Address
Form of workInformation Security Risk Advisor
Edinburgh - Mainly Remote
£595p/d - Outside IR35
12 Months
Fantastic new outside IR35 contract opportunity for an experienced Information Security Risk Advisor with a strong background within Information Security governance, risk and compliance for this public sector client based in Edinburgh.
As an experienced Senior Security and Information Risk Advisor (SIRA) you will provide expertise to teams for risk identification, analysis, evaluation, and treatment and develop, operate, maintain, and improve the organisation's ISMS. You will be responsible for providing technical Information Security expertise to projects and services to ensure compliance with policies, processes, applicable legislation and regulation, and relative international standards.
Key Responsibilities:
- Formulate strong relationships between the Information Security and Risk function and business teams:
- Promote Information Security and Risk Services offered.
- Conduct technical assurance activities of systems, services, and products.
- Provide advice, guidance, and facilitation of Information Security processes.
- Assist stakeholders in understanding and fulfilling their Information Security roles and responsibilities.
- Communicate the requirements of Information Security Policies and Standards, to ensure that teams and colleagues are able comply with their requirements and ensure that protective measures for information assets are adequate.
- Discuss potential opportunities for improvement to Information Security policies, processes or controls with teams and record the proposed improvements in the ISMS Tooling for management analysis.
- Undertake internal audit/assurance activities to observe and evaluate ISMS processes and Security Controls and provide internal stakeholders with reports that outline findings and areas for improvement of compliance.
- Contribute towards the development of Information Security and Risk policies, standards, and processes, including the maintenance of operating procedures and ensure appropriate ISMS document control is applied.
- Deliver education and awareness sessions to technical and non-technical teams to enhance Information Security and risk knowledge and confidence. Support internal stakeholders during independent audits through prior preparation of ISMS artefacts and records to be available upon request by the auditor.
Skills Required:
- A proven contracting background gained within Information Security Risk and a strong background within Information Security Governance, Risk and Compliance.
- A strong background gained within the public sector / government environments.
- The candidate will have knowledge including (but not limited to):
- Identification, assessment, and management of risk
- Security assurance and the measurement of controls
- Creation of ISMS and IT Security documentation (Policies, Standards, Processes, Procedures and Patterns)
- Internal and Third-Party Audits
- Risk and threat modelling
- Compliance and Assurance Activities
- Business process analysis and mapping (to determine alignment against agreed industry practice and recognised control frameworks)
- The candidate will hold the following certifications/qualifications or equivalent:
- Certified Information Systems Security Professional (CISSP)
- Certified ISO 27001 Lead Implementer/Auditor of Management Systems (including Information Security and Business Continuity)
For any further queries regarding the role, please contact Danny Palmer at
