Senior Cyber Security Consultant

Senior Cyber Security Consultant – Defence

There is an increasing demand in the projects we are undertaking for Information Assurance and Security Consultants, we are looking to grow our team to meet this. The role will suit experienced qualified professionals who are looking to take their career to the next level and provide real benefit to clients that make use of cutting-edge technology. In return, we offer a challenging and rewarding role, career development, an empowered and supportive working environment with a competitive reward package.

Based out of the main office in Bristol, (although hybrid working allows us to be flexible in your location), projects are likely to involve working on client sites in the locality of our offices, but with some travel requiring overnight stay.

Your Purpose

You will be a knowledgeable, enthusiastic and conscientious individual who has the relevant Information Assurance and Security qualifications. You will work on a range of exciting client facing projects, large and small, but will also be expected to contribute to winning new business and managing delivery. To be successful in this role you need to have the ability to work on multiple projects and with many stakeholders concurrently. Your key responsibilities will encompass the following:

• Provide Cyber Security advice and guidance for clients in ‘business as usual’, technical refresh and new project environments.
• Be able to apply technical security knowledge, with creative and innovative thinking in a broad range of complex and non-routine contexts.
• Identify and establish good security governance to meet client business requirements.
• Use knowledge of Defence security policy and process to enable successful security outcomes of managed systems.
• Conduct and manage security assurance activities of Defence systems, ensuring compliance with Defence, corporate or regulatory requirements and secure use in operational environments. Perform Cyber Security risk assessments, determining the most cost-effective deployment of security controls and solutions in line with business risk appetite, protecting information assets from loss misuse, leakage, or corruption.
• Create, update or review security related artefacts and policies, such as RMADS, Security Cases, Security Aspects Letters, SyOPs etc.
• Build successful working relationships with team members, key customers and stakeholders that improves the value of the security services we deliver. Mentor others within the security team in a technical and consultancy capacity.
• Assist in growth by identifying new information security service business opportunities.
• Identify obstacles to delivery and develop new processes or innovative ways to resolve.

Essential-

What you can bring:

• Experience of delivering technical Cyber Security consultancy in multi-disciplined environments.
• Experience of Information Assurance, and developing Information Security Management Systems (ISMS), including risk assessments/management and the deployment of appropriate controls.
• An excellent communicator, verbal (active listener) and written (able to write concisely).
• Ability to articulate and pitch Cyber Security advice both at a technical and non-technical level, directly to key customer stakeholders and the ability to work on multiple projects and tasks concurrently, successfully balancing business and client priorities.
• Ability to provide high-quality work under pressure that delivers security outcomes to tight deadlines and manage client stakeholder expectations and the ability to work both effectively individually and within a team in a multi-discipline environment and in a matrix organisation.
• A wide awareness of Cyber Security across Government and Industry to include HMG Information, Assurance Policies, Standards and Guidelines, including the Security Policy Framework, the CESG IA Portfolio and MoD JSPs such as JSP440, JSP604/JSP453 (plus other standard MoD IA methods). Certifications such as ISO27000, NIST Cyber Security Professional, CISMP etc.
• Flexibility over UK, and potentially overseas travel.

Desirable-

• Certified Information Systems Security Professional (CISSP)/ Certified Information Security Manager (CISM) or equivalent. Associate/Full Membership of recognised security professional body such as the Institute of Information Security Professionals (IISP), IS2, BCS, CIISEC.
• NCSC Certified Cyber Professional/ CESG CCP (Security and Information Risk Advisor or Security Architect). Understanding of ‘Secure by Design’ methodology and NIST 800-37 Risk Management Framework.
• A keen interest in the latest technology with a focus on security technologies. Ambition to work in a challenging and rewarding role that provides real benefit to clients. An interest in maintaining and enhancing technical and consultancy skills and an experience within programme and project environments.