Principal Consultant and PCI QSA
Nick helped me find my next role in Cyber based Management Consulting and I’m sure he can do the same for you. Factual, objective and dynamic Nick was always available weekdays, evenings and at the weekend. A really helpful recruitment broker who identified solutions in order to continue moving forward to close the deal.
Risk & Assurance Lead
Role: Risk and Assurance Advisor x2
Location: Gloucester or Remote working
Salary: £45-53k + 5% Bonus and Flexi Benefits
The purpose of the role is for supporting the Security Governance, Risk & Compliance Manager in ensuring that robust information security (IS) risk and compliance processes are embedded throughout the enterprise and adhered to.
You'll verify risk mitigation using information assurance methodologies and enhance capability for testing compliance with security criteria (policies, standards, legal and regulatory). You'll adapt risk management and assurance methodology to address changes in the threat environment and in business risk.
It is a requirement of this role that the post-holder either holds or can obtain and maintain
Security Check (SC) clearance
You will need to demonstrate:
* A professional qualification such as CISSP, CISM, CRISC
* Knowledge and understanding of regulations, standards and practices, including PCIDSS, GDPR, NIS, ISO27000, Smart Energy Code and UK Government Security Policy Framework. Knowledge of legislation relevant to information security, e.g. Official Secrets Act, Computer Misuse Act, and Freedom of Information Act.
* Knowledge and understanding of recognised risk management standards and methodologies such as ISO27005, IRAM2
* Knowledge and experience of working in IT functions e.g. Cloud Computing, DevOps, IT
Operations, Network Security Technologies, Client Computing Technologies, Application
Architecture, Middleware and Integration Platforms and Operating Systems
* Knowledge of information security management and operation, security architecture and incident management in traditional IT and Cloud computing environments (AWS and Azure)
* Awareness of PRINCE2, ITIL, COBIT
* The ability to understand the technical, contractual, financial and operational aspects of information security and their relation to business objectives
* Good leadership, interpersonal and communication skills including strong influencing, negotiating, verbal, written and presentation skills
* Experience in information security risk management, assurance and audit
* The ability to author and communicate risk assessment, compliance and audit reports
* Knowledge of risk assessment techniques and business impact analysis concepts
* The ability to articulate the different forms of threats and vulnerabilities to a range of information systems and assets (including industrial control systems). Ability to translate complex technical security concepts and threats into business language and impact and apply pragmatic consultative approach to find the right solution for the business
* The ability to apply information assurance methodologies to verify that risks are mitigated to levels acceptable to risk owners
* The ability to pragmatically utilise a range of assurance methods to gain confidence in security arrangements, such as penetration tests, audits, inspections or other reporting approaches
* The ability to advise IT project and support teams on information security risks and compliance requirements
* The ability to operate in outsourced IT environments and collaborate with multiple service providers to deliver business outcomes
* Awareness of technology trends and cyber threats
* Attention to detail and methodical approach
For more information and to apply for the role, please send your CV to Nick Haaker ()
Salary: £40000 - £55000 per annum
Job Type: Permanent
Start Date: 29/10/2019
Date Advertised: 2020-01-06 12:09:28
Apply for this job
Please apply for this job below.