Information Security and Cyber Risk Consultant - remote - FS

This job has now expired please search on the home page to find live IT Jobs.

This is a great opportunity to join a busy team providing Line 2 Information Security and Cyber Risk oversight and assurance capability. Challenge of the IT/EUC Policy, Controls and Security Standards covering IT, Information Security and Cyber risk.Client DetailsMy client is a leading provider of pensions and life savings. After a recent acquisition, the organisation is moving through a period of growth and has created two new positions within the Information Security team. DescriptionInformation Security and Cyber Risk Consultant - remote - FS Key Responsibilities Support the Information Security & Cyber Risk Manager in the execution of their duties and appropriately represent them within the business in providing effective guidance, challenge, assurance and oversight Report and deliver Information Security & Cyber risk assurance/review activity consulting with management to formulate and agree effective solutions to any identified shortfalls Provide input to the continuous development and improvement of the risk review methodology and approach IT, Information Security and Cyber Risk oversight of the Group through the attendance of meetings and engagement with subject matter experts Produce quality management information and reporting Provide risk-based, accurate, practical and sound guidance, opinion and support to operational and strategic change initiatives, BAU activity, projects and breach and incident remediation plans Effectively analyse breaches, incidents, internal and external audit, compliance monitoring and other review findings to determine Information Security and Cyber risk implications, consideration of regulatory notification to the FCA, ICO or other relevant regulators. Identify and analyse relevant IT/EUC, Information Security and Cyber related regulatory changes and themes which impact the Group. Ensure details of changes/themes are communicated appropriately and oversee the timely implementation of all necessary actions Review relevant customer processes and systems where there are changes and provide guidance, recommendations and challenge to business owners on areas for development/improvement Challenging the business to ensure that the established information security control framework is (and remains) aligned with industry best practice, using the ISO / IEC 27000 series standards (or equivalents) as a benchmark Challenging the business to ensure that the Information Security Control Framework meets the requirements of current and emerging legislation and regulation, including the guidelines and expectations of our regulators Continuously developing existing expert technical knowledge and applying this in conjunction with significant business awareness in order to give accurate and timely advice when these are constantly evolving Conduct Line 2 Information Security and Cyber Risk oversight and assurance activities which adds value to the business, ensuring delivery via a multi-site team in a consistent manner to a high level of quality As a member of the Information Security & Cyber Risk team in Group Risk, working proactively across the various teams in the function to ensure that we deliver fully against the Group Risk Framework. Maintain knowledge of technology, systems, processes, data and interfaces deployed across the Phoenix Group Deputise for Information Security & Cyber Risk Manager as required ProfileInformation Security and Cyber Risk Consultant - remote - FS What We're Looking For Relevant IT/EUC, Information Security and Cyber technical experience, including knowledge and awareness of the regulatory environment and relevant legislation Proven knowledge and experience of IT tools, capabilities and controls. Knowledge of Security Testing tools and techniques e.g. Penetration Testing, Infrastructure Scanning, Static Code Review and Web App Scanning tools. Proven knowledge and experience in Industry Standards and best practice including the ISO/IEC 27000 series, NIST Cybersecurity Framework, ITIL etc. IT Security and Risk experience in one or more of the following areas: "First Line" role - either as IT, IT Security or Risk technician or Manager "2nd Line" role - providing IT Security Management or IT Security or Risk support, or review and challenge to an IT functional area "3rd Line" role - IT Security or IT auditing of an IT functional area Essential One or more Information/Cyber Security Certification/Qualification e.g. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), CompTIA Security+ etc Desirable One or more Risk Management Certification/Qualification e.g. Certified in Risk and Information Systems Control (CRISC), an Institute of Risk Management qualification etc ISO 27001 Lead Auditor Certified Information Systems Auditor (CISA) ITIL Foundation Undergraduate Degree or equivalent Job OfferInformation Security and Cyber Risk Consultant - remote - FSRemote / TelfordOffering a competitive salary depending on experience What We Offer Bring your 'whole self', skills and dedication to the Group and we'll recognise your effort, support your development and help to drive your ambition. We'll ensure you're rewarded for your contribution with a competitive package that includes an attractive pension, annual bonus potential, private medical insurance, generous holiday entitlement, enhanced maternity and adoption leave and a range of other financial services and lifestyle flexible benefits.