Information Security Advisor
Rate - £550 (a day)
Duration - 6 Months (Initially)
Location - Birmingham
IR35 - Outside
Job Purpose
The Information Security Advisor plays a key role in protecting the organization's information assets by providing expert advice, implementing security policies, and ensuring compliance with regulatory requirements. They work closely with IT teams, business units, and external partners to strengthen the company's security posture.
Must have experience with ISO27001 Alignment and have experience with Training & Mentoring.
Key Responsibilities
Security Governance & Compliance
Develop, implement, and maintain information security policies, standards, and procedures.
Ensure compliance with relevant security frameworks (e.g., ISO 27001, NIST, CIS, GDPR).
Conduct security risk assessments and audits to identify vulnerabilities.
Provide security guidance for regulatory and legal compliance initiatives.Risk Management & Incident Response
Assess and manage cybersecurity risks across business functions.
Monitor and respond to security incidents, working with IT and external vendors to remediate threats.
Develop and maintain incident response plans and business continuity strategies.
Conduct security investigations and forensic analysis as required.Technical Security Advisory
Advise on secure system architectures, network security, and endpoint protection.
Support security implementation in IT projects, including cloud security and DevSecOps.
Evaluate and recommend security tools such as firewalls, SIEM, IDS/IPS, and endpoint protection.
Conduct penetration testing and vulnerability management assessments.Security Awareness & Training
Deliver security awareness training to employees to promote best practices.
Communicate security threats and mitigation strategies to non-technical stakeholders.
Act as a security advocate, promoting a culture of security within the organization.Third-Party & Vendor Security Management
Assess third-party security risks and ensure suppliers meet security requirements.
Review and negotiate security clauses in contracts with external partners.
Conduct security due diligence on new technology solutions and vendors.Essential Skills & Qualifications
Technical Skills
Strong understanding of cybersecurity principles, frameworks, and best practices.
Experience with security tools such as SIEM, firewalls, IDS/IPS, and endpoint protection.
Knowledge of cloud security (AWS, Azure, GCP) and DevSecOps practices.
Experience with security risk assessments, penetration testing, and vulnerability management.
Understanding of encryption, access control, and identity management solutions.Soft Skills
Excellent problem-solving and analytical skills.
Strong communication and stakeholder management abilities.
Ability to work independently and as part of a team.
Strong attention to detail and ability to manage multiple priorities.Qualifications & Experience
Bachelor's degree in Cybersecurity, Computer Science, or a related field (or equivalent experience).
Certifications such as CISSP, CISM, CISA, CEH, or equivalent are preferred.
Experience in an advisory or security management role within an enterprise environment.
Knowledge of regulatory and compliance requirements (e.g., GDPR, PCI DSS, HIPAA, SOX)