Information Security and Risk Consultant - Leeds
My financial services client are looking for an Information Security and Risk Consultant.
- Collaborate with stakeholders to identify, assess and treat internal and third party information risks; tracking the risks and the associated controls.
- Manage, develop, and maintain the information risk register, information asset register, and support continuous improvement and maturation of information security risk management processes
- Manage and mentor Lead Information Security and Risk Analysts
- Provide advisory support to business function and IT teams in understanding risk and security considerations of business operations, new projects, and third party suppliers.
- Ensure that the security requirements for new and change business projects are defined, based on the assessment of risk within the framework provided by Group Policy
- Assist IT teams in defining and executing action plans to implement controls
- Monitor compliance with the agreed controls on a regular basis
- Manage and maintain reporting of control / compliance progress
- Support internal and external audits to ensure their success.
- Contribute to the definition and maintenance of a practical and comprehensive Risk Assessment methodology, with supporting tools where appropriate
- Control and manage assurance monitoring and tracking, including the retention of adequate records.
- Schedule information risk and compliance audits, review the outcomes audit process; direct compliance issues to appropriate resources for investigation and resolution
- Ensuring IT and Information Security risks are captured and articulated
- Ensuring that appropriate controls assurance, compliance and reporting activities are conducted to enable effective identification and management of related issues and exceptions
- Ensuring reviews of IT and information risk controls are undertaken, oversee related remedial activities and make recommendations to management in order to make IT and information security controls more robust
- Additionally provide input into regulatory and governance returns, input into audit activities and management of resulting actions
Skills/ Competencies Required:
- Risk Management Framework experience (IRAM, CRAM etc.)
- Experience of Policy and Standards writing and management
- Knowledge of security related products, Information Security Management Systems and security / risk strategies
- Proven information security and cloud based systems risk management experience.
- Experience of security controls both within cloud environments and on premise.
- Experience in the following areas: Information Security, IT Audit, supplier security assessments, working within a control framework
- Strong knowledge of ISO series of standards, PCI DSS and GDPR
- Knowledge of Cybersecurity Frameworks such as CIS Critical Security Controls, OWASP, Cloud Security Alliance etc.
- Good knowledge and understanding of software development lifecycle and its implications on BAU service.
- Have excellent relationship management skills and able to influence business and IT stakeholders.
- Experience of working within a complex and dynamic business environments.
- Critical thinking skills with strong attention to detail and follow up.
- High degree of professionalism and personal integrity.
- Ability to work with a high degree of independence.
- Excellent documentation skills (process, control, policy, and risk documentation)
- Proven experience implementing and delivering discipline in controls, in an organised manner.
- Ability to learn quickly and apply risk/control considerations, whilst being mindful of business process impact.