---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Technology Risk Consultant
Location: London, , United Kingdom
Type: Permanent P/T
Closing Date: 2005-11-20
Information Security Technical Advisor
The Information Security Technical Adviser ( is responsible for providing IT
Security Advisory and Accreditation services to IT and the business lines of
service to ensure that the firm’s IT infrastructure, applications and
services are compliant with the PwC Baseline Information Security Standard.
The principal responsibilities are to conduct Information Security Risk
Analyses of existing applications and IT projects and to provide information
security advice to the business lines of service and IT in response to
day-to-day enquiries such advice covers a wide range of topics including
Policies & Standards and Security Awareness. may also be required to initiate
and manage Information Security Self Certification Reviews for specific
territories. Additional responsibilities include conducting pre-audit
assessments, at the request of individual territories, and liaising with the
Compliance and Monitoring team to deliver and interpret the findings of
monthly, global perimeter scans to territory stakeholders.
This role requires the ability to establish and develop effective, trusting
relationships with internal customers, together with a proven knowledge of the
methods necessary to assess information security within a large organisation.
During the course of normal business will be required to meet and communicate
to staff and partners at the highest level within the firm, therefore, the
utmost degree of personal presentation, integrity and professionalism are
essential.
Responsibilities
Provision of services
Conduct security risk analyses of existing applications, making expert,
technical recommendations about the implementation of security measures to
ensure that the firm’s applications are appropriately protected in
accordance with the Baseline Information Security Standard and Global IT
technical standards.
Provide technical information security advice to internal customers with regard
to IT projects in order to ensure that security is considered and applied prior
to deployment.
Where specifically assigned, initiate and manage Information Security Self
Certification Reviews for specific territories.
Conduct pre-audit security assessments, where requested, to assist territories
to prepare for compliance audits.
Respond effectively and in a timely manner to day-to-day enquiries from
internal clients, regarding general IT security and information risk management
issues.
Liaise with the Compliance and Monitoring team to deliver and interpret the
results of the GPW (Global Perimeter Watch) scans performed by the Compliance
and Monitoring team.
Communication and influence
Establish, develop and maintain strong, collaborative relationships with
technical peers within Global IT and the Europe, Middle East and Africa region.
Champion ITSG to business and IT leadership to raise awareness about its role
and objectives.
Promote and develop information security initiatives within the territories.
Represent ITSG in all discussions and forums relating to the technical
information security aspects of the firm’s global IT standards.
Influence key decision-makers to adopt IT security recommendations and
communicate findings effectively to the relevant stakeholders in a clear and
structured format.
Act as the Advisory & Accreditation focal point for all information security
compliance queries for nominated groups of territories within the Europe,
Middle East and Africa region.
Team responsibilities
Establish and maintain effective communications Advisory & Accreditation staff
in all regions, with particular reference to knowledge-sharing,
problem-solving, team support and participation in scheduled forums.
Provide technical support and research within ITSG for the recommendation and
implementation of security tools and provision of training sessions.
Contribute to the shared objectives of ITSG by participating in team
responsibilities, where appropriate. E.g. security incident management rota,
ITSG business continuity coverage, etc.
Provide security expertise to the Regional CISO as required, and assist with
forward to planning and post-activity assessments.
Provide reports to Regional CISO, Program Manager and Global CISO as required.
JOB REQUIREMENTS
---------------------------------------------------
Educational Requirements
A university graduate with a degree in computer science, telecommunications,
networking, engineering or another computer-related field.
Skills and Experience
A minimum of 5 years’ experience in IT operations or a technical or
security administration background.
Conversant with ISO 17799 information security standard.
A technical knowledge of the majority of the following: a number of Operating
Systems (e.g. Win2000/2003, Unix), Lotus Notes, Oracle, Firewall Configuration,
LAN/MAN/WAN configuration.
Essential Certification Required
CISSP Certified Information Systems Security Professional, Information Systems
Security Control Consortium (ISC2)
Additional, desirable certification
BS7799 Lead Auditor
CISA (Certified Information Systems Auditor – ISACA)
MCSE (Microsoft Certified Systems Engineer)
MCP (Microsoft Certified Professional)
CCNA (Cisco Certified Network Associate)
CCNP (Cisco Certified Network Professional)
The Individual
Excellent written and verbal communication skills.
Strong analytical skills in order to resolve complex security vulnerabilities
and design compensatory controls.
Excellent project management skills in order to manage multiple security
assessments and changing priorities, simultaneously.
Strong personal discipline and effective time management.
Personal Circumstances
Some travel to the territories within the Europe, Middle East and Africa region
will be required.
Additional Agency Information
This role will pay up to a maximum of £55,000 basic salary. Since it is
a manager / senior manager grade role dependent on skills and experience the
total reward package on this salary would be £64,985.00
Applicants must be CISSP qualified or equivalent.
CONTACT
---------------------------------------------------
Tardis Group
rob snell
Consultant
rob.snell@tardis-group.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
