Information Security Risk Consultant - London
You'll provide expertise and assistance to ensure that infrastructure and information assets are sufficiently protected. Working with the Information Security team, the individual will perform risk assessment reviews to support the supplier due diligence process. The Information Security Risk Consultant will use initiative to select and advise on the appropriate methods necessary for risk remediation and continual risk monitoring.
- Participates with business team(s) to gather a full understanding of project scope and business requirements
- Assists in the development of processes and procedures pertaining to risk assessments, assessment finding mediation and assisting risk owners with remediation plans.
- Assesses business requirements against security concerns and articulates issues and potential risks to business stakeholders.
- Analyses third party processes and requirements to determine conformance to security policies and procedures.
- Works directly with the third parties and internal departments to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk.
- Creates, disseminates and updates documentation of identified information security risks and controls.
- Provides support in the creation of reports which articulate information security trends and vulnerabilities.
- Assesses threats and vulnerabilities regarding information assets and recommends the appropriate information security controls and measures.
- Manage and maintain the Information Security Risk Register
The ideal candidate will have diverse experience in the following areas:
- 5 + years Information Security experience
- Risk Management Background
- Supplier Security Assessments
- Experience with working within a control framework
- Knowledge of ISO 27000 series of standards, NIST Cybersecurity Framework, CIS Critical Security Controls.
- Effective interpersonal skills necessary to collaborate and influence all levels of personnel.
- Proficient verbal and written communication skills
- Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
- CRISC (Certified in Risk and Information Systems Control) or other risk-related certifications.