Information Security Consultant

Information Security Conultlant - London - Hybrid

We are looking for an Information Security Consultant to join its Assurance team. The role will report to the Information Security Manager and sits within the Group's central Assurance function. The Information Security Consultant will be responsible for assisting the Information Security Manager in delivering key security initiatives and providing guidance & recommendations during key project delivery for our internal and external clients.

Key responsibilities

• Support the Information Security Manager and CISO in the execution of their duties
• Provide Information Security Consultancy services for a wide range projects and initiatives to ensure our products, services, platforms and information assets are secure and cyber resilient.
• Provide consultancy during M&A activities including pre-deal due diligence and post-deal integration.
• Identify cyber risk within existing business and new business and taking ownership for remediation activities with direction and support from the Information Security Manager.
• Assist CTI in maintaining certifications (ISO 27001), implementation of ISO 27001 across the entire CT business.
• Assist the organisation in adhering to regulatory requirements (GDPR etc)
• Support the Information Security Manager and Security Operations during all security related incidents
• Actively supporting the development of Security Maturity Models, Security Reference Architectures, and Roadmaps
• Conduct due diligence on potential partners, M&A's, 4th Parties and new solutions
• Working with peers and collaborating more broadly across the organisation to enhance outcomes and expedite results
• Providing clear, organised findings, and recommendations, and tracking progress towards resolution and risk mitigation.
• Producing detailed, high-quality presentations and reports for technical and non-technical audiences
• Providing regular status reports on all assigned projects and activities
• Working semi-independently, undertaking information security engagements including working co-ordination and project management (client interaction, deliverables, work plans, escalations, etc.)
• Maintain awareness of developments in the information security industry
• Identify security control gaps and provide recommendation, implement solutions, and track the progress.
• Act as security representative at the Change Advisory Board

Person specification

• Proven experience in building and assessing secure solutions encompassing people, process, technology, and environment
• Experience in threat modelling activities in an enterprise environment.
• Good working knowledge of technical security and enterprise architecture
• Operational knowledge of common security frameworks and standards.
• Well-developed analytic, qualitative, and quantitative reasoning skills and demonstrated creative problem-solving abilities.
• Strong work ethic and motivation
• Excellent verbal and written communication and presentation skills.
• Stakeholder management and influencing skills.
• Experience of MSSP SOC
• Incident Detection/Response experience
• Experience working with a SIEM solution
• Exposure to SIEM & Vulnerability management solutions
• Cloud security, Microsoft Security Centre, O365 E5, and AIP
• Strong Active Directory experience
• Securing Windows environments (desktop/server)
• Strong knowledge of network security within a corporate environment
• Experience working in an ITIL environment
• Project management and communications skills
• 5+ years of professional experience
• Strong professional expertise in information security, must have the ability to thoroughly understand complex principles and apply them practically. Comfortably present security concepts or findings to both highly technical and entirely non-technical audiences.
• Technical certifications relevant to Cybersecurity
• One or more of the following professional qualifications, e.g. CISSP, CRISC, CISA, CISM
• Technical solutions experience within insurance or a financial services environment
• Additional language skills, e.g., Spanish
• ITIL certification or experience of working within an ITIL-oriented organisation.