About the job
What you'll be doing:
* Using your background in Risk & Compliance, you will help our clients:
* Assess and test the effectiveness of security controls, and document the compliance levels to identify risks and control gaps.
* Understand the Security regulatory landscape affecting UK & EU business and IT areas.
* Evaluate security risks against either client risk models or well-known risk & control frameworks such as the ISO31000 series, NIST, ISO270xx series, ISF, CIS, UK CAF, etc.
* Develop and review security risk models, standards, procedures, and controls to manage client risks.
* Improve security risk posture through defining a process of improvements, leveraging Risk & Compliance platforms, policy, automation, and the continuous evolution of capabilities.
* Ensure that required and expected security controls are in place and functioning as intended.
* Recommend tooling and process improvements and develop reporting metrics, dashboards, and evidence artifacts.
* Document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities.
What experience you'll need:
It starts with amazing people, challenging projects, and a work environment that supports the creation of tangible solutions that make an impact. You will need to have broad experience in security risk management and evidence of experience in a number of the following fields of expertise:
* Demonstrate in-depth knowledge of risk assessment and risk management methodologies and/or frameworks.
* Experience in applying and using qualitative/quantitative risk and/or threat-based risk models.
* Knowledge of UK/EU information security management, governance, and compliance principles, practices, laws, rules, and regulations.
* Experience in implementing and/or operating one or more Security Risk Management, Compliance, or Data Protection technology platforms.
* Experience in implementing and operating one or more of the following:
o ISO 27001 compliant ISMS
o PCI DSS/SOX compliance
o UK NCSC CAF compliance
o UK or EU GDPR/UK Data Protection compliance
o NIS/NIS2, DORA compliance
o UK Operational Resilience/TSA(R) compliance
o UK CNI/OT/IIOT compliance
o Cyber and Cloud Security standards & frameworks, supporting architecture, design, operations, controls, technology, solutions, and service orchestration.
* Core knowledge of Information Technology systems and processes, network infrastructure, data architecture, data processes, and protocols.
* Information systems auditing, monitoring, controlling, and assessment processes.
* Knowledge of incident response management.
* Outstanding English verbal communication skills with the ability to explain things in a clear and non-technical way.
* Excellent English writing skills for technical documents and improving processes (such as policies and reports).
* The ability to explain complex topics to a diverse range of audiences.
* Strong attention to detail and the ability to deliver high-quality work.
* A valid right to work in the UK.
* Have held UK SC clearance or be eligible for obtaining UK SC clearance.
* A relevant and recognized professional Security/Risk/Compliance certification supporting the role, such as CISSP, PCI ISA, ISO 27001 ISMS Lead Implementer, CRISC, etc.
GCS is acting as an Employment Agency in relation to this vacancy.
#J-18808-Ljbffr