Information Security Consultant
- 10730 – Information Security Consultant
The Information Security Consultant will also be responsible for managing and developing the Information Security Risk Team to support the business it its operation and growth whilst reducing Information Security Risk to an appropriate level.
Key Responsibilities for the Information Security Consultant
- To take ownership of the overall risk function across the business working alongside the board to create and implement strategy as well as develop and manage the team
- To administer the overall risk management process for the business including risk assessment and evaluation in line with the business’s 'risk appetite', risk reporting in an appropriate way for different audiences.
- Help the business implement policies and controls aligned to ISO27001
- To manage the business’s risk register to ensure that all IT Security risks are remediated where possible, reduced to an acceptable level or recorded, understood and signed off at the appropriate level.
- To ensure that IT Security Risks are communicated to the business as appropriate.
- To maintain the business’s PCI DSS and other applicable compliance standards are maintained
- To work with Internal and External audit to assure IT Security
- To assure the business wide patching policy and implementation of patch plans
- To be worked through in accordance with set PCI compliance standards and timeline
- To maintain the business security systems and security principles to a defined secure PCI DSS Compliant standard, with high availability. Management of infrastructure security controlling access to a range of network services including IPsec VPN, backup, test networks, environmental controls, network monitoring and segregation of departmental traffic.
- Responsible for ensuring procedures are implemented and undertaken to ensure all group and company Audit measures are achieved.
- To work with the IT Security Architecture and IT Security Operations teams to ensure a consistent and unified approach to improving the business’s Security Posture is followed. Direct management and prioritisation of the Security team workbook, ensuring alerts or issues are investigated and processed, incidents, breaches managed to SLA, minimising impacts to business or Service Level Agreements (SLAs). Compilation and dissemination of Problem reports following all cessation of the associated incident.
- Ensure that all Audit and Data Protection requirements are met and adhered to by the Business and Security department, as well as assist in working towards and improved compliance against PCI DSS.
Desired Skills & Experience of the Risk Manager
- Expert level knowledge in PCI DSS, ISO27001, IT Security Risk Management tools, Firewalls, IAM, Cloud, TCP/IP, VMWare, Windows Server, Mac OS X, SQL Server, Exchange