Information Security Risk Officer / Consultant

70000.00 - 85000.00 GBP Annual + GBP70000 - GBP85000 per annum + benefits
20 May 2017
21 May 2017
IT, Internet
Contract Type
Full Time

Information Security Risk Officer / Consultant

Location: London

Salary: GBP70,000 - GBP85,000 + bonus, 10% flex benefits, healthcare, great pension scheme etc

Information Security / Risk Assessments / Risk Identification / Project / ISMS / Risk Officer / Reports / Governance / Consultant / CISM / CISA / CISSM / ISO 27k / CISSP

A fantastic opportunity has arisedn working for a leading financial institution in London, due to growth they are seeking a Information Security Risk Officer / Consultant to join their team.

This is a fantastic opportunity with the view to the role being made associate director over the next 3 years. The role will be managing Information Security across the institution, delivering key IS projects, performing risk identification and mitigation activities. The successful candidate will demonstrate great value in identifying, mitigating and managing the IS threats and risks posed to the business and its clients.

They are looking for the following:

  • Strong stakeholder management skills
  • The ability to identify Information Security Risks and put plans into place to fix
  • Previous experienece in running and presenting internal training
  • Strong Report and policy writing skills
  • Experience of conducting annual risk assessments
  • Strong Project management skills
  • The ability to manage 3rd party external suppliers
  • Hold a relevant Industry recognised security qualification: CISM, CISSP, CISSM, CISA, CEH etc)

The Role:

  • Provide independent oversight and management of the IS risks in accordance with the Bank's Information Security Management System (ISMS), good practice and relevant industry standards.
  • They will advise on risk mitigation measures, review identified risks, analyse IS incidents and communicate risk mitigation actions, plans and activities to management and peers for strategic decision making and proactively encouraged 'good' IS practic.
  • They will be responsible for writing, developing and maintaining the Bank's ISMS. This will include writing, developing and maintaining Bank IS policies, Directives and guidance.
  • They will write and provide reports and analysis on ongoing risk mitigation and maintain the IS risk register.
  • They will project manage elements of the Banks Business As Usual (BAU) activities including but not limited to: social engineering, training and awareness, supplier assurance, security management planning, information classification assessments and reviews as well as providing technical control analysis of solution designs and architectures.
  • They will manage and deliver the Bank's training & awareness programme, including: Reviewing, updating and adding to the Bank's information Security awareness material. This will include management of the Bank's training LMS, delivering training to Bank users.
  • Responsible for delivering class based IS training to new joiners and when this required, to senior management.
  • They will perform detailed risk assessment of the Bank's information assets and IT Facilities using industry accepted methodologies such as IRAM, COBRA, and IS2. This will include:
  • Designing risk reviews, analyse event and risk data, devise risk mitigation activities.
  • Conducting security strategy, readiness and discovery assessments; be familiar with security frameworks, compliance requirements and security operations
  • Undertaking Business Impact Assessments and Information Risk Workshops across the business, identifying risks, deficiencies, improvements and requirements in technical controls, with regulatory, statutory and contractual compliance requirements.

Skills and Attributes Required:

  • They will hold at least one industry recognised security qualification/accreditation (CISM, CISA, CISSM, ISO 27001 Lead Auditor/Implementer)
  • Must have excellent report writing, communication and presentation skills.
  • Must have the ability to take technical information and present in risk and business language.
  • Must have good project management skills, ability to develop well thought out solutions and have strong relationship management skills.
  • Effective communication skills and the ability to influence challenge and engage EBRD people at all levels are essential.
  • Strong written and spoken communication skills.
  • Strong presentation skills
  • They will have working knowledge of the following IS subject areas and related technologies and tools:
    • data leakage prevention (DLP)
    • mobile device security
    • awareness training
    • information classification
    • Supplier assurance and Cloud (IaaS/SaaS) security
    • Social engineering; and
    • Network security