Senior Security Consultant
£80k + Benefits
The Senior Security Consultant will be responsible for Information Security, risk and asset owner of the client’s platform. This forms a key role in the day-to-day contact with the organisation from a security perspective of the service delivery of the company’s client and shared platforms.
The person fulfilling the role will be required to be articulate, technically aware from a security point of view and able to converse in the correct terms and at the right level with client security personnel as well as business owners, stakeholders and the security team.
Ensuring that the Information Assurance levels for the service are maintained at all times across the physical, technical, personnel and procedural aspects of the service delivery. Whilst the role will have responsibility for this it does not necessarily mean that the individual will perform all of these functions. Other personnel may be responsible for delivering some aspects of these functions but the role will have overall ownership.
- Maintaining awareness of any changes in the standards, compliance and governance that might affect the systems overall Information Assurance levels
- Maintaining awareness requirements for compliance with the client contract for the service
- Ensuring that any new or arising threats to the service are dealt with in a pragmatic and effective way to maintain the existing assurance levels in terms of confidentiality, integrity and availability
- Maintaining an awareness and having evidence of access controls employed in the service at the physical and logical layers
- Ensuring new personnel or 3rd parties are appropriately briefed on the security aspects of the service
- Ensure that IT Health Checks (ITHC’s) are carried out and reports are maintained in a secure manner for audit purposes
- Ensure that Vulnerability Scans are carried out and reports are maintained in a secure manner for audit purposes
- Be the primary point of contact with the customer for all security incidents
As risk and asset owner, responsibilities include:
- Understand what information is being held, who has access to it and why, in order to properly understand the risks
- Ensuring that assets are inventoried
- Ensuring that assets are appropriately classified and protected
- Define and periodically review access restrictions and classifications to important assets, taking into account applicable access control policies
- Ensure proper handling when the asset is deleted or destroyed.
- As a minimum annually review the security plan and update accordingly
- Suggest improvements in measuring the effectiveness of controls
- Ensure that Anti-Virus and other malware preventative measures are maintained on the service
- Assess and advise on security implications for client change requests
- Liaise with company group standards and compliance team and the company portfolio team regarding general security improvement requirements
- Report any defects of the service that have an impact on the Information Assurance of the service and make recommendations for improvement.
- Process, analyse & provide monthly reports to Risk and Compliance of the Information Assurance status of the service.
- Own and maintain the Corrective/Remediation Action Plan(s) that come out of Security Incidents and ensure actions are remediated in a timely manner
- Take ownership of and be responsible for any remedial actions following a security breach
- Ensure the resilience of the service through backups, and maintain an effective and tested BCP and DR Plans.
- Ensure security risk assessments are completed for each individual or group of assets, reviewed at least annually
- Ensure assets are inventoried, appropriately classified and protected and risk assessed
- Maintain a log of all security related matters in a secure manner
- Maintain the Security Plan for the service to ensure it reflects the most up-to-date security control measures and processes
- Be responsible for ensuring that any patches are applied in accordance with the Vulnerability and patch management process
- Security incidents are mitigated and communicated to customers within agreed SLA’s
The right candidate for this role will need to be/have the following:
- Collaborative mind-set
- Customer focused
- Flexible and adaptable
- Results driven
- Professional competency
- Commercial Acumen
- Strong communication skills
- Consulting and advisory skills
- Influencing and negotiation skills
- Relationship management experience
- Stakeholder management experience
- Research and analysis skills
Hold CISM Certification or CCP SIRA (Practitioner) Certification.
Must be SC cleared or SC clearable.
If you are interested in this position then please get in touch with Jonny Duggan on 01908 886 038 or email firstname.lastname@example.org.