The successful candidate will be required to:
• Be a part of a team of security consultants responsible for delivering consultancy into the business.
• Ensure business and IT projects are subject to appropriate information assurance. In particular review all systems passing through the ISTD project lifecycle ensuring they meet information assurance criteria. Report on residual risks through the appropriate processes.
• Assist where required in delivering information security education and awareness programmes across the Bank using third party resources where appropriate.
• Provide quality information assurance outputs ensuring that a level of quality and consistency is maintained and that the outcome will meet business needs with risks being managed appropriately.
• Ensure stakeholders are managed appropriately, that communications with those stakeholders is appropriate and aligned with Bank strategy accordingly and delivery risks are highlighted within the team management structure.
• Contribute improvements to the security consultancy engagement processes and procedures.
• Provide day to day security incident and change support.
• Operate business based pragmatic consultancy advice and support to the business.
• Conduct high quality and professional off site third party assurance reviews on the Bank’s suppliers.
• Be accountable to the IT Security Consultancy Team Leader for deliverables and professional conduct.
The successful candidate will liaise with:
• Multiple business areas within the Bank.
• All teams within the Secure function.
• External organisations by exception and direction.
• Third party suppliers.
• Intelligence and investigative functions.
Qualifications (Required):
BSc, MSc OR equivalent and directly relevant experience combined with an industry standard qualification, preferred CISSP, CLAS or CCP.
Qualifications (Desired):
The successfully applicant will ideally hold the ISO 27001 Lead Auditor 2005 or 2013, or be able to demonstrate audit experience in a professional capacity.
Experience (Required):
• Risk Assessment Methodology.
• BIA Methodology.
• Day to day use of policies and standards such as CESG IA, SPF, JSP440 or other commercial.
• Experience of conducting live Information Assurance/IT Security off site audits.
• Experience of conducting internal IT system compliance against agreed standards.
• Technical report writing.
• Stakeholder Management.
• Technical experience of Network architecture and components.
• Exposure to and consulting with up to and including ‘C’ level staff.
Experience (Desired) The successful candidate will meet 50% of the following criteria:
• Some experience with intelligence processing, management and analysis processes.
• Experience with ISO 27001:2005/13.
• Information assurance experience with the financial services, HMG, Defence or commercial sectors.
• Experience with common information security best practice methodologies.
• Some penetration test exposure/experience.