Cyber Security Consultant – Financial Services – Up to £110k – City of London - Hybrid
Overview:
We are currently partnered with one of the world's leading financial institutions who offer a broad range of services, including commercial banking, trust banking, securities, credit cards, consumer finance, and asset management. They are seeking a Cyber Security Consultant to lead and develop cybersecurity guidelines, ensuring compliance and audit-readiness. You will also be responsible for conducting cybersecurity assessments and third-party risk due diligence, reviewing contracts for cyber security terms and collaborate with stakeholders to assess and mitigate information security risks.
Role & Responsibilities:
- Establish, maintain, and update guidelines for the secure usage, control, and maintenance of information systems and distributed computer resources.
- Conduct comprehensive cybersecurity assessments of third-party systems, applications, and vendors. Evaluate risks related to external entities and ensure that security controls are properly implemented and effective. Lead the cybersecurity due diligence process for high-profile third-party projects.
- Assist in reviewing & negotiating cybersecurity-related contractual terms with vendors and partners.
- Oversee the management of penetration tests, dynamic and static code analysis, and vulnerability scans to proactively identify and mitigate security weaknesses in infrastructure, applications, and networks.
- Develop and implement incident response procedures, logging protocols, and investigation methodologies.
- Mentor junior members of the cybersecurity team, providing guidance on best practices, technical issues, and career development.
- Work closely with internal stakeholders, including IT, compliance, and legal teams, to align cybersecurity measures with business objectives.
- Produce detailed documentation of cybersecurity assessments, penetration tests, and threat analyses.
- Ensure that the business adheres to all applicable cybersecurity regulations and standards, such as PCI, SOC2, NIST, and ISO. Stay updated on changes in the regulatory landscape, including Anti-Money Laundering (AML) regulations and requirements such as the USA PATRIOT Act, ensuring that all cybersecurity measures are compliant.
- Participate in the development and maturity of the Third-Party Risk Due Diligence process.
Essential Skills & Experience:
Technical Cybersecurity Expertise:
- Risk management, access control, cryptography, physical security, network security, and incident management.
- Hands-on experience with technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), encryption, vulnerability management, and secure software development.
Information Security Frameworks & Standards:
- Working knowledge of SOC2 reports, PCI DSS compliance, NIST 800 series, ISO 27001/27002, and other information security standards.
- Familiarity with industry frameworks like COBIT, ITIL, and NIST Cybersecurity Framework.
Network and Infrastructure Security:
- Solid understanding of IP networks, including routers, switches, VLANs, and firewalls.
- Knowledge of network security protocols and configurations (TCP/IP, IP addressing, network segmentation).
Compliance & Regulatory Knowledge:
- Deep understanding of federal and state regulations regarding cybersecurity, including Anti-Money Laundering laws, Bank Secrecy Act, USA PATRIOT Act & other financial industry-specific requirements.
Certifications & Education:
- Possessing or working towards certifications such as CISSP, GIAC, CEH, CISA, or CRISC is highly desirable, showcasing expertise in cybersecurity best practices and principles.
- Bachelor's degree in Computer Science or equivalent work experience.
Package:
- Up to £110,000 basic salary
- Up to 20% discretionary bonus
- 10% pension contribution
- Other Excellent benefits
- Hybrid working – 2 days onsite (City of London)