This Job Vacancy has Expired!

Information Security Consultant - Third Party Risk

Barclay Simpson Recruitment

Posted on Sep 14, 2021 by Barclay Simpson Recruitment

Not Specified, United Kingdom
Immediate Start
£450 - £450 Daily

Information Security Consultant required for market-leading financial services firm who are undertaking an Information Security Third-Party Risk programme.


  • Conduct robust assessments of proposed third party services or software to ensure that security risks are identified and appropriately mitigated or managed within the Group's risk appetite.
  • Report your findings and define recommendations to remediate any control gaps identified through the course of the review.
  • Develop Information Security focussed questions for the initial RFI/RFP process (based on the type of service being provided).
  • Provide an information security opinion on each proposal, ensuring the key risks are identified and articulated to the project.
  • Prepare the security element of the contract, and work with Legal Services in tailoring the contract as required to address any findings/risks identified during the security review.
  • Provide advice and Guidance to Legal/Procurement on the content of the security provisions when the contract is being drafted or produced by the supplier.
  • Manage a number of varied stakeholders involved in on-boarding new suppliers to the Bank eg CISRO, Procurement, Legal and Project Manager.
  • Develop and build relationships internally and externally with key business and technical stakeholders, central functions and key third parties and supplier contacts supporting onboarding.
  • Ensure that security requirements and controls are implemented by working closely with Design, Build and Test resources, as well as Business Stakeholders and suppliers.
  • Represent the Cyber Projects team at Programme/Workstream level Design Authorities and Workstream daily stand-ups providing security advice in relation to the solution/s being proposed.
  • Drive compliance with Information Security Standards, as well as Legal, Regulatory and Scheme security requirements.
  • Ensure that relevant security risks are identified and articulated to a high standard for review in line with risk appetite.
  • Taking difficult business issues and creating win-win outcomes for Security and the Business.

Nice to have

  • Extensive knowledge and understanding of the security-related technical controls which prevent/mitigate Cyber Security risks.
  • Working knowledge and demonstrable experience of information security-related policy, standards and methodologies and associated information security legislation and scheme standards, particularly the ISO27001 Framework.
  • Understanding of the attack vectors, methods, and actors in relation to Cyber security
  • Strong analytical skills and the ability to work across a wide variety of frameworks and models.
  • The ability to identify and communicate risk at the Enterprise level.
  • Superb stakeholder management & influencing skills across a broad range of technical and non-technical stakeholders and all levels within the Group.
  • Great presentation, oral and written communication skills with an ability to convey complex technical concepts and issues to non-technical colleagues.

As an ideal candidate, you will have an industry certification such as CISSP/CISM/CRISC and have expert knowledge in Information Security and Third-Party Risk Management. You will also have proven experience of independently leading information security third party risk programmes in previous roles. Experience within insurance or financial services is preferred.

Reference: 1320530974

Set up alerts to get notified of new vacancies.