IA Manager (QSA)- London/Home Based

London (Central)
11 Oct 2016
19 Oct 2016
Contract Type
Our client is a leading information security consultancy who require an Information Assurance Consultant to help lead their advisory division and to ensure the company's services remain of the highest quality. This role will be a client facing role helping them to implement compliance regimes or controls in order to secure their organisations. The company focuses on assisting UK companies from a variety of verticals (Government, Critical National Infrastructure, Finance, Legal, Retail etc.) therefore a vast majority or work takes place in the UK though there is some international travel required in certain instances. The company has a team of 6 Governance, Risk and Compliance consultants who cover a multitude of compliance regimes and control sets such as PCI DSS, ISO 27001, HMG (PSN Code of Connection), CPNI Top20 and their own Cyber Maturity Model. Primary Responsibilities: To lead the Governance, Risk & Compliance Team (GRC) (part of the Advisory Team) and meet delivery targets: • Meet a personal chargeable target of 180 days per year (min) delivering services across client base as needed. • Meet the chargeable days target for the GRC team as agreed with the General Management Team on a monthly and quarterly basis, taking into account the effects of overrun and overtime. • Ensure that all GRC Consultancy Services are delivered to a quality and standard commensurate with the professional quality of consultancy that is expected by our clients. This will include ensuring that accreditation, regulation and legislatively based consultancy is accurate and meets the relevant standards or regulation, but more broadly to ensure that consultants are knowledgeable, diligent and professional in their delivery. Also ensure that our QA processes are in line with our own and our clients' professional expectations, and the stated requirements of our accreditation partners. • Ensure that the GRC team maintains all appropriate accreditations, including timely submission of reports, QA, customer feedback, and re-accreditation documentation to the relevant accreditation bodies. • Ensure that GRC consultants are adequately trained and sufficiently skilled to execute the consultancy work that they are required to complete and that consultants maintain the appropriate formal accreditations over time. • Ensure that GRC consultants maintain the requisite knowledge based, accreditations and CE hours to undertake the role required of them. • Ensure timely delivery of consultancy deliverables to clients. • Interact with clients to ensure the correct scheduling and overall quality of consultancy delivery. • Ensure that consultants keep records and evidence of work as appropriate and in line with accreditation and regulation as needed. • Ensure that consultants follow correct provisions in ensuring the security of customer data, results and reports, including the dissemination of reports. • Undertake appraisals for direct reports and ensure that team appraisals are completed across the consultancy team. • Direct line management of the team members as appropriate. • Work with the Project Management and Resourcing to ensure appropriate allocation of projects to the team, timely delivery and reporting of time. • Own and develop Advisory service definitions and operational definitions in partnership with the CTO and Head of Sales. • Ensure that appropriate pre-sales support is provided to the sales team at all times in terms of GRC services. • Ensure ethics and professional standards of the consultancy team, including time keeping, appearance and conduct onsite. • Maintain an awareness of the information assurance and cyber security market in order to ensure that the company offerings remain current. • Maintain a personal industry profile and promote the company in the industry. • Act in the best interests of the company and its clients at all times. • Actively participate in regular Group management meetings and provide feedback to other group disciplines. Specific Responsibilities: To lead the Governance, Risk & Compliance Team (GRC) (part of the Advisory Team) and meet delivery targets: • Attend weekly back order review meetings with Project Management to ensure efficient project delivery. • Allocate projects to the GRC team as deemed appropriate to ensure timely delivery. • Understand and articulate performance targets for the GRC team. • Monitor sales pipeline to understand upcoming resource requirements. • Day to day management of team members. • Overall responsibility for booking of consultant time and calendar management, using Project Management resource as appropriate. • Stay current with latest developments in marketplace and competitor activities. • Development of new services and maintenance of existing services in partnership with the CTO in line with marketplace requirements and emerging & evolving accreditation • Communicate up-to-date information about new services and enhancements to Head of Sales and CTO. • Work with Head of Sales and specific sales staff as needed to develop sales proposals, quotations, and pricings. • To develop the sales pipeline for GRC consultancy across all disciplines. • Undertake chargeable work for effective customer delivery and to meet target. • Over-seeing annual appraisals of all consultants. Success Criteria/ Objectives: Targets: • Continual improvement of GRC services • Delivery of prompt and high quality consultancy services. • Quarter on quarter achievement of GRC consultancy targets. • Growing the GRC team and increasing targets accordingly. • Working within budget constraints to deliver performance targets • Success and well-being of all Team Members Mandatory Non-Technical Skills: • Detailed understanding of IT Security Governance in SME, mid-corporate and enterprise environments. • Ability to manage multiple complex customers. • Ability to work with other technical providers and organisations. • Ability to present highly technical work in a simple, straight forward, compressed and non-technical manner. • Deep understanding of risk and risk management. • SC Cleared or able to be cleared. Certifications: • PCI DSS Qualified Security Assessor (experience of drafting 10 or more RoCs) • CISSP, CISA or CISM Acumin Consulting is a member of the Red Snapper Group. The Red Snapper Group acts as an employment agency (permanent) and as an employment business (temporary) - a confidential service to candidates. The Red Snapper Recruitment Group is an equal opportunities employer. This job was originally posted as www.cwjobs.co.uk/job/66859608