Information Security Consultant – Key Asset Risk Management.

On an initial 3-month contract. £550 per day Inside IR35.

Hybrid working Model 2 days in London Office. 

You will be working within the GRC team, with information security as a significant organizational priority, my client is working continuously to improve their security posture and reduce their risk profile by providing additional protection for their most sensitive and critical assets. 

Close working relationships across the SOC, enterprise security, and product security teams.

The role assists the GRC Team in their projects and activities, including risk management activity, technical risk assessments, secure design and architecture assessments for projects, vendor risk management, and security assurance, all of which require direct liaison with business units including senior risk owners and technical experts. 

Requirements for the role

• Proven experience of applying information security methodologies and activities across the breadth of an organisation, preferably with in-house information security and preferably within a global organisation.

• Deep knowledge and understanding of risk and asset management, technical segmentation, privileged access management, patch management, SOC visibility, back ups, disaster recovery and business continuity – Experience needn’t be hands-on but knowledge must be both deep, broad and adaptable to various challenging environments.

• Experience in prioritizing and tailoring Information Security objectives and risk mitigations to business objectives.

• Hands-on experience with Risk Management Frameworks or best practice Risk Methodology such as IRAM2 or ISO27005

• Excellent verbal communication skills with the ability to translate technical information into business-relevant information, and develop and maintain close working relationships, presenting the need for security to all personnel from senior leaders to specialist roles in a manner that encourages positive engagement and demonstrates the benefits of security in improving performance profitability.

• Excellent written communication skills with the ability to articulate risks in both a technical and business-relevant format

• Developed theoretical knowledge of OWASP required, with experience reviewing solution designs to identify risks and ensure adherence to secure design principles desirable

• Knowledge of Control/Vulnerability assessment and penetration testing methodologies with the ability to translate findings into risks and control objectives.