My client is currently looking for IT Operational Security Consultant
The role will involve acting as focal point for any security breaches/investigations; preparing reports and noting follow up actions.
Reporting any significant security breaches; undertaking full investigation; recommending course of action in consultation with Head of IT Security.
Participating in the incident management process during any incidents and emergencies and undertaking the security role in the Major Incident Team
My client is looking for an innovative, free thinking, eminently capable security professional with demonstratable experience within operational security.
They are continuously expanding our cyber security capability and looking nurture the right people to establish a highly capable security team.
Functional/ Technical Skills
A sound working knowledge of security legislation affecting the security role such as GDPR, the Data Protection Act, Computer Misuse Act 1990 and the Fraud Act 2006.
In depth knowledge of security best practice, standards and guidance such as ISO/ICE 27001, The National Cyber Security Centre guidance, OWASP Top 10 and the Centre Internet Security Controls would be advantageous.
Able to demonstrate strong IT skills with a working knowledge of a range of infrastructure, networking cloud technologies and security concepts.
Experience of maintaining policies and procedures, drafting reports and preparing business cases.
Proven experience within the security industry and/or financial sector
A degree or recognised or security qualification such as SSCP, CISM or CISSP
Experience establishing business intelligence using Security Metrics, KPIs and KRIs.
Threat modelling knowledge
Cyber Security Risk Management
Building and maintaining strong relationships with all areas of the business, representing security in a positive manner as a business enabler.
Understanding the business to ensure that everyone has a good grasp of security awareness. Identify areas of improvement and address these with computer-based training, poster campaigns, and security bulletins to ensure an appropriate level of security awareness training is provided.
Staying in touch with the Service Desk team to ensure that rights allocated adhere to the 'principle of least privilege' and 'need to know', that new requests are dealt with and that security incidents are handled correctly.
Ensuring security enforcing controls are effective by working closely with the IT Operations team, these include asset discovery, vulnerability management, secure configuration, malware defences, data protection and data recovery.
Assessing, prioritising, and managing the deployment of updates to hardware, software, services and firmware through our change process.
Evidencing the effectiveness of security controls through reports using security metrics against KPIs and SLAs.
Assisting with audits, vulnerability and penetration testing and responding to security assessments, managing audit exceptions through to resolution.
Acting as focal point for any security breaches/investigations; preparing reports and noting follow up actions. Reporting any significant security breaches; undertaking full investigation; recommending course of action in consultation with Head of IT Security. Participating in the incident management process during any incidents and emergencies and undertaking the security role in the Major Incident Team.
Acting in an advisory manner to the rest of the business as an operational security subject matter expert.
Apply and promote Treating Customers Fairly (TCF) culture and principles, together with the organisation's behaviours and values.
Adhere to Company Diversity & Inclusion policy.