Information Security Consultant required for market-leading financial services firm. The role will be focused on maturing their annual risk management cycle to enhance their risk level tolerance and to ensure more regularity. You will look at risk over the year, controls, incidents, and progress on projects, and convey risk level to stakeholders. We are looing for a consultant who are familiar with FAIR risk methodology experience. The client are also looking to change their Data Classification framework. They need to define the governance and build up the framework. So, we are looking for a consultant who can also act as a representative whilst doing this transformation.
The role will focus on the Data Classification process that identified the most precious resources for the Business and include the following:
Responsibilities:
Prepare and perform the Data Classification exercise across all Lines of Business with various stakeholders up to C-Level
Produce documentation for the wider company audience to explain and better guide staff in selecting the best data classification labels for their information
Collect the up-to-date information from Business regarding their most valuable data and its use on a yearly basis (at minimum) and support the business in evaluating the most appropriate classification
Maintain a proper audit track on signoffs provided by the Business, Information Security and the Data Privacy Office regarding Data Classification topics
Act as intermediary with the IS Project Reviewer to be able to evaluate the most appropriate Data Classification level for new data
Monitor the applied Information Security labels and track non-compliance with the Data Classification register
Manage and maintain the Data Classification register, a consistent record of the most valuable data in the organisation, their owner, their classification, and their location
Act as a champion for Information Security when dealing with areas of the business, providing assistance with the raising of information risks and explaining current policy as required
Maintain close working relationships with appropriate teams across and outside of Information Security.
Experience
Master's degree in Computer Science, Engineering, or related field with a minimum of 5 years of professional experience in Risk Management (Required) and/or Information Security (Preferred)
Expert in synthesizing and clearly communicating complex information to all audiences up to C-Level leaders (Required)
Experience in articulating risks in business language and advising on the appropriate risk management action (Required)
Experience in Data Classification, process discovery or Business Impact Assessment (Required)
Excellent attention to detail and the ability to create clear, concise and engaging presentations breaking down difficult problems (Required)
Expert analytical and reporting skills (Required)
Excellent interpersonal and collaborative skills (Required)
Expert in Microsoft Office (Word, Excel, PowerPoint, SharePoint) (Required)
Experience in multinational companies (Required)
Strong knowledge of Risk management (Required)
Strong knowledge of Risk management frameworks (ISO 3100X, NIST 800-30/37/39, ENISA, EBIOS, OCTAVE, FAIR) (Required)
Strong knowledge of Information Security frameworks (Mitre ATT&CK, NIST, ISO 2700X ) (Preferred)
Experience in information security management reporting and related methodologies (Preferred)
Information Security and/or Information Technology industry certification (CISSP, CISM, or equivalent) (Preferred)