Security Risk Consultant
Performing security threat assessments, risk analysis audits, policy gap analyses and data leakage surveys for established blue-chip clients. The Consultant must have sufficient experience and skills in methodology security policy (network and user) compliance auditing. The Consultant will be responsible for assisting clients in identifying technological and operation security threats and associated risks to their networks as well as recommending remedial measures. Additionally, the Consultant shall be responsible for conducting gap analyses for clients against established security policies, legislation, regulation and standards.
- Conducting client information security threat and risk assessments
- Conducting governance, risk & compliance (i.e. PCI, DPA & ISO) audits
- Conducting 3rd party supplier and supply chain risk assessments
- Writing information security policies and procedures
- Delivery of information security awareness programs and briefings
- Design and delivery of social engineering programs / attacks
- Assisting clients with information security risk management issues
- Assist and support Risk Factory with design and implementation of operation security program
- Other tasks as assigned.
- ISO-27001 Requirements
- PCI DSS Requirements
- U.K. Data Protection Act
- Data Leakage Auditing
- COBRA and current risk management tools
- Work under pressure, meeting deadlines.
- Remedial recommendations
- Report writing & client presentations
- Security policy compliance auditing experience
- ISO, PCI & DPA control frameworks
- Security threat assessments & risk analyses methodology experience
- Operational policies, standards and procedures auditing
- Communication, training, briefings and instructor
- Strong written and verbal communication skills
Education, Training & Experience:
- Minimum Five years' risk assessment / management framework tools
- Minimum Five years' experience managing client projects.
- Minimum Five years' information consulting experience.