Job Description
Job Description
Hybrid working, very flexible but you should expect office visits for workshops and mandatory meetings - will be approximately 3/4 days a month. The client will not pay for those travel expenses and so being outside of a 2.5/3 hour commute to Cumbria would not make sense.
SME Bank is looking for an InfoSec Consultant to work on projects across the business, they have major digital transformation programmes in flight and are looking for someone that can help take those project leads through the InfoSec journey.
This would suit an analyst moving up and not a manager / "head of" looking sideways - because of the level of detailed of building the frameworks and audits from the ground up.
Mandatory Experience:
- 5 or more years in an Information Security role
- Financial Services experience.
- A formal qualification in an Information Security discipline e.g., CISM.
- Demonstrable projects experience - having been the SME on building out, from scratch, the necessary frameworks for Identify, Protect, Detect, Respond, and Recover in a project - guidance and non-functional requirements to ensure security is being built in by design.
- Demonstrable experience of ISO27001 audits, NIST audits - you will need to be able to discuss, with authority each level of these Audits with non technical business leads.
- A strong technical understanding and background of infrastructure and engineering security concepts and frameworks.
Job role
The Information Security Consultant will assist the Information Security Assurance Manager daily.
They are also responsible for assisting in the overseeing and control of all aspects of Information Security Management System, ensuring controls and assurance audits are in place to prevent/minimise threats such as security breaches, computer viruses or attacks by cyber criminals. As well as carrying out audit sin line with the assurance calendar.
They will also play a pivotal role in providing subject matter expertise to projects to ensure projects have security controls included by design.
You'll need in-depth knowledge of information security, with an excellent understanding of the technical side, having very good experience of compliance such as ISO27001, NIST, CBEST & CQUEST requirements.
- Engagement with projects to provide advice, guidance and non-functional requirements to ensure security is being built in by design.
- Support and execute all group-wide Assurance tasks, initiatives and assignments, including monitoring the assurance inbox and responding to queries.
- Assist in the ongoing program of information security assurance covering all aspects of ISO27001 and the controls set out in the bank.
- Support the management of the Information Security Management System on behalf of the bank and ensure compliance with its components.
- Assist in updating assurance owned documentation such as procedures and policies.
- Support the Information Security Assurance Manager in working with information security operations to maintain acceptable levels of control and risk throughout the bank.
- Carry out assurance reviews in line with the schedules calendar, producing reports, feedback and managing actions/non-conformities through to satisfactory conclusion.
- To assist in the maintenance of the Information Security (COO) Risks and Controls register and work closely with other information security colleagues and carry out actions to mitigate the risks identified.
- To keep up to date with security trends, threats and control measures and recommend new solutions and initiatives that will enhance the protection of the bank assets and data.
- To assist with assurance returns e.g., LINK, Code of Conduct, SWIFT etc.