Cyber Security Consultant

The Security Consultant works within the Security Risk and Governance team and is responsible for working with project teams, including architects, analysts, technical designers, programme managers and business users to ensure that projects are delivered securely, protecting customer, company and employee data and ensuring compliance with the Information Security policies and standards.

Responsibilities:

1. Provide end to end engagement on a wide range of business projects ensuring that security is built in and customer, company and employee data is protected
2. Attend project meetings and represent Information Security, providing direction as required
3. Review and consult on IT / Business change documentation including Business Requirements, Design Documents, Detailed Designs, Network Diagrams, etc
4. Provide the relevant people, process and technology requirements to ensure projects deliver secure solutions
5. Ensure that relevant security policies and standards are applied to specific projects by adopting a hands-on approach where needed
6. Articulate risk in technical and non-technical terminology so that it can be interpreted by Information Technology and business teams
7. Scope, arrange and support penetration testing and vulnerability testing and track remediation to a close
8. Carry out Information Security impact assessments to meet Policies, NIS D obligations and GDPR requirements on projects where appropriate
9. Contribute and to and review security elements in supplier contracts
10. Undertaking any other requirements as outlined by the line manager

Internal

• CISO
• Security Architecture
• Business Sponsors
• Project & Programme Managers
• Head of Procurement
• Head of Legal
• DPO
• IT & OT Architects

External

• Outsource IT providers
• Cloud Service Providers
• Significant suppliers to Welsh Water
• External Auditors
• Regulators

Knowledge, Skills & Experience

• Recognised professional certification such as; CISSP, CISM, CISA, CRISC
• Good familiarity with the NIST Cybersecurity Framework, CIS Critical Security controls, and ISO27001
• Experience of understanding of a Security governance frameworks and Security risk management
• Experience of delivering Security assurance services to significant Business projects within a large complex business
• Experience of engaging consultatively and openly with internal & external stakeholders to ensure good collaboration and positive working relationships
• Strong technology grounding – familiarity with its implementation and use within the corporate environment, and the potential vulnerabilities that could arise
• Experience of delivering “end to end” Information Security Assurance and achieving optimal risk management outcomes
• Effective communicator with strong written and verbal communication skills – capable of writing clear concise reports and presenting to senior stakeholder groups
• Demonstrable Security risk management knowledge and experience
• Wide ranging knowledge of Information Security and IT Security frameworks (NIST CSF, CIS Critical Security Controls, ISO27001 etc.), standards and application of Security best practice

• This role includes hybrid working.