Back to Job Search

Cyber Security Consultant

  • Location: London
  • £ Salary: Up to £458.00 per day per day
  • Job Type:Contract

Posted 12 months ago

  • Sector: Technology
  • Contact: Mark Stiles
  • Duration: 6 Months
  • Start Date: ASAP
  • Expiry Date: 09 April 2023
  • Job Ref: JN -032023-477793

Cyber Security Consultant

6 Month Contract

Fully Remote

£458 p/d Umbrella




Key Responsibilities:

  • Conduct assessments of proposed third-party services or software to identify security risks and mitigate or manage them within the Group's risk appetite.
  • Report findings and recommend solutions to remediate control gaps identified during the review.
  • Develop information security-focused questions for the initial RFI/RFP process.
  • Provide an information security opinion on each proposal and articulate the key risks to the project.
  • Prepare the security element of the contract and work with Legal Services to tailor the contract as required to address any findings or risks.
  • Manage various stakeholders involved in onboarding new suppliers to the Bank, including CISRO, Procurement, Legal, and Project Manager.
  • Build relationships internally and externally with key business and technical stakeholders, central functions, and third-party suppliers.
  • Ensure that security requirements and controls are implemented by working closely with Design, Build, and Test resources, as well as Business Stakeholders and suppliers.
  • Represent the Cyber Projects team at Programme/Workstream level Design Authorities and Workstream daily stand-ups providing security advice.
  • Drive compliance with Information Security Standards and Legal, Regulatory, and Scheme security requirements.
  • Identify and articulate relevant security risks to a high standard for review in line with the risk appetite.
  • Design security tests to a granular level and manage any remedial activity.
  • Create win-win outcomes for Security and the Business by addressing difficult business issues.

Requirements:

  • Extensive knowledge of security-related technical controls that prevent or mitigate cybersecurity risks.
  • Working knowledge and demonstrable experience of information security-related policy, standards, and methodologies, and associated information security legislation and scheme standards, particularly the ISO27001 Framework.
  • Understanding of the attack vectors, methods, and actors in relation to cybersecurity.
  • Strong analytical skills and the ability to work across a wide variety of frameworks and models.
  • Ability to identify and communicate risk at the enterprise level.
  • Superb stakeholder management and influencing skills across a broad range of technical and non-technical stakeholders and all levels within the Group.
  • Excellent presentation, oral and written communication skills with an ability to convey complex technical concepts and issues to non-technical colleagues.

Desirable:

  • A creative and curious mind.
  • Formal cybersecurity accreditations.
  • Knowledge of current information security standards and regulations such as PCI-DSS, ISO27000 series, GDPR, PSD2.



...