Information Security Consultant (Governance / Risk / Compliance) - Bradford

Information Security Consultant (Governance / Risk / Compliance) - Bradford

Salary: NEG - please apply regardless of expectations

Work Hours: 9am - 5.30pm

Location: West Yorkshire

Responsibilities:

1. Work with the Information Security team to provide advice and guidance on IT security and further develop IT policies and processes across a multi-region infrastructure consisting of 8000+ staff and 100+ sites.
2. Review all aspects of the IT environment and its components.
3. Support Governance, Risk, and Compliance activities.
4. Proactively improve and provide advice and guidance on information security matters.
5. Create and maintain policies within our Information Security Management System, to support business requirements and align with ISO 27001.
6. Maintain a register of security controls to identify compliance against security standards, including ISO 27001, NIST, COBIT, etc.
7. Develop and enhance security policies, processes, procedures, and technical controls to strengthen security capabilities and resilience to cyber threats.
8. Maintain and manage the IT Risk Register to ensure that IT risks are regularly reviewed, correctly identified, assessed, reported, and mitigated in line with recommended best practices.
9. Identify and raise awareness of security risks.
10. Develop a register of regional regulatory privacy requirements and develop processes to monitor regional controls to ensure compliance.
11. Perform daily, weekly, and monthly security checks, reconciliation and compliance checks, and investigate exceptions.
12. Complete client security requirement questionnaires and support the bidding process.
13. Assist with security incident management and response activities.
14. Provide general day-to-day support on managing and responding to security alerts from systems and end users.
15. Support the wider IT team to provide and share technical knowledge and security best practices.
16. Test DR plans, processes and capabilities to ensure they work as designed, identifying gaps and lessons learnt, and work with the business to drive continual development and enhancement.

Technical Requirements:

1. At least 13 years educational background.
2. Excellent working knowledge of security and governance, risk, and compliance within an enterprise environment.
3. Hands-on experience of enterprise information security and standards including Cyber Essentials, ISO 27001, 27002, Data Protection Act, and the General Data Protection Regulation.
4. Experience with Microsoft O365 Security solutions, Networking, Security operations, Vulnerability Management, Security Auditing.
5. Experience of formal document creation, such as the creation of reports or procedures.
6. Experience of carrying out risk reviews, technology audits, or other similar work.

Detailed knowledge of:

1. Threat Intelligence analysis and best practice.
2. Security Incident Response processes, procedures, and best practices.
3. Disaster Recovery and Business Continuity principles and testing methodologies.
4. Risk analysis and data management methodologies.
5. Event and log analysis.

Core Behavioural Skills:

1. Confident individual with good interpersonal skills, able to deal with people at all levels and communicate to users in a clear, non-technical language.
2. Team-player.
3. Analytically minded, able to break down and understand information.
4. Comfortable working in a fast-moving, dynamic environment.
5. Strongly customer-focused, used to providing support to demanding users.
6. Good organisational skills, used to managing and prioritising own workload.
7. Ability to report on progress, timescales, outstanding and completed activities.

Contact:

Additional Benefits: Cycle to work.