Information Security Consultant - Cheltenham, United Kingdom - Iress Limited

Description

See yourself being part of a large, transformational change? This could be the role for you

At Iress, we make things happen

We believe technology should help people perform better every day.

Since our beginning in 1993, people across financial services have trusted us to take their performance to the next level.

More than 10,000 businesses and 500,000 people use our software, from the world's most iconic financial services brands to advice firms of all sizes, banks, insurers, investment managers, traders and brokers.

Iress is one of Australia's largest technology companies and employs more than 2,000 people across Australia, The United Kingdom, Africa, Canada, France, New Zealand and Asia.

Build your career at Iress

Ultimately reporting into the Head of Security Governance, Risk & Compliance, this is a key role to support the implementation of the organisation's structured information security audit and improvement programme.

The role requires the individual to work closely with the Head of Security Governance, Risk & Compliance via the Cyber Security Principal and the other members of the Information Security group operating as Cyber Business Partners (CBPs) to support the operation of the Iress ISMS.

They will also be required to work closely with business and technical stakeholders within Iress who have operational responsibility for security activities.

This may be through auditing the controls for which they are responsible, assisting them with the design or implementation of their security controls, or providing targeted security advice and awareness training.

By working with pragmatism and recognition of what the business needs to achieve, this role will drive continuous improvement in the Information Security Team's engagement across the organisation and deliver ongoing and increasing business value from the function.

Some of the awesome things you'll be involved with:

• Promote a business-partner approach to engagement
• ensuring the function collaborates and works with (rather than police) business teams
• Participate and assist in maturing, streamlining, maintenance and embedding of the organisation's Information Security Management System (ISMS)
• ensuring continuous yet pragmatic improvement to the non-IT ("business-facing") elements
• Assist in maintaining the organisation's Information Security Management System (ISMS) artefact library
• Assist in the preparation of information security policies, standards, procedures and guidelines
• Participate and assist in the maintenance of ISO27001 and SOC 2 certifications
• Participate and assist in the risk assessment internal audit programme (RAIA) and its associated processes against critical products and services provided by external suppliers, and support the tracking of remediation findings
• Help to ensure the enterprise risk register is properly maintained and risk mitigation activities are prioritised (based on risk rating) and help to ensure Iress maintains effective awareness and monitoring of information security risks
• Assist in socialising of policy, Data Protection Impact Assessments (DPIAs), client assurance, third party supplier due diligence to all relevant areas of the organisation
• empowering and educating our people to take care of their own obligations
• Support and operate the client assurance program; perform content reviews of FAQ databases, maintain proposal material and other client facing documentation
• Assist in the development of Client Information Packs; participate and assist with Infosec responses to Client RFPs/Bids & DDQs
• Participate and assist in Client-led security audits, assist with scheduling, meeting logistics and follow-up of findings
• Assist other information security team members on direct engagements with internal and external clients on information security matters
• Assist in the running of Information Security Management Forums (ISMF) meetings
• Participate and assist in reviews of Infosec clauses in client contracts
• Participate and assist in the infosec Incident & Breach response process. Liaising with Compliance and other teams (including other Info Sec squads) and helping to coordinate incident activity as required
• Participate and assist in BCP & DR activities across the business based on priorities/risk. Assisting the measuring and reporting on the business' readiness to respond to stated event scenarios

What you will bring:

• Experience in creating client facing collateral and maintaining it to remain relevant for changes in technology and procedures
• Good communication skills and ability to facilitate client facing meetings
• Designing, assessing and implementing effective security control solutions
• Operation, and maintenance of an ISO 27001 certified ISMS
• Performing security audits and/or technical risk assessments of systems and suppliers
• Managing or performing an incident management and/or audit findings program
• Exposure to GRC systems
• Strong understanding of current tren