Information Security and Risk Consultant

Information Security and Risk Consultant - Leeds

My financial services client are looking for an Information Security and Risk Consultant.

Role Responsibilities:

• Collaborate with stakeholders to identify, assess and treat internal and third party information risks; tracking the risks and the associated controls.
• Manage, develop, and maintain the information risk register, information asset register, and support continuous improvement and maturation of information security risk management processes
• Manage and mentor Lead Information Security and Risk Analysts
• Provide advisory support to business function and IT teams in understanding risk and security considerations of business operations, new projects, and third party suppliers.
• Ensure that the security requirements for new and change business projects are defined, based on the assessment of risk within the framework provided by Group Policy
• Assist IT teams in defining and executing action plans to implement controls
• Monitor compliance with the agreed controls on a regular basis
• Manage and maintain reporting of control / compliance progress
• Support internal and external audits to ensure their success.
• Contribute to the definition and maintenance of a practical and comprehensive Risk Assessment methodology, with supporting tools where appropriate
• Control and manage assurance monitoring and tracking, including the retention of adequate records.
• Schedule information risk and compliance audits, review the outcomes audit process; direct compliance issues to appropriate resources for investigation and resolution
• Ensuring IT and Information Security risks are captured and articulated
• Ensuring that appropriate controls assurance, compliance and reporting activities are conducted to enable effective identification and management of related issues and exceptions
• Ensuring reviews of IT and information risk controls are undertaken, oversee related remedial activities and make recommendations to management in order to make IT and information security controls more robust
• Additionally provide input into regulatory and governance returns, input into audit activities and management of resulting actions

Skills/ Competencies Required:

• Risk Management Framework experience (IRAM, CRAM etc.)
• Experience of Policy and Standards writing and management
• Knowledge of security related products, Information Security Management Systems and security / risk strategies
• Proven information security and cloud based systems risk management experience.
• Experience of security controls both within cloud environments and on premise.
• Experience in the following areas: Information Security, IT Audit, supplier security assessments, working within a control framework
• Strong knowledge of ISO series of standards, PCI DSS and GDPR
• Knowledge of Cybersecurity Frameworks such as CIS Critical Security Controls, OWASP, Cloud Security Alliance etc.
• Good knowledge and understanding of software development lifecycle and its implications on BAU service.
• Have excellent relationship management skills and able to influence business and IT stakeholders.
• Experience of working within a complex and dynamic business environments.
• Critical thinking skills with strong attention to detail and follow up.
• High degree of professionalism and personal integrity.
• Ability to work with a high degree of independence.
• Excellent documentation skills (process, control, policy, and risk documentation)
• Proven experience implementing and delivering discipline in controls, in an organised manner.
• Ability to learn quickly and apply risk/control considerations, whilst being mindful of business process impact.