Cyber Security Advisory Lead

CYBER SECURITY ADVISORY LEAD
6 MONTH CONTRACT WITH HIGH LIKELIHOOD OF EXTENSION
REMOTE WITH OCCASIONAL TRAVEL TO LONDON ONCE OR TWICE A MONTH
INSIDE IR35
£600-£700 PER DAY
ASAP START
Cyber Security Advisory Lead is responsible for providing IT Security guidance and assurance to the business for all IT related projects.  They bridge the gap between the business area CIOs and IT Security, performing security control assessments, risk assessments, drafting exceptions, inputting into supplier selection and supporting project stage approval. The role requires someone who has experience of conducting cyber assurance and a wealth of experience on various security projects within IT working within a fast-moving, agile group.
Principal accountabilities
Follow Cyber Security Advisory processes; working with project teams to conduct and document risk and control assessments, utilising industry standard frameworks
Socialise risks or gaps identified in the security assessments to project teams and relevant business areas, define remediation plans and track progress of remediation
Work with project delivery teams and Cyber Threat and Vulnerability teams to deploy software composition tools and develop vulnerability remediation plans and timeframes
Support the Penetration Testing Manager to source and scope penetration test or IT Heath Checks, review results and create risk treatment plans based on findings
Apply knowledge of Security best practice whilst reviewing project documentation to match business requirements, employ a consistent engagement approach for all projects/programmes
Be an enabler for the business objectives, rather than an obstruction, build lasting relationships with the Project and Programme
Act as a Subject Matter Expert delivering security services within the project lifecycle and procurements
Work collaboratively with project teams, across portfolios to understand the business objectives and ensure that security principals & secure architectural patterns are built in by design
Provide standard and bespoke security design advice to projects across infrastructure, operating systems and applications
Review existing and proposed architectures, identify security design gaps, work with developers and provide guidance on secure coding and industry best practice (OWASP)
ONE OR MORE OF THE FOLLOWING CERTIFICATES IS PREFERRED
Degree in computer science, information systems, cyber security, or related field.
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)
Certified Cloud Security Professional (CCSP) / other Cloud Security certification
SKILLS
Prior experience in information security is essential
Prior work experience in delivery, managing and quality assuring information security solutions
Experience in managing complex stakeholder relationships
Excellent self-motivation, communication and influencing skills.
Proven experience in working in a team of professional staff immersed in a large complex organisation
Interpersonal and influencing skills, together with a personal credibility, which gains the trust and respect of the wider security community, as well as with people within the Post Office
The ability to assimilate a wide range of information, make practical judgments and take appropriate decisions based on that data
Ability to share knowledge with colleagues to the overall benefit of the department
Ability to cope with pressure, maintaining performance when under stress, and managing time effectively through the application of organisation and planning skills
SOFT SKILLS
Demonstrates Post Office values and champions customer-centric thinking
Lead high-performance teams, proven ability to coach and mentor
High level of initiative, dependability and ability to work with little supervision while being resilient to change
Growth mind-set that drives learning, motivation, and achievement
Experience with senior stakeholder engagement and relationship building
Excellent communication skills, with the ability to effectively simplify complex ideas for colleagues and business stakeholders at all levels ranging from board members to technical specialists
Experience with delivering real solutions, demonstrating leadership, and influencing across shaping, design and supporting activities
Ability to pragmatically balance the need for high levels of security with the demands of delivery at pace
Excellent collaborator within internal business units, delivery teams and across project teams / external partners/vendors
TECHNICAL SKILLS
5+ years of experience in cyber security, with at least 2 years in large enterprises
Experience in using industry recognised security standards, frameworks and regulatory requirements such as NIST CSF / RMF / 800-53, IRAM2, CSA CSM / STAR, PCI DSS, NCSC CAF, ISO.
Proven track record of managing cybersecurity risks and designing risk mitigation strategies

---