Cyber Security Consultant
6 Month Contract
£458 p/d Umbrella
- Conduct assessments of proposed third-party services or software to identify security risks and mitigate or manage them within the Group's risk appetite.
- Report findings and recommend solutions to remediate control gaps identified during the review.
- Develop information security-focused questions for the initial RFI/RFP process.
- Provide an information security opinion on each proposal and articulate the key risks to the project.
- Prepare the security element of the contract and work with Legal Services to tailor the contract as required to address any findings or risks.
- Manage various stakeholders involved in onboarding new suppliers to the Bank, including CISRO, Procurement, Legal, and Project Manager.
- Build relationships internally and externally with key business and technical stakeholders, central functions, and third-party suppliers.
- Ensure that security requirements and controls are implemented by working closely with Design, Build, and Test resources, as well as Business Stakeholders and suppliers.
- Represent the Cyber Projects team at Programme/Workstream level Design Authorities and Workstream daily stand-ups providing security advice.
- Drive compliance with Information Security Standards and Legal, Regulatory, and Scheme security requirements.
- Identify and articulate relevant security risks to a high standard for review in line with the risk appetite.
- Design security tests to a granular level and manage any remedial activity.
- Create win-win outcomes for Security and the Business by addressing difficult business issues.
- Extensive knowledge of security-related technical controls that prevent or mitigate cybersecurity risks.
- Working knowledge and demonstrable experience of information security-related policy, standards, and methodologies, and associated information security legislation and scheme standards, particularly the ISO27001 Framework.
- Understanding of the attack vectors, methods, and actors in relation to cybersecurity.
- Strong analytical skills and the ability to work across a wide variety of frameworks and models.
- Ability to identify and communicate risk at the enterprise level.
- Superb stakeholder management and influencing skills across a broad range of technical and non-technical stakeholders and all levels within the Group.
- Excellent presentation, oral and written communication skills with an ability to convey complex technical concepts and issues to non-technical colleagues.
- A creative and curious mind.
- Formal cybersecurity accreditations.
- Knowledge of current information security standards and regulations such as PCI-DSS, ISO27000 series, GDPR, PSD2.