Cyber Security Consultant
Based in Glasgow a Cyber Security Consultant is required on a contract basis to provide a specialist Cyber security service by performing third party security reviews on new suppliers, which will range from well-established IT firms to fledging Fin-techs.
Candidates need to work through an umbrella company for this role.
Responsibilities of the role:
- Conduct robust assessments of proposed third party services or software to ensure that security risks are identified and appropriately mitigated or managed within the Group's risk appetite.
- Report your findings and define recommendations to remediate any control gaps identified through the course of the review.
- Develop Information Security focussed questions for the initial RFI / RFP process (based on the type of service being provided).
- Provide an information security opinion on each proposal, ensuring the key risks are identified and articulated to the project.
- Prepare the security element of the contract, and work with Legal Services in tailoring the contract as required to address any findings / risks identified during the security review.
- Provide advice and Guidance to Legal/Procurement on the content of the security provisions when the contract is being drafted or produced by the supplier.
- Manage a number of varied stakeholders involved in on-boarding new suppliers g. CISRO, Procurement, Legal and Project Manager.
- Develop and build relationships internally and externally with key business and technical stakeholders, central functions and key third parties and supplier contacts supporting onboarding.
- Ensure that security requirements and controls are implemented by working closely with Design, Build and Test resources, as well as Business Stakeholders and suppliers.
- Represent the Cyber Projects team at Programme/Workstream level Design Authorities and Workstream daily stand ups providing security advice in relation to the solution/s being proposed.
- Drive compliance with Information Security Standards, as well as Legal, Regulatory and Scheme security requirements.
- Ensure that relevant security risks are identified and articulated to a high standard for review in line with risk appetite.
- Taking difficult business issues and creating win-win outcomes for Security and the Business.
Skills and experience required:
- Extensive knowledge and understanding of the security related technical controls which prevent / mitigate Cyber Security risks.
- Working knowledge and demonstrable experience of information security related policy, standards and methodologies and associated information security legislation and scheme standards, particularly the ISO27001 Framework.
- Understanding of the attack vectors, methods and actors in relation to Cyber security
- Strong analytical skills and the ability to work across a wide variety of frameworks and models.
- The ability to identify and communicate risk at the Enterprise level.
- Superb stakeholder management & influencing skills across a broad range of technical and non-technical stakeholders and all levels within the Group.
- Great presentation, oral and written communication skills with an ability to convey complex technical concepts and issues to non-technical colleagues.
If you would like to be considered for this role please click apply asap and Outsource will be in touch.