Job Title: Information Security Consultant
Location: Carlisle / 1 day onsite every 2 weeks
Salary: £65,000 - £70,000 + benefits
Are you an experienced Information Security Consultant looking for your next challenge? If so this could be the ideal opportunity for you. My client, a specialist financial services business with an excellent reputation, is currently investing within their Information/Cyber Security team. As part of this investment, they are looking to hire an Information Security Consultant to join the team.
You will assist the Information Security Assurance Manager in the overseeing and control of all aspects of the Information Security Management System, ensuring controls and assurance audits are in place to prevent/minimise threats such as security breaches, computer viruses or attacks by cyber criminals. As well as carrying out audits in line with the assurance calendar.
You will also play a pivotal role in providing subject matter expertise to projects to ensure projects have security controls included by design.
You will have depth of knowledge in information security, with an excellent understanding of the technical side, having very good experience of compliance such as ISO27001, NIST, CBEST & CQUEST requirements.
Key responsibilities
- Engagement with projects to provide advice, guidance and non-functional requirements to ensure security is being built in by design.
- Support and execute all group-wide Assurance tasks, initiatives and assignments, including monitoring the assurance inbox and responding to queries.
- Assist in the ongoing program of information security assurance covering all aspects of ISO27001 and the controls set out.
- Support the management of the Information Security Management System and ensure compliance with its components.
- Assist in updating assurance owned documentation such as procedures and policies.
- Support the Information Security Assurance Manager in working with information security operations to maintain acceptable levels of control and risk throughout the business.
- Carry out assurance reviews in line with the schedules calendar, producing reports, feedback and managing actions/non-conformities through to satisfactory conclusion.
- To assist in the maintenance of the Information Security (COO) Risks and Controls register and work closely with other information security colleagues and carry out actions to mitigate the risks identified.
- To keep up to date with security trends, threats and control measures and recommend new solutions and initiatives that will enhance the protection of the business's assets and data.
- Support in phishing campaigns and the management the outcomes and necessary training.
- Identify risks and ensure these are presented in accordance with procedures and are given the appropriate level of attention.
- Conducting third party supplier reviews.
Skills and Experience required
- Proven previous experience of working within a similar GRC focused Information Security Consultant / Officer / Manager position.
- A formal qualification in an Information Security discipline e.g., CISM. Where significant experience can be demonstrated, this will be considered.
- Experience of ISO27001 audits, NIST audits or similar, ideally being a Certified ISMS Lead Auditor (CIS LA)
- A strong technical understanding and background
- Excellent written and verbal communications skills as appropriate for the needs of the audience.
- Experience gained within financial services or another highly regulated environment.
For more information or to apply please send a copy of your CV to