Position Title: Audit, Risk & Compliance Consultant
Location: Home / Cheltenham based (with requirement for regular travel).
Department: Audit & Compliance
Reports to: Head of Audit, Risk & Compliance
- Working as part of the consultancy team, you will deliver high quality consulting advice and services to clients with a focus on cyber risk assessment and analysis, including but not limited to major High Street Retailers, Healthcare companies, Finance and Insurance companies as well as some Local / Central Government departments.
- The successful candidate will work as a stand-alone consultant or as a part of a wider delivery team (with support of the wider security team where required) to implement Information Security, Governance and Risk Management processes and solutions for compliance projects for IRM’s client base.
- Working in collaboration with the sales team and product manager, deliver S/W implementation services in relation to IRM’s Cyber Management Platform – SYNERGi, to enable our clients to gain maximum value from our product.
- Working with the PMO office to ensure that your time is appropriately allocated to meet client requirements.
- As a consultant for a trusted Security consultancy, provide full lifecycle Information Security Consultancy across multiple security standards and security maturity models, from the initial consultation and pre-sales phase to the delivery and ongoing BAU support including full lifecycle implementations (or part implementations) for Cyber Essentials, NCSC 10 Steps to Cyber, SANS Top 20, ISO27001, PCI DSS and NCSC Security projects for high profile clients.
- As a subject matter expert, provide sound and pragmatic advice to our clients and demonstrate how cyber risks can be managed and mitigated.
- Work in collaboration with colleagues in the technical consulting team to forge innovative and lasting solutions to client issues and challenges.
- Identify and refer revenue generating opportunities for further account development and growth to the head of department and the sales team.
- Contractually based from home or IRM’s office (Cheltenham) and expected to travel 3-4 days per week to client locations (dependent upon client and project demands).
- Provide occasional support for maintenance of internal certifications such as ISO 27001 / 9001 / 17025 / Cyber Essentials / CTAS etc.
Experience & Background
- Degree qualified with an appropriate related qualification or equivalent experience.
- Minimum 5 years management experience.
- Demonstrates extensive knowledge and success with assisting on, client-facing business development, engagement delivery, practice development and thought leadership as it relates to the development, assessment and implementation of Information Security solutions.
- Demonstrate an extensive knowledge of managing project work streams in a system security, controls or information security management environment, from the following information security domains:
- Security Architecture and Strategy (Integrated Risk Management).
- Security Function Design and Governance.
- Information security awareness.
- Demonstrates extensive relevant knowledge and success in interpreting security industry standards (ISO 27001/27002, PCI DSS, DPA, GDPR, NIST 800 series, COBIT), as this relates to:
- Building Management Systems and/or programmes.
- Managing internal controls, risk assessments, business process and internal IT control testing or operational auditing.
- Demonstrates deep security policy, standard and technical knowledge (not hands-on) but having excellent client and stakeholder management skills with the ability to communicate complex solutions clearly and concisely at all levels.
- Flexible in approach and excited by the opportunity to assist clients with ongoing requirement to perform interim and application /infrastructure level risk assessments, which are measured against a myriad of compliance and risk standards.
Certifications / Qualifications:
Any of the following certifications would be highly beneficial:
- ISO27001 Lead Auditor
- CCP Senior / Lead IA Architect / SIRA / IA Auditor
- PCI QSA