Information Security Consultant - Gloucester, United Kingdom - Capita

Capita

Verified Company

Gloucester, United Kingdom

3 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

Information Security Consultant

We have a fantastic opportunity for you to secure a 9-month contract as an Information Security Consultant with our client in Gloucester to provide support to the Nuclear Generation Team.

What will you be doing?

To actively provide security governance, oversight, and assurance for assigned projects, meeting the requirements of the information security policies and advising on current industry standards, guidance and good practice.

The consultant will be responsiblefor ensuring data and systems are adequately protected whilst being compliant with legislation and regulation.

There is a requirement to support the Information Security team in activities to implement the NG Information Security Management System (ISMS).Due to the nature of the position SC level clearance is a requirement or must be achievable.

Responsibilities include:
Prioritise, create and agree security risk assessments in support and behalf of systems owners and projects

Communicate information security matters with senior stakeholders throughout the organisation Implement a cohesive communication plan to improve understanding of ISMS and risk management focused on business and system owners and other supportingteams.

Collate, clarify and classify assets in preparation of risk assessments. This may require travel to asset locations to verify asset details and interconnections.
Ensure assessments are carried out by using a consistent process.
Engage with the ISMS working group and stakeholders, including the presentation of risk assessments and recommendations.
Provide sound understanding of technical issues in responsibility to systems owners.
Provide - when required - process, procedure, and security policy guidance along with interpretation for Nuclear Generation staff.

To manage security related requests and changes.

What are we looking for?
Experience of working as part of a team and in actively contributing to overall team deliverables.
A strong communicator with the ability to influence people.
Experience in Information Security and related technologies.

Experience of conducting security risk assessments, audit and assurance activities including the use of risk assessment methodologies - ideally ISO 27005.

Experience of ISO27001 and working with an Information Security Management System - ISMS.
Experience of leading Process Improvement in Information Security Risk Management
Ideally have experience of working in accredited environments.
Implementation of controls, risk mitigation and management.
Ideally understand 'Operational Technology' within a highly regulated industry, preferably the nuclear industry.
Ability to build relationships with the other IT & OT functions and their business representatives.

Ability to work on their own initiative, with mínimal supervision and meet demanding milestones as part of a small security team.

Experience of balancing provision of IT/OT security controls that adequately protect data and systems.
Current knowledge of the IT threat environment, threat actors and the impact of these on system security.
Can demonstrate the ability to take responsibility and make sound decisions on security related issues.
Trustworthy with high standards of personal integrity.
Possession of professional certifications and membership in professional associations is highly desirable (e.g. CISSP, ISO27000 certification, CISM, CEH, NCSC, CCP).
Background in the workings of an IT organisation - e.g. computer operations, operation analysis, system programming, networking, and database administration.
Holds, or is able to obtain, SC clearance