Information Security Consultant

**The Vacancy**

Working at the Cumberland, you become part of something special. We’re a Mutual organisation, committed to improving the lives of our colleagues, customers, and community. Our values are incredibly important to us.

We’re on an exciting transformational journey with our people firmly at the forefront of our plans. If you want to work for a team integral in helping to drive cultural change, a team where you can bring your whole self to work bringing your energy and creativity to make a positive difference, then this is the job for you.

You’ll also be responsible for assisting in the management of Information Security risks in line with ISO27001. This includes ensuring controls are in place to prevent/minimise threats such as security breaches, computer viruses or attacks by cyber criminals.

You’ll have depth of knowledge in information security, with an excellent understanding of the technical side, having very good experience of compliance such as ISO27001, NIST, PCI & CQUEST requirements.

**The Benefits**
- **Salary** - £65,000 to £75,000 p.a. depending on skills and experience.
- **Holidays** - 25 days holiday plus public holidays and the opportunity to buy and sell up to 3 days.
- **Learning and** **Development opportunities** - We want you to grow in your role. We’ll work together to support your personal and professional development.
- **Hybrid Working** - the tools and equipment you need to be able to work from home when you need to, depending on your role.
- **Health and Wellbeing** - a calendar of events and activities throughout the year, Mental Health & Wellbeing champions, and Cycle to Work scheme.
- **Community Day** - We offer our people an extra paid day off every year to help local charities and community organisations.

**The Role**

Main responsibilities include:

- Engagement with projects to provide advice, guidance and non-functional requirements to ensure security is being built in by design.
- Support and execute all group-wide Assurance tasks, initiatives and assignments, including monitoring the assurance inbox and responding to queries.
- Assist in the ongoing program of information security assurance covering all aspects of ISO27001 and the controls set out in the Society.
- Support the management of the Information Security Management System on behalf of the Society and ensure compliance with its components.
- Support the Information Security Assurance Manager in working with information security operations to maintain acceptable levels of control and risk throughout the Society.
- Carry out assurance reviews in line with the schedules calendar, producing reports, feedback and managing actions/non-conformities through to satisfactory conclusion.
- To assist in the maintenance of the Information Security (COO) Risks and Controls register and work closely with other information security colleagues and carry out actions to mitigate the risks identified.
- To keep up to date with security trends, threats and control measures and recommend new solutions and initiatives that will enhance the protection of the Society’s assets and data.
- Identify risks and ensure these are presented in accordance with procedures and are given the appropriate level of attention.
- Conducting third party supplier reviews.
- Work closely with key stakeholders including Risk, Audit, Technology and Information Security Operations to assist and provide input to ensure that Society policies and procedures for Information/Cyber Security Operations are effective and adhered to. To be proactive in making recommendations for updates to policies and procedures as required

**About You**

You’ll have strong, demonstrable experience in an Information Security role, ideally within a Financial Services led environment or equivalent highly regulated industry. You’ll ideally have a formal qualification in an Information Security discipline, e.g. CISM or equivalent significant experience, as well as experience of ISO27001 audits, NIST audits or similar.

In addition to this we’d love to see:

- A strong technical understanding and background
- Full UK driving license
- Excellent interpersonal, written and verbal communication skills and the ability to work well with people at every level.
- Ability to work with autonomy, flexibility, be organised and able to work under pressure.
- Strong relationship management and influencing skills.
- Attention to detail to ensure accurate assessment and management of risk.
- Strong analytical skillset.
- A good level of understanding on general IT security concepts and principles.
- Ability to effectively prioritise situations requiring urgent attention.
- Ability to work as a team and on own initiative to think ‘outside of the box’ and go the extra mile.
- Pro-activity and self-motivated with the proven ability to drive results and provide excellent customer services to all levels of the organisation.
- High level of motivation to see succes