We have a rare opportunity for an experienced Information Security Consultant to join a large established organization based in Surrey. This is a key role within the company and would suit someone who is looking for a global IT role.
You will be responsible for enabling all companies within the group to comply with security standards, raising employee's awareness of data protection issues, and providing support to companies with regard to managing information related risks.
This will include:
· Working with business and development teams to integrate security into solution/project life cycles and application development (local and offshore).
· Providing operational support to the companies through occasional visits and by assisting local security managers in drawing up their security action plans.
· Acting as regional coordinator: collect information from local companies, track implementation of action plans, create a monthly reporting chart and organise submission to the central Security team and regional managers.
· Helping to deploy the information related risk management programme in the companies, in close cooperation with the business units.
· Relaying the Group security policy to the business units and IT departments of local companies.
· Accompany application security initiative and implement security in Project Development Life Cycle (which includes Software Development Life Cycle).
· Help deploy the Group's risk management method.
· Take the corrective action needed to meet the standards required by security policy, procedures, network architectures and software design.
· Oversee certification and ensure that it is always up-to-date (audits, compliance maintenance, etc.).
· Ensure a seamless response to the needs of business units, IT managers, and local and Group security managers.
Required technical skills:
· Five years' experience in information security.
· Expertise in software development & security, (Secure Development Life Cycle would be desirable).
· Expert knowledge of networks and how to secure them.
· Expertise in analysing and configuring network security: network firewall or L7, IPS, IDS, etc.
· Expertise in data encryption: storage, transfer via a network.
· Expert knowledge of access control mechanisms: authentication, authorisation, etc.
· Ability to audit vulnerabilities and mitigate risks.
· Expertise in managing and protecting systems against threats.
· Knowledge of ISO standards 27001/27002.
· Project Management basic knowledge, familiar with use of Project Management software tools (Microsoft Project will be a plus).
· Knowledge of ISO 9000, ISO 20000 (ITIL) would be a plus.
Language & other skills:
· Excellent communication skills (written and verbal)
· Knowledge of a second language (French) would be a plus
· Autonomous and be able to propose new approaches
· Good written skills in general
· Rigorous, organized and accurate
· Good analysis and synthesis skills