Address
Form of work
SalaryScope
A Global Real Estate Business.
The Information Security Technical Consultant is a newly created role to support the Group Information Security practice, acting as the Subject Matter Expert in key technology initiatives. The role reflects the critical need for our business to maintain a high standard of Information Security and manage risks and threats to our business operations and brand reputation.
The role holder will oversee the alignment of our Information Security technology standards and good industry practice in the design and deployment of solutions across the project portfolio. It will be expected to assess technical risks and identify control mitigations, responding constructively to manage conflicts and ensure good practice is embedded in the transition of project to operations.
The role will be expected to collaborate with senior business stakeholders, IT leads across the Global Group, the IT supplier eco-system and clients. It reports to the Group Head of Information Security.
Responsibilities
The role acts as a security advisor for major technology change programmes. It will be expected to both input at a technical level and contribute to the design of process and controls. Projects will include:
- HRIS Implementation
- CRM Implementation
- Re-platform of website
- Re-platform of the SIEM and transition of SOC provider
The role will:
Define appropriate and proportionate information requirements across the project portfolio. Will provide subject matter expertise to manage and avoid risk in design, implementation and ongoing operational process.
Develops a detailed understanding of the firm's IT security posture, including the systems responsible for security controls and their alignment to policies and process. Provides guidance on the ongoing development, configuration, and operation of the Information Security service to ensure it adapts to changes in the technology landscape.
Identifies opportunities to increase value from existing Information Security investments, though re-use and extended use of capabilities, whilst ensuring that these recommendations are both sustainable and support the Information Security objectives.
Understands technology trends and the practical application of existing, new and emerging technologies.
Supports the Group Head of Information Security in the development of policies and reporting for the Chief Risk Officer and the Group Executive.
Works collaboratively with the senior stakeholder to understand requirements and influence appropriate practice, with consideration of the firms appetite to risk and the need to ensure change does not erode ISO controls.
Will be expected to assess and articulate Information Security risk in terms of business outcomes, probability and impact.
Team
General Team Responsibilities:
- The candidate will be expected to work without supervision, adhering to a framework of standards and operating procedures.
- The role will be expected to work dynamically, balancing home working with in-office presence as required for the successful delivery of the role.
- The candidate must be a team player and be willing to take on activities outside of the role, as required, to support the Information Security practice
Core Competencies
- Excellent analytical and technical skills
- Good customer focus
- Excellent written and verbal communication skills
- Excellent at problem-solving (analytical thinking)
- Process orientated approach to tasks
- Understanding and knowledge of IT standards and controls
- Ability to balance the long-term (big picture) and short-term implications of individual decisions
Technical Experience
- An excellent understanding of IT security principles and practice, coupled with an ability to analyse emerging risk (techniques and threats)
- Expert knowledge in core technologies, including Microsoft Security Services, Office 365, Azure Identity Management and Workday HRIS
- Demonstrable experience in broader Information Security solutions, including content delivery networks (WAF, DDoS etc), SIEM solutions and email security.
- A thorough understanding of the current general threat landscape and how these threats can be mitigated through the application of technology
- Good understanding of Information Security standards and frameworks (e.g. ISO27001, NIST)
- Experience with working with third party suppliers
Qualifications/Education Required.
- 3 years+ experience working with IT Security products (software or infrastructure)
- Recognised industry qualifications in relevant technologies and security practice is desirable
