Job function : Security Service
Main location : UK & Ireland-United Kingdom-Lancashire-Manchester
Other Locations : UK & Ireland-United Kingdom-Buckinghamshire-Milton Keynes, UK & Ireland-United Kingdom-Suffolk-Ipswich, UK & Ireland-United Kingdom-Avon-Bristol, UK & Ireland-United Kingdom-London-London, UK & Ireland-United Kingdom-West Midlands-Birmingham
Schedule : Full-time, Permanent
Working pattern : Standard
Your new company
Now a global company operating at the forefront of the information age, employing 90,000 people in 180 countries. And we’re on a mission. Guided by our core values of Personal, Simple and Brilliant our goal is to help customers, communities and businesses overcome barriers and release their potential.
Your new role
Following internal audits, red team or external testing we find security compliance issues that require remediation. Normally these are dealt with as business as usual activities, but on occasion they indicate a more complex underlying issue that requires a longer term or strategic solution. In these cases a project will be created to address the issue and a security consultant allocated. This role applies to these security compliance consultants. Following internal audits, red team or external testing we find security compliance issues that require remediation. Normally these are dealt with as business as usual activities, but on occasion they indicate a more complex underlying issue that requires a longer term or strategic solution. In these cases a project will be created to address the issue and a security consultant allocated. This role applies to these security compliance consultants.
You’ll have the following responsibilities
Strategic Security Compliance Projects:
You will be responsible for the delivery of strategic security compliance projects, addressing a particular deficiency in our security compliance environment. Identifying the reason for the compliance concern and the scope of any remediation work required.
Identifying key stakeholders and SMEs and facilitiating the brainstorming, capturing information and gaining commitment to address issues.
Delivering detailed briefings and reports to stakeholders as required. Distilling and reconciling information and presenting it in a way that can be understood by audiences at different levels.
Development and delivery of project plans
Providing direction and security advice, utalising an appropriate range of specialists as required.
Ensuring that solutions meets defined control objectives, forms part of security compliance environment and follows three lines of defence model.
Working with Technology Compliance, Assurance and Security Programme o deliver the project to agreed timeframes and quality standards.
Responsible for providing oversight of security working groups and providing a forum for discussion and agreement on the direction to be taken in respect of security risks/issues that do not warrant consideration by the Security Council.
Establishing and monitoring working groups, and enuring they are progressing cyber risks/issues
Ensuring risks and issues are captured and tracked to resolution.
Monitoring security initiatives to ensure they align with the overall security objectives.
Ensuring awareness of proposed changes to the group cyber risk, security. policies, standards or control environment.
To ensure that all security mitigation/improvement activities deliver overall risk reduction.
What you’ll need to succeed
The ability to effectively articulate the requirement for a given security compliance project, and the need for security compliance to form part of our operating model.
Have a good knowledge of the security industry in general, and BTâ€™s operations in particular, in order to ensure security controls are balanced, appropriate and in line with industry best practise.
Security Knowledge: To have a good cross section of security knowledge covering:
Security policy, standards, benchmarks and risk assessment framework, including ISO27001, Centre for Internet Security, and Information Security Forum (including preferably IRAM 2 risk assessment methodology).
A sound knowledge of system and network technologies and protocols.
A good technical knowledge of at least one operating system.
A thorough understanding of current security threats, attack and defensive technologies, and associated operational processes.
As a minimum, to be a Certified Information System Security Professional (CISSP) (or equivalent e.g. CISM). Preferably to be a ISO 27001 lead implementer or internal auditor. To be a member of the Institute of Information Security Professionals (IISP) or other professional security body.
A sound knowledge of enterprise risk management
A proven track record in security consultancy in a large and complex, preferably telecommunications, environment. (Mandatory)
What you’ll get in return
Flexible working options available.
25 days annual leave (plus bank holidays)
10% on target bonus
Option to join the Healthcare Cash Plan
Flexible benefits: cycle to work, childcare vouchers, healthcare, etc.
What you need to do now
If you’re interested in this role, click ‘apply now’ to forward an up-to-date copy of your CV, or call us now.
If this job isn’t quite right for you but you are looking for a new position, please contact us for a confidential discussion on your career.
To apply for this job please visit www.cybersecurityjobsite.com.