Senior Information Security Consultant

via resource
Bermuda Park
£54,000 per annum
07 Oct 2017
25 Oct 2017
Contract Type
Full Time

Duties & Responsibilities of the Senior Information Security Consultant

  • As an Information Security Analyst, work on a number of projects under the supervision of Senior Analysts/Information Security Projects Assurance Lead
  • Provide end to end engagement on a wide range of IT projects ensuring that security is built in, they deliver securely and client and employee data is protected
  • Attend Programme/Project meetings and represent Information Security, giving advice as required
  • Review architectural and design documents including Solution Outline Documents, Detailed Designs, Network Diagrams, Data Flow Diagrams etc.
  • Define Security Non Functional Requirements for each project and ensure that they are fulfilled prior to going into service
  • Ensure the relevant technology standards are applied to specific projects
  • Produce resource estimates for Information Security engagement on projects and record your time on the current resource management tool
  • Manage external resources to ensure that penetration testing is carried out to a suitable standard on time and within budget
  • Scope and manage Penetration Testing including the production of a plan to remediate vulnerabilities identified during any tests in a timely manner
  • Responsible for ensuring that any vulnerabilities identified are processed in accordance with the latest Information Security Risk Management process including; risk analysis, identifying and applying appropriate controls, recording, reviewing and approval
  • Articulate risk in technical and non-technical terminology so that it can be interpreted by IT and Business individuals alike
  • Carry out PCI impact assessments on projects where appropriate
  • Assess the current technology infrastructure to identify information security and compliance risk areas and recommend controls to address those risks
  • Escalate any issues to the Information Security Project Assurance Lead where appropriate

Desired Skills & Experience of the Senior Information Security Consultant

  • An Information Security qualification e.g. CISSP or CISM; CISA or CEH or equivalent desirable but not essential
  • Computer Science degree and/or MSC in Information Security desirable but not essential
  • Working knowledge of different delivery methodologies including Waterfall, Agile and Hybrid
  • Experience of risk management
  • Knowledge and skills to manage Penetration Testing processes and remediation
  • Has a broad knowledge and understanding of IT concepts and architectures including Cloud, BYOD, Mobile Device Management etc.
  • Proactively takes responsibility, owns any issues arising and follows through to resolve them, recognising how individual responsibility impacts team delivery and inspires others to do the same
  • Knowledge of OWASP vulnerabilities, tools and methodologies
  • Knowledge of HTTP, SSDLC and Security Testing
  • Some knowledge of PCI, DPA and ISO27001