Virtual Information Security Officer - Anywhere in the UK

IT/Information/Cyber Security
Ref: 99 Date Posted: Thursday 07 Oct 2021
LinkedIn ShareShare
Location: Remote
Salary: £65,000 - £80,000
No. required: 2
Start date: ASAP


The Role


We have an exciting opportunity for an experienced Information Security Professional to deliver cyber security support and consultancy to our varied client base across the retail, insurance, financial services and telecommunication sectors. The role will be based from home or from our Central London offices near Liverpool Street Station, with travel to client sites as required.


Ideal candidates will be experienced at leading, implementing, advising and supporting cyber security programmes. The role will involve undertaking risk, compliance and third-party supplier assessments, leading improvement projects and acting as a trusted advisor to our clients. Utilising your thorough commercial and technical understanding of IT controls, information security frameworks, eco-systems and security standards, you will offer value-add advice and solutions to our clients to support our continued growth.


Activities will include a range of:


•             Working with the client’s management and technical teams, undertake risk, compliance and third-party supplier assessments

•             Undertaking information security gap analysis and audits against established standards and regulations such as ISO 27001, SANS CSC, Cyber Essentials and the GDPR

•             Analysing findings and translating needs into actionable recommendations

•             Writing and presenting detailed findings and recommendations reports, providing added value and thought leadership

•             Creating and reviewing risk management and information security frameworks and policies

•             Chairing information security committee meetings with clients

•             Participating in lessons learned exercise to create recommendations for improving future engagements

•             Acting as a virtual ISO to a number of clients, assisting, advising and supporting their multi-year cyber security programmes


Essential Skills and Requirements:


•             Ability to translate technical issues into business terms

•             Commercial and technical understanding of information security frameworks and ecosystems

•             Experience at leading, implementing and managing cyber security programmes

•             Knowledge of common IT risk and controls standards such as COBIT, COSO, ISO

•             27001, ISO 3100, SANS CSC, Cyber Essentials and the Data Protection Act

•             Knowledge of at least one risk assessment methodology

•             Understanding of the range of technical IT and business controls available to protect the Confidentiality, Integrity and Availability (CIA) of data

•             Understand customer environments and be able to work with both technical teams and senior management to identify issues and risks

•             Excellent customer relationship skills, creation and presentation skills

•             Awareness of common attack vectors such as hacking, malware, DDoS etc.

•             Knowledge of common application vulnerabilities and mitigation approaches

•             A commitment to personal development and keeping a current knowledge of the security industry threats and best practices

•             Knowledge and experience of cloud security


Essential Qualifications:


Relevant degree and/or relevant certification, including:

•             Certified Information System Security Professional (CISSP)

•             Certified Information Security Manager (CISM)

•             Certified in Risk and Information Systems Control (CRISC)

Valued Additional Qualifications:

•             IAPP CIPP/E

•             IAPP CIPM

•             PCI DSS QSA or ISA

•             GIAC Systems and Network Auditor (GSNA), International Register of Certificated

•             Auditors (IRCA), Information Security Management System Auditor (ISMS) or Certified

•             Internal Auditor (CIA)