Description IT Security Specialist / Consultant Role purpose The Security Consultant is a key player in ensuring the security and integrity of our GKN Automotives technical estate. They are responsible for the design, implementation, and management of security measures to protect information assets, as well as IT and OT infrastructure. As a subject matter expert (SME), they will have deep technical knowledge and provides critical support and assurance throughout the project lifecycle, from initial engagement to post-implementation review. They also contribute to Business As Usual (BAU) processes, including change management and software request evaluations. The Security Consultant identifies potential risks, devises strategies to mitigate them, and ensures adherence to industry standards and regulations. Collaborating closely with various teams, they embed robust security practices into both technology and business operations, safeguarding the organisations against evolving threats. Key responsibilities Project assurance: As the security assurance SME, they will lead the integration of security into projects. Provide expert guidance to project teams and business stakeholders, ensuring the development of secure solutions that align with security policy, best practise, and enables business objectives. Security Design: Develop, implement, and maintain security designs to protect the organization’s information assets. Design and oversee the deployment of secure solutions across various platforms, ensuring their integration into the enterprise design. Risk assessment and management : Conduct comprehensive security assessments to identify vulnerabilities and threats. Develop and implement effective risk mitigation strategies and plans. Stay informed about the latest cybersecurity threats and update the organization’s defenses accordingly. Policy and compliance: Ensure the organization’s compliance with relevant regulations, standards, and best practices (e.g. TISAX, ISO 27001, NIST, GDPR). Ability to collate evidence and represent artefacts to external auditors. Technical oversight and guidance: Provide technical expertise and guidance on security architecture and best practices to IT, cross functional teams and business stakeholders. Review and approve security configurations and changes to the IT and OT infrastructure. Support incident management activities. Collaboration and communication: Collaborate with IT, development, and business teams to integrate security into all aspects of the organisation’s operations. Communicate security risks, incidents, and recommendations to senior management and stakeholders. Continuous improvement: Stay current with emerging security trends, technologies, and best practices. Continuously evaluate and enhance the organisation’s security posture. Participate in industry forums and professional groups to share knowledge and stay informed about the latest developments in cybersecurity. Skills Deep understanding of security principles and practices in projects. Extensive experience and technical depth in either network, application or system security controls in their design and the risks they mitigate. Experience with data centre transformation programmes and ERP platforms and transformation programmes. Proficiency in security technologies and tools such as cloud technologies, security technologies, firewalls, IDS/IPS, SIEM, DLP, and encryption. Understanding of cloud infrastructure e.g., AWS, Azure, etc. Strong analytical and problem-solving skills. Excellent communication and interpersonal skills. Ability to work effectively in a collaborative team environment. Strong project management skills. Knowledge of regulations and compliance requirements and security frameworks (e.g., TISAX, ISO27001, NIST, CIS, GDPR). Experience in the automotive industry is advantageous. Education Degree or Equivalent Level Relevant certifications such as CISSP, CISM, are highly desirable. Experience At least 5-7 years of experience in information security, with a focus on security design and supporting projects/programmes as the security technical authority. Proven experience in conducting risk assessments and developing security policies. Experience in managing and implementing security technologies and solutions. Demonstrated ability to communicate security concepts and risks to both technical and non-technical audiences.