Please answer the following questions in order to process your application.
Select your working status in the UK *
File Attachments:
(2MB file maximum. doc, docx, pdf, rtf or txt files only)
* denotes required field
Additional Information:
Availability/Notice
Hourly Rate GBP
Approximately how far are you willing to travel to work (in miles) ?
Key Privacy Information
When you apply for a job, JobServe will collect the information you provide in the application and disclose it to the advertiser of the job.
If the advertiser wishes to contact you they have agreed to use your information following data protection law.
JobServe will keep a copy of the application for 90 days.
More information about our Privacy Policy.
Job Details
Information Risk Consultant (Contract)
Location: Hybrid - WFH/London 2 days a week Country: UK Rate: £550 per day - Inside IR35
Information Risk Consultant required for market leading financial services firm. The role will be focused on maturing their annual risk management cycle to enhance their risk level tolerance and to ensure more regularity. You will look at risk over the year, controls, incidents, and progress on projects, and convey risk level to stakeholders. We are looing for a consultant who is familiar with FAIR risk methodology experience. The client are also looking to change their Data Classification framework. They need to define the governance and build up the framework. So, we are looking for a consultant who can also act as a representative whilst doing this transformation.
The role will focus on the Data Classification process that identified the most precious resources for the Business and include the following:
Responsibilities:
- Prepare and perform the Data Classification exercise across all Lines of Business with various stakeholders up to C-Level
- Produce documentation for the wider company audience to explain and better guide staff in selecting the best data classification labels for their information
- Collect the up-to-date information from Business regarding their most valuable data and its use on a yearly basis (at minimum) and support the business in evaluating the most appropriate classification
- Maintain a proper audit track on signoffs provided by the Business, Information Security and the Data Privacy Office regarding Data Classification topics
- Act as intermediary with the IS Project Reviewer to be able to evaluate the most appropriate Data Classification level for new data
- Monitor the applied Information Security labels and track non-compliance with the Data Classification register
- Manage and maintain the Data Classification register, a consistent record of the most valuable data in the organisation, their owner, their classification, and their location
- Act as a champion for Information Security when dealing with areas of the business, providing assistance with the raising of information risks and explaining current policy as required
- Maintain close working relationships with appropriate teams across and outside of Information Security.
Experience
- Master's degree in Computer Science, Engineering, or related field with a minimum of 5 years of professional experience in Risk Management (Required) and/or Information Security (Preferred)
- Expert in synthesizing and clearly communicating complex information to all audiences up to C-Level leaders (Required)
- Experience in articulating risks in business language and advising on the appropriate risk management action (Required)
- Experience in Data Classification, process discovery or Business Impact Assessment (Required)
- Excellent attention to detail and the ability to create clear, concise and engaging presentations breaking down difficult problems (Required)
- Expert analytical and reporting skills (Required)
- Excellent interpersonal and collaborative skills (Required)
- Expert in Microsoft Office (Word, Excel, PowerPoint, SharePoint) (Required)
- Experience in multinational companies (Required)
- Strong knowledge of Risk management (Required)
- Strong knowledge of Risk management frameworks (ISO 3100X, NIST 800-30/37/39, ENISA, EBIOS, OCTAVE, FAIR) (Required)
- Strong knowledge of Information Security frameworks (Mitre ATT&CK, NIST, ISO 2700X ) (Preferred)
- Experience in information security management reporting and related methodologies (Preferred)
- Information Security and/or Information Technology industry certification (CISSP, CISM, or equivalent) (Preferred)
Posted Date: 01 May 2024
Reference: JSJEM/41407
Employment Business: Barclay Simpson Recruitment
Contact: Jeff Mayger