 5 years' experience working in Information Security.
• Must have a mix of security consulting, and professional services experience
• Must be well versed in security policies & standards, governance, compliance, risk management and security audit practices
• Experience with using common information security management frameworks, such as NIST, PCI, GDPR, ISO Series, OWASPp the IT Infrastructure Library (ITIL), the ISF Standards of Good Practice (SoGP) and ISACA's Control Objectives for Information and related Technology (COBIT) frameworks.
• Proven expertise and experience in one or more of the following domains: o Information assurance & cyber security

1. Data protection
2. Business continuity
3. IT service continuity
4. Information risk management

• Proven expertise in one or more of the following technical disciplines:

1. Cyber Security
2. Identity & access management
3. Cloud security
4. Data centre security services

• Must have good skills of incident reporting and stakeholder management.
• Must have experience in creating and documenting processes (processes, procedures, playbooks etc).
• Must have experience working at pace within a complex operational environment / large enterprise network.
• Security related certifications are desirable, particularly blue team certs such as SANS / GIAC.
• Experience of improving the maturity level of security controls in line with industry best practice and standards.

Project People is acting as an Employment Agency in relation to this vacancy.