Senior Information Security Consultant

Via Resource
London (South)
Up to £62,000 per annum Plus Bonus & Benefits
13 Oct 2016
21 Oct 2016
Contract Type
Our client, a well known organisation within the UK, are looking for a Senior Information Security Consultant to help ensure that IT projects are delivered securely, protecting client and employee data. Duties & Responsibilities of the Senior Information Security Consultant · Manage project lifecycles end to end providing Information Security subject matter expertise · Taking ownership of security solutions, ensuring compliance with Information Security policies and standards · Manage external resources to ensure that penetration testing is carried out to a suitable standard on time and within budget · Scope and manage Penetration Testing including the production of a plan to remediate vulnerabilities identified during any tests in a timely manner · Working with development teams ensuring SDLC · Responsible for ensuring that any vulnerabilities identified are processed in accordance with the latest Information Security Risk Management process including; risk analysis, identifying and applying appropriate controls, recording, reviewing and approval · Assess the current technology infrastructure to identify information security and compliance risk areas and recommend controls to address those risks · Undertake technical delivery of security aspects of solutions · Review architectural and design documents from a security standpoint · Define security non-functional requirements · Conduct information security supplier assurance reviews in accordance with Sainsbury's 3 rd Party assurance process · Carry out PCI assessments on projects where necessary · Escalate security when necessary Desired Skills & Experience of the Senior Information Security Consultant · Strong risk management knowledge and experience · Experience providing security consultancy throughout whole project lifecycles · Experience managing penetration tests · Understanding of architecture principles and frameworks · Broad knowledge and understanding of IT concepts · Knowledge of OWASP vulnerabilities, tools and methodologies · Knowledge of security compliance standards such as ISO27001 & PCI DSS · Extensive knowledge of “good” security practice · CISSP, CISM, CRISC etc are desirable This job was originally posted as