Our client is seeking a number of cyber security consultants with strong and broad project assurance experience, to be responsible for working with project and operational teams to ensure security is implemented in projects and embedded into operations. This role is working as part of a large security transformation and improvement programme, where a huge amount of investment is being placed on improving the security posture of the organisation.
The role will require a diverse background in the security and IT operations, risk management, project assurance and operational assurance through adherence to internal policies and relevant compliance standards. You will also have knowledge of industry recognised security frameworks and regulations such as ISO 27001, ISF SOGP, DPA/GDPR and PCI-DSS is essential to aid in the communications of compliance and associated risks to key stakeholders. You will be responsible for:

• Review new and existing supplier and partner contracts and perform regular security assurance activities to validate supplier security posture's;
• Support IT and Business transformation projects by ensuring they are risk assessed and IT controls and security requirements are met through the transformation lifecycle, including compliance requirements such as ISO 27001 and PCI-DSS.
• Develop information security processes and procedures alongside business and IT stakeholders and its embedding
• Attend business governance meetings as required representing the Information Security team
• Scope, arrange and support security testing, including penetration testing

Essential Criteria

• Excellent analytical skills and ability to solve complex problems;
• Excellent communication skills and ability to clearly and concisely articulate information security risks to business and technical teams;
• Ability influence security good practice behaviours within the organisation;
• Strong interpersonal skills and be approachable for all members of staff;
• Ability to communicate effectively at all levels within the organisation;
• Knowledge of ISF SOGP, PCI-DSS and Data Protection
• Previous management experience in information security

Desirable Criteria

• Bachelors or Master's degree in computer science, information technology, information security or a related field;
• Previously worked within a large, multinational retail organisation
• Previous experience in information security strategy;
• Understanding of SharePoint libraries and publication to intranets

At least one of the following certifications is required, further training may be given to the right candidate:

• CISSP, CISM, CISA, CRISC, ISO 27001:2013 Lead/Implementation Auditor

Contract: Full time - Permanent
Location: West London.