Security Consultant - Information Security Policies and Standards Expert - Inside IR35
My leading consultancy client is seeking an experienced Information Security Policies and Standards Expert. This is a manager level role in the Information Risk Assessment team, leading on technical information risk assessments.
The role will support the development and maintenance of the UK firm's information security policies and standards and related controls matrix, including realignment to firm policies and standards.
The outcome of these activities is to advise on the controls necessary to keep these risks within agreed limits.
Candidates must have the following skills/experience:
A minimum of 5 years' experience of information security in a governance, risk & compliance (GRC) or policy/standards management capacityPractical expertise in developing information security policy and standards (and the ability to write policy content in plain and precise English)Strong knowledge of information security standards (eg Cyber Essentials, ISF Standard of Good Practice for Information Security, ISO 27001, NIST Cybersecurity Framework, CIS Top 20 Controls)Strong working knowledge of the IT security aspects of IT infrastructure (network and servers) and services, including Cloud computing and IT application securitySecurity certifications preferred (CISSP, CISA or equivalent)Excellent communicator, able to analyse and clearly articulate complex issues and technologies understandably and engaginglyAdaptable, proactive and driven to take ownershipKeen attention to detail and high level of commitment