Job Description

About the job
About Columbia Threadneedle Investments

You'll find the promise we make to our clients is the same one we make to our employees: Your success is our priority.

Here, you'll find growth and career opportunities across all our businesses. We're intentionally built to help you succeed. Our reach is expansive with a global team of 2,000 people working together. Our expertise is diverse with more than 450 investment professionals sharing global perspectives across all major asset classes and markets. Our clients have access to a broad array of investment strategies and we have the capability to create bespoke solutions matched to clients' specific requirements.

Columbia Threadneedle is a people business and we recognise that our success is due to our talented people, who bring diversity of thought, complementary skills and capabilities. We are committed to providing an inclusive workplace that supports the diversity of our employees and reflects our broader communities and client-base. We welcome applications from returners to the industry.

We appreciate that work-life balance is an important factor for many when considering their next move so please discuss any flexible working requirements directly with your recruiter.

Job Purpose Statement

Part of Ameriprise Technology, Asset Management Technology is a dynamic service-focused organisation dedicated to ensuring great outcomes for our partners in Columbia Threadneedle Investments. You will be part of the Chief Information Security Officer's organisation, working with a great team of multi-talented security professionals where you will be valued and rewarded for your skills and can develop yourself even further.

As an Information Security Consultant in our UK team you will focus on the European and Asian regions working alongside your colleagues based around the world. Every member of the team is expected to become an innovative and pragmatic information security specialist. You'll provide expert advice and guidance for technology projects as well as supporting the delivery of security capabilities. You will use your knowledge of emerging risks and best practices to ensure information security controls remain effective and appropriate.

You will work with the rest of the Technology team to ensure that our solutions meet both business and security goals.

Role Responsibilities

How you'll spend your time....

Develop security requirements for projects using your knowledge of policies, standards and industry best practices.
Review proposed technology solutions to ensure they meet security standards.
Use your expertise to provide advice and guidance to stakeholders
Work with security partners, both internal and external, to enhance our security programme

Key Capabilities

To be successful in this role you will have....

Information Security experience in an established security environment (in any industry)
A relevant industry certification such as CISSP, CISM or CRISC but strong experience could be an acceptable alternative
A broad range of technology experience (infrastructure, application, etc.) is mandatory
Experience working on projects
You must have a desire to develop skills in new and exciting areas of IT security.
Able to persuade and influence people
This is a security job, so sometimes you'll have to work under pressure and show flexibility to meet tight deadlines
Good communication skills
Capable of innovative problem-solving
Strong and resilient character - able to overcome resistance

Desired Capabilities

If you also had this, it would be great....

A continuous improvement mindset
Exposure to risk management methodologies and frameworks.
Experience in cloud platforms such as Microsoft Azure security architecture and AWS.

Quick response

Required Knowledge

• K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
• K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• K0003   Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• K0004   Knowledge of cybersecurity and privacy principles.
• K0005   Knowledge of cyber threats an`d vulnerabilities.
• K0276   Knowledge of security management.
• K0290   Knowledge of systems security testing and evaluation methods.

Required Skills

• S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• S0031   Skill in developing and applying security system access controls.
• S0141   Skill in assessing security systems designs.
• S0147   Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).

Required Abilities

• A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).