Job Title

Information Security Lead

Purpose

A major part of this role will be completing security risk assessments on an on-going basis, so as to support new feature implementations and/or additional Consumer System on-boarding activities.

The Information Security Consultant will engage with both business and technical stakeholders, so as to ensure that the appropriate scope is defined and understood, and in line with agreed overarching security goals and requirements.

The role will also be responsible for identifying, describing and advising on the implementation of required controls, so as to mitigate the identified security risks.

Principal Duties and Responsibilities

Completing initial project and defining the associated risk-mitigation control requirements, including:

§  Identifying the requirements

§  Deciding on methodology to be followed

§  Describing the data processing involved.

§  Assessing necessity and proportionality of data processing.

§  Agreeing the risk categorisation and ratings that will be used.

§  Performing the risk assessment (i.e. identify and assess risks).

§  Categorising, ranking and recommending the development and/or implementation of appropriate risk-mitigation control measures, be they people / process / technology related (PPT).

§  Reviewing the outputs of the risk assessment with key stakeholders for formal agreement, sign-off and recording of outcomes.

-       Managing the implementation and/or integration of required controls back into project plan(s) and/or initiatives, based on the outcomes of both initial and on-going engagements.

-       Ownership for on-going review, so as to support new feature implementations and/or additional Consumer System on-boarding activities.

-       Throughout the process, consult individuals and other stakeholders as/when required.

Eligibility Criteria; Qualifications and/ or Experience

-       Minimum of 6 months experience in helping to deliver technical projects.

-       Minimum of 5 years working in security consulting roles.

-       Direct experience in, and/or knowledge of, all of the following:

§  Completing security risk assessments as part of large-scale IT programmes and projects.

§  Implementing security risk assessment and controls frameworks

§  Globally-recognised security standards

§  Data privacy legislation and information governance standards.

§  Extensive security architecture experience and knowledge.

-       Direct experience of two or more of the following:

§  Skilled in documenting solution and/or technical design.

§  Strong background in:

o   IT and information security.

o   General systems architecture and infrastructure design.

o   Software development and project lifecycle

o   Information Security Testing and Assessment

§  Systems and application security hardening to globally-recognised standards

§  PKI Models (in-house / hybrid / Cloud).

Desirable Skills, Competencies and/or Knowledge

-       Experience of managing relations with senior stakeholders including both internal and external entities.

-       Good working knowledge of information risk analysis and vulnerability life-cycle management.

-       Strong team player with excellent interpersonal, collaboration and communication skills.