CYBER SECURITY ADVISORY LEAD

• 6 MONTH CONTRACT WITH HIGH LIKELIHOOD OF EXTENSION
• REMOTE WITH OCCASIONAL TRAVEL TO LONDON ONCE OR TWICE A MONTH
• INSIDE IR35
• £600-£700 PER DAY
• ASAP START

Cyber Security Advisory Lead is responsible for providing IT Security guidance and assurance to the business for all IT related projects.  They bridge the gap between the business area CIOs and IT Security, performing security control assessments, risk assessments, drafting exceptions, inputting into supplier selection and supporting project stage approval. The role requires someone who has experience of conducting cyber assurance and a wealth of experience on various security projects within IT working within a fast-moving, agile group.

Principal accountabilities

• Follow Cyber Security Advisory processes; working with project teams to conduct and document risk and control assessments, utilising industry standard frameworks

• Socialise risks or gaps identified in the security assessments to project teams and relevant business areas, define remediation plans and track progress of remediation

• Work with project delivery teams and Cyber Threat and Vulnerability teams to deploy software composition tools and develop vulnerability remediation plans and timeframes

• Support the Penetration Testing Manager to source and scope penetration test or IT Heath Checks, review results and create risk treatment plans based on findings

• Apply knowledge of Security best practice whilst reviewing project documentation to match business requirements, employ a consistent engagement approach for all projects/programmes

• Be an enabler for the business objectives, rather than an obstruction, build lasting relationships with the Project and Programme

• Act as a Subject Matter Expert delivering security services within the project lifecycle and procurements

• Work collaboratively with project teams, across portfolios to understand the business objectives and ensure that security principals & secure architectural patterns are built in by design
• Provide standard and bespoke security design advice to projects across infrastructure, operating systems and applications

• Review existing and proposed architectures, identify security design gaps, work with developers and provide guidance on secure coding and industry best practice (OWASP)

ONE OR MORE OF THE FOLLOWING CERTIFICATES IS PREFERRED

• Degree in computer science, information systems, cyber security, or related field.
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP) / other Cloud Security certification

SKILLS

• Prior experience in information security is essential
• Prior work experience in delivery, managing and quality assuring information security solutions
• Experience in managing complex stakeholder relationships
• Excellent self-motivation, communication and influencing skills.
• Proven experience in working in a team of professional staff immersed in a large complex organisation
• Interpersonal and influencing skills, together with a personal credibility, which gains the trust and respect of the wider security community, as well as with people within the Post Office
• The ability to assimilate a wide range of information, make practical judgments and take appropriate decisions based on that data
• Ability to share knowledge with colleagues to the overall benefit of the department
• Ability to cope with pressure, maintaining performance when under stress, and managing time effectively through the application of organisation and planning skills

SOFT SKILLS

• Demonstrates Post Office values and champions customer-centric thinking
• Lead high-performance teams, proven ability to coach and mentor
• High level of initiative, dependability and ability to work with little supervision while being resilient to change
• Growth mind-set that drives learning, motivation, and achievement
• Experience with senior stakeholder engagement and relationship building
• Excellent communication skills, with the ability to effectively simplify complex ideas for colleagues and business stakeholders at all levels ranging from board members to technical specialists
• Experience with delivering real solutions, demonstrating leadership, and influencing across shaping, design and supporting activities
• Ability to pragmatically balance the need for high levels of security with the demands of delivery at pace
• Excellent collaborator within internal business units, delivery teams and across project teams / external partners/vendors

TECHNICAL SKILLS

• 5+ years of experience in cyber security, with at least 2 years in large enterprises
• Experience in using industry recognised security standards, frameworks and regulatory requirements such as NIST CSF / RMF / 800-53, IRAM2, CSA CSM / STAR, PCI DSS, NCSC CAF, ISO.
• Proven track record of managing cybersecurity risks and designing risk mitigation strategies.