job / information security advisor 12month ftc 5488

Information Security Advisor - 12-month FTC - London

£competitive + Group Benefits - Audit & Risk
Ref: 5488 Date Posted: Friday 08 Oct 2021
LinkedIn ShareShare

Information Security Advisor required for our global services client in on a 12-month fixed term contract.  This role can be based in London or Glasgow  with hybrid WFH arrangements in place.

Reporting to the Head of Information Security, you will deliver first class and timely security advisory and security assurance services on a varied portfolio of technology driven projects, including new products to enhance the business’s value proposition to its prestigious client base.

This role is all about…

To undertake information security advisor role for IT and Business Projects. Your responsibilities include:

  • Conduct information security risk assessments including identifying appropriate risk mitigation controls. Document associated risk treatment plans in sufficient detail for project team to implement.
  • Validate common and system specific mitigation controls for each project deliverable, ensuring they are operational and appropriately implemented.
  • Work with Project teams to ensure necessary IT system specific information security documentation is delivered as part of business take-on process and supporting materials in relation to specific projects.
  • Collaborate with Data Privacy and Business Continuity functions to provide relevant information for both topic areas.
  • Provide all assurance actions, information and documentation required to obtain approval from information security accreditor for the project deliverables.

3rd Party Security Advisory and Assessments

  • Undertake information security assessments of 3rd party services to the Firm including cloud service providers. Responsibilities include:
  • Work independently and as required with internal stakeholders to assess the security control and governance framework of prospective and existing 3rd party technology solutions and cloud service providers.
  • Conduct 3rd party information security risk assessments for prospective 3rd parties including identifying risk mitigation controls. Documenting and reporting findings to vendor management team.
  • Definition of contractual security requirements.
  • Conduct regular assessments of 3rd party compliance to the Firm's information security requirements, either remotely or via on-site assessments.

About you….

  • Thorough understanding and demonstrated experience implementing and assessing ISO 27001/27002 controls.
  • Industry certified such as Certified ISO27001, CISSP, CISM and/or CRISC (advantageous)
  • Industry certification in AWS and/or AZURE Cloud platform (advantageous)
  • Excellent knowledge of ISO27005 Risk Management standard.
  • Knowledge of global Data Protection and Privacy regulations.
  • Ability to work with and across all business support functions in the firm.
  • Excellent analytical skills.
  • Excellent written and communication skills.
  • Able to understand, interpret and respond to client requirements.
  • Able to operate effectively and independently or as a member of a wider project team.
  • Awareness/exposure to different software development life cycles and methods (advantageous)
  • Produce high level solutions/approaches, requiring systems analysis and design skills.

Salary £competitive + Benefits.  Our client offers hybrid working arrangements allowing you to work from home the majority of the week (if desired).  For further information contact Stuart Ringland on (01698) 440 337 or email