Application Security Consultant

Senior Application Security Consultant
5 Months
£ per day (Inside IR35)
1-2 days per week on site in London

The Application Security Consultant will support the increasing demand for Information Security skills across Group Functions. With an ability to review existing applications and also engage on new services being offered, this role is critical to advising on how we embed security into our business operations.
This role will also play a key role in realising our Security Improvement programme across a number of our business areas and will require effective communication with a wide range of colleagues both technical and non-technical.

Principal accountabilities:
1. Security Design - Ensure projects consider security in the design by setting security needs and requirements to ensure alignment to L&G Security Policies and Standards, participating in Technology or Supplier selection as a security SME and applying threat and initial risk assessment approaches to select appropriate controls. Work with the Group wide Security Improvement Programme to ensure Group Functions services align with current Security requirements.
2. Security Assessment - Review the design of in-flight or existing services to conduct risk assessments, identify and articulate security gaps against L&G Security Policies and Standards. For gaps identify the related risks and potential options for management - articulate options to system or business owners.
3. Security Advice and Guidance - Be a source of expert Information Security advice, both to projects (i.e. consulting with architects or developers) and in an ad-hoc manner (responding to user queries) working closely with key stakeholders and business leaders to ensure security issues are understood and reviewing existing systems and services to prioritise security improvement activities.
4 Security Advocacy - Represent the Group Functions Security team to senior business stakeholders. Identify areas where the Security team, and wider IT team, can add additional benefit and support business ambitions
5 Security Representation - Represent the Group Functions IT team in interactions with the wider L&G Group and Security Improvement project, such as sitting on Steering Groups or Customer Engagement Workshops and ensure Group Functions interests are input and requests for input are passed to the correct teams
6. Security Maturity - Actively work to improve the Group Functions IT Security Maturity and Capability. Suggest enhancements to processes, update or establish procedures where required.
7. Treating Customers Fairly (TCF) - Ensure that all customers/stakeholders are treated fairly in line with Legal & General's principles on Customer Experience, Employee Engagement, Continuous Improvement and TCF policy.

Qualifications-
Appropriate security qualifications and memberships (e.g. CISSP, etc.) are desirable, but not essential or demonstrable equivalent experience.

Knowledge-
Information Security broadly, knowledge of Access Control security, transportation security, secure architecture principles, cryptography and operational controls (such as back-ups, resilient design, anti-virus) are essential
* Knowledge of Threat modelling, control frameworks and Risk assessment techniques (such as ISOx, COBIT, COSO, ITIL and NIST Cyber Security Framework) is desirable
* Knowledge of Cloud Security practices is desirable

Experience in the following areas would be beneficial-
* Security Design in projects (setting requirements, reviewing architecture)
* Risk assessment and control selection
* Critical review of products / vendors from a security perspective
* Experience of communicating to senior stakeholders in straightforward terms
* Dealing with ad-hoc user queries, where the role holder may not be an SME, and providing guidance in line with Security principles and seeking support from colleagues