Senior Security Consultant (CISO)
Location - UK wide
Salary - £70,000 - £80,000 + Excellent benefits
Key Skills - CISO - GDPR - NIST - CISSP - ISO27001 - PCI DSS - CISM - CRISC - Cyber Security
Primary Job Responsibilities
Strategic Leadership:
- Set direction and formulate a cybersecurity strategy that aligns with the client organisation's goals, risk tolerances and appetite.
- Drive the adoption of cybersecurity best practices across the client's organisation.
- Engage with the client's executive leadership to ensure that cybersecurity initiatives are in harmony with their business objectives.
- Conduct periodic management reviews and provide insights through reports and dashboards.
Key Deliverables and Outcomes:
- Comprehensive Cybersecurity Strategy Documents showcasing objectives and initiatives.
- Regular CISO Dashboard Reports highlighting key performance metrics.
Risk Assessment & Management:
- Identify and assess cybersecurity risks.
- Review critical technology to understand vulnerabilities and threats
- Measure the maturity of current cybersecurity initiatives and provide improvement planning on how these risks are remediated once treated.
- Oversee the client organisation's risk management processes, including risk assessments, technology reviews, and vendor & supply chain audits.
- Ensure that the output from cyber risk assessments intertwines with wider operational risk outputs.
Key Deliverables and Outcomes:
- Cybersecurity Maturity Assessment (CMA) showcasing areas of strength and areas needing improvement.
- Comprehensive Vendor & Supply Chain Audit Reports through the use of automated TPRM principles
Policy Development, Governance & Oversight:
- Develop, implement, and maintain cybersecurity policies, standards, and procedures.
- Ensure compliance with industry regulations and legislative requirements.
- Provide governance and oversight in the implementation of frameworks such as ISO27001, NIST CSF, PCI DSS, CIS top 20 etc..
- Align current documentation with the client organisation's aspired cybersecurity maturity level.
Key Deliverables and Outcomes:
- Creation of policies, standards, and procedures.
- Periodic Compliance Audit Reports
- Detailed Implementation Roadmaps for frameworks like ISO27001 or NIST CSF
Stakeholder Communication
- Inform and educate senior leadership about the client organisation's security posture, risks, threats, and investment profiles.
- Engage and educate stakeholders about cybersecurity best practices, trends, and threats.
- Report to executive leadership on the state of information security.
Key Deliverables and Outcomes:
- Regular Executive Briefings
- Cybersecurity Awareness Programs tailored for stakeholders.
Tactical Support:
- Augment the existing cybersecurity team as needed.
- Provide technical assistance to enhance current systems and procedures.
- Ensure the criticality of the supply chain is observed, triaged, and secured.
- Carry out internal audits to measure the effectiveness and efficiency of cybersecurity controls.
Key Deliverables and Outcomes:
- Enhancement Proposals
- Supply Chain Security Analysis
- Internal Audit Reports
Resilience:
- Stress test the client organisation's ability to react, respond, and recover from adverse cybersecurity events.
- Develop and implement comprehensive disaster recovery and business continuity plans.
- Conduct regular resilience training and drills for staff to ensure preparedness against potential cybersecurity incidents.
Key Deliverables and Outcomes:
- Cybersecurity Stress Test Results
- Disaster Recovery & Business Continuity Plans
Requirements
Experience:
- Leadership Experience: A proven track record in leading and managing cybersecurity projects and functions, with an emphasis on strategy formulation and implementation.
- Risk Management: Experience in identifying, assessing, and mitigating cybersecurity risks across diverse IT and system landscapes.
- Policy Development: Demonstrable experience in creating, implementing, and maintaining cybersecurity policies, standards, and procedures.
- Stakeholder Communication: History of successful engagement with executive leadership and other key stakeholders.
- Tactical Execution: Hands-on experience in areas like system enhancement, supply chain security, and internal auditing.
- Crisis Management: Experience in handling and responding to cybersecurity incidents, with a focus on resilience and business continuity.
- Business Continuity: Design and develop business continuity strategies and operational plans to complement the incident and crisis management practices within a business.
Technical Knowledge:
- Cybersecurity Frameworks: Deep understanding of industry frameworks such as ISO27001, NIST CSF, and PCI DSS.
- Risk Management: Proficiency in risk management frameworks and methodologies.
- Governance & Compliance: Understanding of global and regional cybersecurity regulations and standards.
- Threat Intelligence: Familiarity with threat intelligence platforms and ability to interpret and apply threat data.
- Disaster Recovery: Experience in disaster recovery and business continuity planning.
- Data Protection: Good knowledge of GDPR and other privacy laws in order to supplement the security protections required in a data privacy environment
Preferred Certifications:
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- CRISC (Certified in Risk and Information Systems Control)
- ISO 27001 Lead Auditor/Implementer
- Payment Card Industry Data Security Standard (PCI DSS) Qualified Security Assessor (QSA)
Essential Soft Skills and Interpersonal Qualities:
- Communication Skills
- Strategic Thinking
- Problem Solving
- Adaptability
- Empathy and Listening Skills
- Decision Making
- Negotiation and Conflict Resolution
- Leadership & Team Building
- Time Management & Prioritisation
- Stakeholder Management
- Cultural Awareness
