Information Governance Security Consultant

**Home-based, remote within the UK only. £40k-£60k.**
Hytec are looking for an Information Governance Security Consultant. As an Information Governance (IG) and Information Security (IS) consultant with strong experience within the area of Governance, Risk & Compliance, you will have the opportunity to providea variety of professional information governance and information security services to both public sector and private clients. You will deliver a variety of security projects, including helping our clients to implement risk management and security controls,assessing against Cyber Essentials and/or ISO27001 certification, creating assessment reports and improving organisations security position. This role will be client-facing activities both remote and onsite, assisting sales with client enquiries with a keeneye for detail and proven ability of delivering good practice.
**Key Responsibilities**

Delivering IG and IS services to new and existing clients, including gap analysis risk assessment and treatment, auditing, implementation, and other good practice consultancy for recognised cyber security standards including:

- Assessing new and existing client's current position against security standards such as Cyber Essentials, Cyber Essentials Plus, ISO 27001 for certification purposes.
- Identifying steps that organisations need to take to improve their security position and supporting them through client certification.
- Carrying out audits to ensure that security controls are effective.
- Writing Information security reports and delivering the findings to key stakeholders.
- Delivering continuous assessment of current security practices and systems and identifying areas for improvement.
- Assisting with the development and growth of the core Information Governance and Cyber Security offerings, refining the service further and documenting new methodologies i.e., Information Security Management System (ISMS).
- Providing IG mentoring to other colleagues where appropriate, working as part of the wider Hytec MSP and MSSP teams.
- Maintaining excellent communication with customers and internal teams.
- Carry out other security related duties as required, i.e., facilitating awareness workshops / exercises.
- Assisting with pre/post sales and marketing activities as required.
- Ability to work independently and with mínimal supervision.

**Key Tasks**

You will be responsible for the effective and efficient delivery of recognised consultancy service lines including (but not limited to):

- Gap analysis risk assessment and treatment, auditing, implementation, and other good practice consultancy for recognised cyber security standards including:

- Cyber Essentials and Cyber Essentials Plus for client certification purposes.
- ISMS review, implementation and accreditation (ISO 27001)
- Threat and risk assessment
- Security policy development and review
- Security training and awareness

**Skills & Attributes Required**
- Knowledge and experience in IT Governance, Risk & Compliance relevant to cloud and on-premise technology stacks, security and DP related compliance, legal & regulatory frameworks and standards, including Cyber Essentials Plus, ISO, ISO27001, Penetrationtesting, GDPR, others.
- Experience of risk management principles and associated methodologies.
- ISMS implementations and audit experience to ISO 27001.
- ISO 27001 and Cyber Essentials in-depth working knowledge.
- Ability to demonstrate expert knowledge and understanding of information security good practice.
- Ability to provide advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
- Experience in working with technical and non-technical business personnel to C level, articulating security risks in a manner appropriate to the stakeholders.
- Previous experience in delivering security awareness related activity.
- Previous experience in third party assurance activities.
- Strong attention to detail.
- Knowledge of Information Security principles and concepts and knowledge of technical security controls.
- Well organised, proactive and has excellent troubleshooting skills.
- Excellent verbal and written communication skills.
- Strong presentation development and customer communication skills.
- Proven ability to make sound pragmatic decisions and judgements under tight timelines.
- Information Security certifications such as CISSP, CISA, CISM, CEH are beneficial.
- Experience working with DTAC, DSPT and PSN beneficial.
- Experience working with local government is desirable.

**Benefits**
- A technologically enthusiastic company and colleagues
- A structure where everyone has a voice and makes a direct and valued contribution to building the best product possible
- Working to improve the lives of the most disadvantaged people
- Flexible working hours and a relaxed working environment
- 25 days leave rising to 30 after 2 years (plus bank holidays)
- Enhanced pension scheme
- Cycle-to-work scheme
- Employee Assistance Programmes
- Season ticket travel loans