Description
Information Security Operations Consultant - CONTRACT - *OUTSIDE IR35*
Niche IT Transformation Consultancy require a Security Consultant for an interim role with a large financial services client. The scope is to provide response and actions to Audit points and a CBEST assessment, develop their security strategy and to provide some oversight to BAU activities. You will help t o provide clear technical leadership to the Security Operations practice, maintain and improve the Security Operations capability, leveraging both internal and external capability as appropriate to ensure that the capability is in line with the client's strategy and risk appetites.
Key accountabilities:
- Provide input to the development and ongoing refinement of the Information Security cyber strategy. Contribute to the implementation of the information security cyber strategy to ensure that information security capability continues to meet emerging threats, legal & regulatory demands and changes within the business appetite.
- Develop a relationship with the external SIEM partner and use this relationship to create an appropriate level of capability and integration on the estate.
- Oversee the implementation and continued improvement of the security framework, as it pertains to the Security Operations Centre, aimed at protecting systems, services & information against unauthorised access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
- Provide key input as needed on the selection, design, justification, implementation and operation of cyber security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems with legislation, regulation and relevant standards. Work effectively with the security architecture function and other strategic organisational functions such as legal experts and technical support, including being responsible for final selection of all cyber security controls.
- Working with the security architecture function to provide technical assurances for security systems by ensuring that protection, detection, and reaction capabilities are robust and fit for purpose within business appetite.
- Provide technical control assurances for security systems by ensuring that protection, detection, and reaction capabilities are robust and fit for purpose within business appetite.
- Lead cyber security specific incident response through to appropriate resolution including ensuring the impact and the risk of recurrence is minimised as part of the existing incident response processes.
- Be responsible for cyber crisis scenario management planning including appropriate testing as part of the existing DR/BCP process.
- Be responsible for the creation and maintenance of a playbook for security responses to particular trigger events that can be used to improve consistently and efficiency of response. This playbook to be fully aligned with the stated risk appetites.