10th February 2023
Principal Information Security Specialist
Information Security
East Anglia - Cambridgshire
Up to £65,000 per annum + annual discretionary bonus
Principal Information Security Specialist
Rochester, Kent (Hybrid)
Up to £65,000 per annum + annual discretionary bonus
On behalf of a Spencer Rose Key Client that operate in the finance sector, I am seeking a Principal Information Security Specialist to join their growing GRC team. As a Principal Information Security Specialist, you will be responsible for ensuring organisational assets are secured appropriately based on their importance to the business. You will develop, implement, and effectively run information security governance and consultancy to address the current and emerging information security and compliance requirements of the business.
Due to the organisation operating a hybrid work model, you must be within commutable distance of their Kent offices and willing to be office based 1-2 days per week.
Responsibilities:
- Developing and implementing enterprise governance, risk and compliance strategy and solutions
- Provide advice and guidance on how to minimise the impact of potential threats to assets and services
- To liaise with potential or current partners and suppliers to evaluate the information security levels of the company or services
- Support compliance actives for regulators and contractual requirements
- Management of Group information security policies and standards
- To ensure controls implemented in production systems are operating as designed to mitigate known risks
- Implements processes, to automate and continuously monitor information security controls, exceptions, risks, and testing. Develops reporting metrics and dashboards on the effectiveness of controls to internal and external stakeholders
- Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result and phishing attacks
- Aware of current and possible future trends in the information security landscape and the impact on the Groups security policies and standards
- Adherence to standards, including ISO27001 and Information Technology, Infrastructure Library (ITIL) and NIST Cyber Security Framework
- Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data in line with the Payment Card Industry Data Security Standards (PCI DSS)
- Understand the security requirements of the Group’s third-party vendors and their information systems to identify potential or actual security compliance issues.
Experience/Skills required:
- Demonstrable experience working as an expert in an Information Security environment preferably as an Information Security Consultant
- You will ideally have experience of managing or mentoring team members
- Experience of team/people management
- Proficient in creating Security Standards and Process for Information and IT Security
- Applied knowledge of industry best practices including NIST, PCI DSS, ISO27001 and any other applicable standards
- To ensure organisational assets are appropriately protected
- Demonstrate a pragmatic and risk focussed approach to problems
- Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process
- Working knowledge of cloud security standard frameworks, architecture, design, operations, controls, technology, and solution
- Holding any recognised Information Security certifications eg CISM/CISSP would be very advantageous.
Consultant - Brendan Connolly
Telephone: 0207 392 7512
Email: brendan.connolly@spencer-rose.com
Share This Position