Information Security Consultant

Information Security Consultant

abrdn plc is one of Europe's largest investment companies, and we are built on a long-standing culture of caring about the future and making a positive impact. Together we invest for a better future. We do it to make a difference to the lives of our clients and customers, our employees, society, and our shareholders. Our business is structured around three distinct areas focused on our clients' changing needs.
- abrdn Investments - a leading investment management business looking after £368bn of assets for Institutional, Wholesale and Insurance clients
- abrdn Adviser - one of the UK's largest providers of platform services to financial advisers with £75bn in assets across our Wrap and Elevate platforms
- interactive investor - the UK's most trusted investment platform for individual investors with 430,000 customers who have invested almost £75bn with us

Our strategy is to build a vibrant and value-creating purpose-led organisation, with the current and future needs of our stakeholders at the heart of all we do.

Security, Resilience & Protection (SRP) are at the heart of ensuring that everything we do as a business aligns with keeping our people and data safe. We put our clients and customers at the heart of this mission and use this as a guiding star to shape our approach.

**About The Department**

The Security & Resilience team is dedicated to safeguarding abrdn's operations, ensuring the highest standards of Information and cyber security. The Information Security Assurance team is evolving our approach, with a threat and data led method to assurance that will deliver tangible risk reduction. As part of this team, the Information Security Consultant will help to lead and coordinate information security assurance and advisory activities, promote a security-by-design culture and ensure abrdn maintains a robust cyber resilience control posture in line with global standards and regulatory requirements.

**About the role**

As an Information Security Consultant at abrdn, you will work with the Information Security Lead and the wider team to lead and coordinate information security assurance and advisory activities across the business. Your responsibilities will include acting as a trusted business partner, providing risk tailored advice, driving security best practice, and supporting the delivery of security assurance reviews to ensure the integrity, confidentiality and availability of information systems, in alignment with business objectives, security standards and regulatory requirements.

Through positive engagement with the business, you will provide impactful information and cyber security control and risk posture assessments, that will contribute to the ongoing effectiveness and reduction of cyber resilience risk for abrdn.

**Key responsibilities**
- Assurance reviews: conducting comprehensive assurance reviews on information assets, projects, programmes and technologies to verify and validate the effectiveness of controls, and ensure compliance within security policies, standards, industry best practice and regulatory requirements.
- Conducting security risk assessments and providing expert guidance and advice on risk mitigation by advising on appropriate controls to ensure compliance and operation within risk appetite.
- Work with business areas to identify and assess information and cyber security and technology risks and provide pragmatic guidance on risk mitigation to ensure compliance with internal and external policies, standards, industry best practice, and regulatory requirements.
- Work closely with stakeholders to understand risk exposure and improve the cyber resilience of abrdn through education and the identification and mitigation of risks.
- Deliver insightful information security assurance documentation and reporting to report on Information and cyber risk and control posture, providing strong actionable mitigations to strengthen cyber resilience for abrdn.
- Engage with stakeholders to ensure alignment with organisational risk appetite and objectives.
- Support information security assurance initiatives to drive continuous improvement in control and risk posture across the organisation.
- Support the education and awareness program via interactions with the business.

**Knowledge, Skills and Experience**
- Previous experience of working with information security and related topics such as testing & assurance, cyber security, data privacy, business continuity & resilience.
- Knowledge of control and risk management processes. Ability to frame decisions in terms of risk and make good risk judgements.
- Excellent planning skills and high level of organisation and discipline to meet specific targets and objectives.
- Ability to demonstrate positive engagement and build relationships and trust with internal and external stakeholders.
- An understanding of governance and risk principles and information security frameworks and/or standards (e.g. ISF SoGP,