This job is restricted to tax residents of , but we detected your IP as outside of the country. Please only apply if you are a tax resident.
Leading bank seeking an Information Security Consultant responsible for the implementation of policies and processes. The successful candidate will act as a focal point for security issues for the business lines of the bank operating in the UK. The purpose of the job is to analyse and audit system configuration and maintain policies and procedures in order to mitigate information security risks. This includes assessing technical security risks and identifying potential security weaknesses, definition and implementation of security controls and ensuring conformance with global information security policies and standards.
Responsibilities;
Maintaining and assisting with development of the local Information Security Policy and supporting set of policies, ensuring appropriate authorisation, commitment and endorsement from senior IT and business management
Working closely with other Business Line and Central Security functions and personnel
Promoting education and awareness of security at all levels of the UK business
Developing and documenting procedures for operating and maintaining security controls
Assisting with business impact analyses, performing security risk analysis and risk management
Monitoring and managing all security breaches and handling security incidents, taking remedial action to prevent recurrence wherever possible
Participating in security reviews arising from security breaches and instigating remedial actions
Reporting, analysing and reducing the impact and volumes of all security incidents in conjunction with Problem Management
Ensuring that the confidentiality, integrity and availability of the services are maintained at the levels agreed in the SLAs and that they conform to all relevant statutory requirements
Performing security tests
Monitoring and maintaining internal access control procedures
Process improvement and reporting
Reviewing and investigating Event Monitoring reports
Working with IT line managers at all levels to ensure they are enacting their specific security responsibilities.
Ensuring current patch levels and virus protection levels are at the correct levels
Monitoring and reporting internet and external e-mail access and usage
Monitoring and managing the IT Risk management processes
Monitoring and managing IT policies and procedures
Providing advice and guidance on IT matters to 2nd line Risk staff
Monitoring and reviewing IT aspects of the annual IT Control Assessment
As an ideal candidate you will be CISSP/CISM/CRISC qualified. You will also be experience with NIST, COBIT and ISO 27001 frameworks. You will also have 10-15 years Information Security Experience preferably coming from a technical background. Financial services experience is preferable but not essential.