Security Consultant - CISSP
Security Consultant - CISSP
Stratford upon Avon
GBPCompetitive + On Call + Bonus + Benefits
Our client is a leading IT Communications provider who are seeking a Security Consultant to join their reputable onsite team. In this role you will take responsibility for Information security, risk and asset ownership of the platform and shared systems that hold the data.
- Maintaining awareness of any changes in the standards, compliance and governance that might affect the systems overall Information Assurance levels
- Maintaining awareness requirements for compliance with the contract for the service
- Ensuring that any new or arising threats to the service are dealt with in a pragmatic and effective way to maintain the existing assurance levels in terms of confidentiality, integrity and availability
- Maintaining an awareness and having evidence of access controls employed in the service at the physical and logical layers
- Ensuring new personnel or 3rd parties are appropriately briefed on the security aspects of the service
- Ensuring that IT Health Checks (ITHC's) are carried out and reports are maintained in a secure manner for audit purposes
- Ensuring that Vulnerability Scans are carried out and reports are maintained in a secure manner for audit purposes
- Be the primary point of contact customer and the Security Analyst onsite for all security incidents
- Act as an escalation point
- Defining and periodically review access restrictions and classifications to important assets, taking into account applicable access control policies
- Ensuring proper handling when the asset is deleted or destroyed.
- As a minimum annually review the security plan and update accordingly
- Suggesting improvements in measuring the effectiveness of controls
- Ensuring that Anti-Virus and other malware preventative measures are maintained on the service
- Assessing and advising on security implications for Change Requests
- Liaising with Group Standards and Compliance team and the portfolio team regarding general security improvement requirements
- Reporting any defects of the service that have an impact on the Information Assurance of the service and make recommendations for improvement.
- Processing, analysing & providing monthly reports to Risk and Compliance of the Information Assurance status of the service.
- Owning and maintaining the Corrective/Remediation Action Plan(s) that come out of Security Incidents and ensure actions are remediated in a timely manner
- Take ownership of and be responsible for any remedial actions following a security breach
- Ensuring the resilience of the service through backups, and maintain an effective and tested BCP and DR Plans.
- Ensuring security risk assessments are completed for each individual or group of assets, reviewed at least annually
- Ensuring assets are inventoried, appropriately classified and protected and risk assessed
- Maintaining a log of all security related matters in a secure manner
- Maintaining the Security Plan for the service to ensure it reflects the most up-to-date security control measures and processes
- Being responsible for ensuring that any patches are applied in accordance with the Vulnerability and patch management process
- CISSP Certification combined with either a CISM or a CISSP-ISSMP Certification
- Experience of Unified Communication systems
- Experience in working with SIEM systems
- Experience in security systems architecture and design (SABSA)
- Experience in security systems analysis and forensics
- Experience in working with outputs of vulnerability scans
- Experience in security testing processes and procedures
- Proven experience in security risk management
- Strong problem management and incident response skills
- Excellent understanding of incident, problem and change management principles