Information Security Consultant

Gemserv is an expert provider of professional services. We are purpose-driven, working across multiple sectors including energy, low carbon, the public sector and health to tackle today’s social and environmental challenges. Established in 2002, the business provides a range of consultancy and outsourcing capabilities including programme management, market design and governance. We also have extensive and award winning capabilities across cyber security, data privacy and digital transformation. We are a B Corp, IIP Gold accredited and a Financial Times Leading Management Consultancy for 2021 and 2022. Our purpose is to make things that matter work better for everyone.The nature of what we do means we are very much a people business. The contribution every member of the team makes to our diverse range of experience, skills and personalities is valued. We invest heavily in learning and development to enable our people to develop skills and gain experience which will enhance career prospects for life. Many who started their careers with us have rapidly progressed to more senior positions.At Gemserv no two days are the same, but we believe in a flexible approach to working which we know our employees value. We also offer an attractive package of benefits in addition to highly competitive salaries, pension and healthcare, season ticket loans, discounted gym membership, Cycle to Work scheme and more.Job DescriptionThe RoleThe role will be dedicated (initially) to supporting the delivery of information security services to our contract to deliver the Smart Energy Code (SEC). Therefore, an understanding of the Energy Sector or Smart Metering would be a distinct advantage. The delivery of this multi-party code requires excellent communication and stakeholder management skills, so you would need to be a clear, concise, and authoritative communicator able to deliver to a broad range of audiences. The successful candidate will be screened against BS7858:2019 which is a key requirement. The candidate if successful will be part of the wider Cyber Security & Privacy Practice and will be expected to support the delivery of information security services to our clients.We would be interested in hearing from candidates who are looking for both permanent and fixed-term contract employment.ResponsibilitiesProviding expert advice to Users undertaking User Security Assessments (USAs);Monitoring the progress of Users who have booked USAs;ensuring an accurate tracking mechanism to record;Maintaining and reviewing USA related documentation including the Security Controls Framework, Agreed Interpretations;Undertaking validation of management responses and Director's Letters;Briefing the Principal Security Expert on any sensitivities or emerging issues from liaison with Users and / or Shared Resources and providing relevant background and issues to be considered by the SSC.Monitoring all security incidents and vulnerabilities reported by Smart Energy Code (SEC) Parties or the DCC and providing an expert assessment of the materiality of the security incident or vulnerability;Advising the Principal Security Expert on whether a security incident or vulnerability is material and warrants the mobilization of SMIRT;Promptly taking whatever action is directed to undertake analysis of the security incident or vulnerability as required;Conducting 'lessons learned' analysis after the resolution of a security incident or vulnerability;Reviewing and updating the User/DCC assessment policies and procedures;To undertake a quarterly review of the security standards, procedures and guidelines set out in SEC Section G and advise the SSC;Monitor the threat landscape and advise the SSC of any material changes arising from threats or business impact levels;Provide expert assistance to any external risk assessment commissioned by the SSC;Conduct analysis produce papers and presentations; provide advice and make recommendations.QualificationsRequirementsTo be successful in the role the post-holder should be able to demonstrate experience in the following areas:An understanding and practical working knowledge of Smart Energy Code (SEC) Section G.Technical knowledge of information security compliance (ISO27001), information management, Smart Metering and IT security arrangements.Ability to conduct risk assessments and treatments using a hybrid IS1/IS2 and ISO 27005 requirements.Have practical experience in undertaking ISO 27001 internal and external (field) audits.Have practical knowledge of the threat landscape in Smart Metering.Knowledge of Smart Metering and the energy market would be advantageous.Preferably, an understanding and working of ISO standards including ISO 27001, ISO 27005, ISO 27035 and ISO22301.Ideally, have an industry qualification such as CISA or CISM.Skills & QualitiesExcellent client consulting skills and ability to engage and build relationships with stakeholders at all levels (including C-suite level)Able to conceptualise opportunities and develop these through business development activities.Ability to explain complex ideas in a concise manner.Ability to work independently with little to no supervision.Ability to provide expertise and support in operational risk, governance, business continuity, data protection, data leakage and privacy.Passion to develop own skills and knowledge in information security and data protection compliance.Proactive, 'hands on' starter finisher and results driven individual.Highly organised and able to manage and prioritise workload.Strong problem solver with high attention to detail.The role may require occasional business travel.Additional InformationWHAT WE OFFER25 days annual leave, plus bank holidaysReward and recognition schemesFlexible workingPrivate Bupa healthcareLife Assurance (up to 4 times annual salary )Matched pension contributionsSeason Ticket LoanCycle to work schemeBuy and Sell annual leaveReimbursement of eye test and up to £50 towards glasses or contactsCorporate gym ratesEmployee Assistance ProgrammeSummer and Christmas parties, along with monthly GembarExplore more InfoSec / Cybersecurity career opportunitiesFind even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
#J-18808-Ljbffr