Information Security Consultant
Recruiter
Listed on
Location
Salary/Rate
Type
Start Date
This job has now expired please search on the home page to find live IT Jobs.
This is a 1st line Information Security role.
The successful candidate will work as part of the Information Security team to improve information risk management practices throughout the bank. In particular this will involve engaging with IT teams, the business and third party providers to provide information security assessments across a number of projects, business processes and business operations ensuring that information security requirements are properly embedded into processes and procedures.
The role would cover the bank IT teams, business teams and our third party providers. The role will be based in London; however occasional travel may be required to regional offices throughout the UK.
Key Responsibilities
Information Security assessments for projects
* Act as the information security focal point on business and IT projects and changes:
* Provide information security subject matter expertise and ensure compliance with the information security policy.
* Provide projects and changes oversight from inception through to implementation.
* Gain a sufficient level of understanding of each project to properly assess the impacts and risks and therefore judge the level of information security oversight required.
* Ensure that the commensurate level of information security controls and procedures are designed into new solutions and processes.
* Provide support and solutions to the business to embed security controls into new solutions and processes.
* Provide overall advice and steer to business changes and projects.
* Provide input to refine existing assurance tools to enhance our ability to accurately assess projects' impact and risk.
* Help refine the process for how Information Security works with projects based on work to date.
* Educate the business on the Information Security Assurance process to help embed it.
Information Security assessments for business operations
* Review and assess the appropriateness of Information Security control operating inBAU, processes and operations both in Close Brothers and our third party suppliers.
* Provide information security subject matter expertise and ensure compliance with the information security policy.
* Gain a sufficient understanding of business processes to assess impacts and risks and judge the level of information security control applied.
* Recommend any changes required to the control environment to ensure that IT Risk is managed effectively.
* Provide overall advice and steer to the businesses.
* Provide ongoing review of the operational effectiveness of controls
* Provide input to refine existing evaluation tools and techniques to enhance our ability to accurately assess existing processes.
* Help refine the process for how Information Security works with the businesses.
* Educate the business on the Information Security review process to help embed it.
Information Security subject matter expertise
* Undertake information security assessments of technical designs, new business proposals and existing processes reporting the findings and making recommendations.
* Provide advice, guidance and assistance to the business relating to information security.
* Act as an advocate of Information Security and help to disseminate the fundamentals of it throughout the businesses. In particular promote awareness of, and compliance with, the information security policy and associated policies.
* Input into any on-going initiatives in the information security team, providing ideas and innovations.
Information Security Policy and Governance
* Ensure that our policy suite is kept up to date
* Regularly review the information security framework and align it with the industry best practices.
Reporting and Communication
* Provide regular updates to team members other designated contacts within the organisation.
* Prepare management reports on an on-going basis.
* Schedule assessment activities and maintain a project tracker of ongoing reviews and deliverable dates.
Risk & Compliance
* Adhered to all Governance and Compliance requirements and carry out reporting and reviewing activities required by the Regulatory Bodies to the standards required.
Skills & Experience
The role holder will be an information security professional able to communicate technical concepts clearly; a subject matter expert with a breadth of both technical and procedural knowledge; passionate about information security; and able to operate to a high standard in a dynamic environment.
* Strong audit and analytical skills.
* Able to work in a multidisciplinary teams driving information security in that environment.
* Able to communicate information security concepts and principles effectively and simply to stakeholders who may not have a technical background.
* Experience of embedding information security principle and controls into change programmes including compliance with ISO27001.
* Experienced in the selection and implementation of appropriate information security controls.
* Knowledgeable about the legal and regulatory requirements for information security.
* Strong Information Security Risk Assessment skills.
* Good written and verbal communication skills.
