Strategic Ciso Consultant - Leamington Spa, United Kingdom - LRQA group

LRQA group
LRQA group
Verified Company
Leamington Spa, United Kingdom

2 weeks ago

Tom O´Connor

Posted by:

Tom O´Connor

beBee Recruiter
Description

About Nettitude
Nettitude is an LRQA Company. We've been around since 2003 and our focus has always been on excellence in cyber security.

We have teams that offer world class services in red teaming, penetration testing, threat intelligence, research and development, detection and response, governance, risk, and compliance, and plenty more.

Our business is global and so are our clients. We work closely with central banks, central and local government, critical national infrastructure, large retailers, and plenty more besides

We're an award winning provider of cyber security services and we're are at a very exciting stage of development.

We are looking for the right people to join us as we embrace the challenges thrown up by the advancements within the IT industry and within the threats faced.

Nettitude will be at the forefront of this arena and we want to seek the right people to join the team and make it happen.


Role definition


The role of the strategic CISO is primarily characterised as contributions at a senior or board level, helping to advise and set direction.

Strategic CISO services do not tend to include tactical tasks, i.e., those characterised as contributions at an individual contributor level, such as delivering awareness training, writing policies, and conducting internal audits.

However, with this said, the knowledge and experience of the strategic CISO Consultant means that there will be a dependence on ensuring that the tactical work is completed and may involve times where the tactical work is done by the strategic CISO consultant.


The role

Location
This role is remote. We can support working from across the UK. All applicants will require residence in the UK.


What you'll be doing in your role:

Information and Cyber Security strategic delivery;

  • Leading and managing the security reviews against standards or guidelines such as the NCSC 10 Steps to Cyber Security, NIST CSF, CIS controls as part of a security improvement program
  • Performing gap analyses, providing strategic and tactic recommendations as part of CISO onboarding and strategic planning
  • Helping our clients to implement Information Security Management Systems, and achieve and maintain security certifications (e.g.,ISO27001) and regulatory compliance
  • Conducting risk assessments at a strategic, tactical and operational level and providing risk models to highlight corrective actions
  • Ensure that information and Cyber Security risks are presented / identified and managed appropriately using feeds from assessment, threat intelligence and vulnerabilities found
  • Technical understanding of threats and vulnerabilities from SOC outputs and being able to implement a vulnerability management program
  • Creating thirdparty risk management and audit programmes for clients and build necessary risk models
  • Providing Technical Design Authority to client improvements at the technical level
  • Direct, and assist as appropriate in cyber investigations, breaches and provide leadership as to effective resolution
  • Oversee vulnerability management programs within a client environment such as penetration testing, vulnerability assessments and red teaming

Leadership and people management;

  • Leading CISO, interim CISO and CISO support engagements on behalf of Nettitude
  • Develop / lead an effective, highperformance Information Security function / team across multiple disciplines to deliver projects
  • Establish and maintain clear and measurable Information and Cyber Security strategic plans / budgets for client engagements
  • Ensure that the culture, policies, structures, and reporting systems are in place for legal and regulatory, compliance and corporate governance within the client engagement
  • Provide advice and direction to client leadership teams and risk committee on suggested 'next steps' and end goal expectations
  • Providing board level briefings on status and future planning (aka Horizon mapping)
  • Represent the client(s) on internal and external groups / boards / institutions.

Key Skills:


Personal Competencies:


  • Degree level education which is relevant to the role
  • Senior level consultancy and/or internal experience in leading and managing a cyber security function within a business or a client facing environment
  • Demonstrable experience in risk management assessment, treatment, and remediation
  • Innovative and creative thinker ability to think on the spot and provide solutions
  • Be able to deliver difficult messages whilst showing empathy and be able to provide a solution
  • Willingness to "roll up your sleeves" and get involved and take responsibility for ensuring we always exceed client expectation

Business Experience credentials

  • CISSP/CISM (or equivalent) certification is preferable but not a prerequisite
  • Representation in regular information security governance forums, working groups or change advisory boards to advise and guide on information security re
More jobs from LRQA group
See all jobs of LRQA group