Senior Information Security Consultant - London, United Kingdom - Gemserv
Description
Senior Information Security Consultant:
Gemserv is an expert provider of professional services, helping clients make the most of a world increasingly driven by data and technology.
We have ambitious plans for the future and are now looking to strengthen our Information Security team by employing a Senior Information Security Consultant.
We are looking for a passionate and driven individual with practical ISO27001 implementation and auditing experience and an understanding of Smart Energy Code (SEC) Section G to join our growing team.
- Location
- London Office (hybrid working)
- Salary Range
- Employment Type
- Permanent
- Contract Basis
- Full time (happy to consider flexible working)
- Travel Commitments
- UK and potential International
- Ref No
- 917
The Role:
Responsibilities:
- Providing expert advice to Users undertaking User Security Assessments (USAs);
- Monitoring the progress of Users who have booked USAs;
- Maintaining and reviewing USA related documentation including the Security Controls Framework, Agreed Interpretations and Decision-Making Principles;
- Undertaking validation of User management responses and Director's Letters;
- Liaising with Users to enable an improved User management response to be provided in advance of the User CIO validation or Security Sub-Committee (SSC) review of Director's Letters where appropriate;
- Briefing the Principal Security Expert on any sensitivities or emerging issues from liaison with Users and / or Shared Resources and providing relevant background and issues to be considered by the SSC.
- Monitoring all security incidents and vulnerabilities reported by Smart Energy Code (SEC) Parties or the DCC and providing an expert assessment of the materiality of the security incident or vulnerability;
- Advising the Principal Security Expert on whether a security incident or vulnerability is material and warrants the mobilization of SMIRT;
- Promptly taking whatever action is directed to undertake analysis of the security incident or vulnerability as required;
- Conducting 'lessons learned' analysis after the resolution of a security incident or vulnerability.
- Undertaking the review of ISO standards, cryptographic standards and best practices as enshrined in the SEC
- Maintain the SEC Security artefacts and, with the approval of the Chair, arrange for regular reviews to ensure that the artefacts are up to date.
- Conduct ad hoc risk assessments of specific risks that may arise from time to time;
- Reviewing user assessment reports and management responses;
- Monitor the threat landscape and advise the SSC of any material changes arising from threats or business impact levels;
- Contribute to procurement exercise for the annual SSC risk assessment where requested by the SSC;
- Provide expert assistance to any external risk assessment commissioned by the SSC.
- Conduct analysis produce papers and presentations; provide advice and make recommendations.
Requirements:
To be successful in the role the post-holder should be able to demonstrate experience in the following areas:
- An understanding and practical working knowledge of Smart Energy Code (SEC) Section G
- Technical knowledge of information security compliance (ISO27001), information management, Smart Metering and IT security arrangements.
- Ability to conduct risk assessments and treatments using a hybrid IS1/IS2 and ISO 27005 requirements.
- Have practical experience in undertaking ISO 27001 internal and external (field) audits.
- Have practical knowledge of the threat landscape in Smart Metering.
- Knowledge of Smart Metering and the energy market would be advantageous
- Preferably, an understanding and working of ISO standards including ISO 27001, ISO 27005, ISO 27035 and ISO2230
- ISO 27001 Lead Auditor / Implementer qualification is essential
- Ideally have an industry qualification such as CISA or CISM
Skills & Qualities:
- Excellent client consulting skills and ability to engage and build relationships with stakeholders at all levels (including Csuite level)
- Able to conceptualise opportunities and develop these through business development activities.
- Ability to explain complex ideas in a concise manner.
- Ability to work independently with little to no supervision.
- Ability to provide expertise and support in operational risk, governance, business continuity, data protection, data leakage and privacy.
- Passion to develop own skills and knowledge in information security and data protection compliance.
- Proactive, 'hands on' starter finisher and results driven individual.
- Highly organised and able to manage and prioritise workload.
- Strong problem solver with high attention to detail.
More jobs from Gemserv
-
Events Coordinator
Birmingham, United Kingdom - 1 week ago
-
Data Protection Consultant
London, United Kingdom - 1 week ago
-
Business Analyst
London, United Kingdom - 1 week ago
-
Senior Energy Networks Consultant
London, United Kingdom - 3 weeks ago
-
Energy Efficiency Policy Specialist
London, United Kingdom - 2 weeks ago
-
Accounts Assistant
London, United Kingdom - 2 weeks ago