Job Description

Senior Information Security Consultant Salary - £60-75,000 + Bonus + Benefits Location – London (Hybrid / Remote working available) One of the fastest growing Information Security & Privacy SaaS providers in Europe are looking for a Senior Information Security Consultant (GRC) to help build out their growing Information Security Governance, Risk and Compliance (GRC) consulting offering. The client have grown exponentially over the past 5 years and are now in ‘Scale-Up’ mode, looking to build on their sustained commercial success and expand their Information Security Consulting offering, helping clients to build out their ISMS capabilities in line with Information Security Governance standards and frameworks – namely ISO27001. This position would suit an experienced Information Security Consultant with a breadth of knowledge across multiple cyber security disciplines and extensive knowledge of Information Security Governance standards and frameworks, particularly those with knowledge of ISO27001 implementation. Responsibilities Lead on all Information Security Governance consulting engagements, ensuring relevant security controls are in place against recognized security frameworks – ISO27001 in particular. Provide clients with expertise across a wide range of information security topics covering the audit, assessment, design and implementation of various security solutions. Work with clients to scope out their requirements and translate technical concepts into business risks. Requirements In-depth knowledge of Information Security Governance and Control Standards – ISO27001 in particular Proven experience liaising with senior stakeholders and translating technical concepts into business risks. Previous experience working as an Information/Cyber Security Consultant within a Management Consultancy / Professional Services firm. Broad knowledge across different Information and Cyber Security disciplines (Vulnerability Management, Security Architecture, Incident Response, IAM, Security Operations, etc) This is an incredible opportunity for an experienced Senior Information Security Consultant (GRC) to join an established but growing consultancy with a start-up mentality and build an Information Security practice underneath you.

Quick response

Required Knowledge

• K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
• K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• K0004   Knowledge of cybersecurity and privacy principles.
• K0005   Knowledge of cyber threats an`d vulnerabilities.
• K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
• K0048   Knowledge of Risk Management Framework (RMF) requirements.
• K0054   Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
• K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
• K0260   Knowledge of Personally Identifiable Information (PII) data security standards.
• K0261   Knowledge of Payment Card Industry (PCI) data security standards.
• K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
• K0154   Knowledge of supply chain risk management standards, processes, and practices.
• K0202   Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).
• K0263   Knowledge of information technology (IT) risk management policies, requirements, and procedures.
• K0043   Knowledge of industry-standard and organizationally accepted analysis principles and methods.
• K0200   Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
• K0288   Knowledge of industry standard security models.
• K0087   Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.

Required Skills

• S0141   Skill in assessing security systems designs.
• S0147   Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
• S0171   Skill in performing impact/risk assessments.
• S0271   Skill in reviewing and editing assessment products.

Required Abilities

• A0069  Ability to apply collaborative skills and strategies.
• A0082  Ability to effectively collaborate via virtual teams.
• A0083  Ability to evaluate information for reliability, validity, and relevance.
• A0096  Ability to interpret and understand complex and rapidly evolving concepts.
• A0112  Ability to monitor advancements in information privacy technologies to ensure organizational adaptation and compliance.