Senior Security Consultant
We are currently seeking a Senior Security Consultant to join our team to take responsibility for Information security, risk and asset ownership of the NFUM platform and shared systems that hold NFUM data.
This forms a key role in the day-to-day contact with NFUM from a security perspective of the service delivery of the NFUM and Shared platforms.
In this role, you will be responsible for;
- Ensuring that the Information Assurance levels for the service are maintained at all times across the physical, technical, personnel and procedural aspects of the service delivery. Whilst you will have responsibility for this you may not need to perform all of these functions and some aspects are delivered by the team
- Maintaining awareness of any changes in the standards, compliance and governance that might affect the systems overall Information Assurance levels
- Maintaining awareness requirements for compliance with the NFUM contract for the service
- Ensuring that any new or arising threats to the service are dealt with in a pragmatic and effective way to maintain the existing assurance levels in terms of confidentiality, integrity and availability
- Maintaining an awareness and having evidence of access controls employed in the service at the physical and logical layers
- Ensuring new personnel or 3rd parties are appropriately briefed on the security aspects of the service
- Ensuring that IT Health Checks (ITHC's) are carried out and reports are maintained in a secure manner for audit purposes
- Ensuring that Vulnerability Scans are carried out and reports are maintained in a secure manner for audit purposes
- Be the primary point of contact for NFUM, Secureworks and the Security Analyst onsite for all security incidents
- Act as an escalation point for NFUM and the Security Analyst onsite
- Risk and Asset ownership including:
- Understanding what information is being held , who has access to it and why, in order to properly understand the risks
- Ensuring that assets are inventoried
- Ensuring that assets are appropriately classified and protected
- Defining and periodically review access restrictions and classifications to important assets, taking into account applicable access control policies
- Ensuring proper handling when the asset is deleted or destroyed.
- As a minimum annually review the security plan and update accordingly
- Suggesting improvements in measuring the effectiveness of controls
- Ensuring that Anti-Virus and other malware preventative measures are maintained on the service
- Assessing and advising on security implications for NFUM Change Requests
- Liaising with KCOM Group Standards and Compliance team and the KCOM portfolio team regarding general security improvement requirements
- Reporting any defects of the service that have an impact on the Information Assurance of the service and make recommendations for improvement.
- Processing, analysing & providing monthly reports to Risk and Compliance of the Information Assurance status of the service.
- Owning and maintaining the Corrective/Remediation Action Plan(s) that come out of Security Incidents and ensure actions are remediated in a timely manner
- Take ownership of and be responsible for any remedial actions following a security breach
- Ensuring the resilience of the service through backups, and maintain an effective and tested BCP and DR Plans.
- Ensuring security risk assessments are completed for each individual or group of assets, reviewed at least annually
- Ensuring assets are inventoried, appropriately classified and protected and risk assessed
- Maintaining a log of all security related matters in a secure manner
- Maintaining the Security Plan for the service to ensure it reflects the most up-to-date security control measures and processes
- Being responsible for ensuring that any patches are applied in accordance with the Vulnerability and patch management process
To be successful in your application you will be required to be articulate, technically aware from a security point of view and able to converse with NFUM security personnel as well as business owners, stakeholders and the TSO Security Team.
More specifically, you will have the following;
- CISSP Certification combined with either a CISM or a CISSP-ISSMP Certification
- Experience of Unified Communication systems
- Experience in working with SIEM systems
- Experience in security systems architecture and design (SABSA)
- Experience in security systems analysis and forensics
- Experience in working with outputs of vulnerability scans
- Experience in security testing processes and procedures
- Proven experience in security risk management
- Strong problem management and incident response skills
- Strong documentation skills
- Excellent interpersonal and communication skills
- Excellent report writing skills
- Excellent understanding of incident, problem and change management principles