Back to Job Search

Job Description

Lead Security consultant

Remote working

Key responsibilities

  • Lead consultant for cloud (and supporting cloud infrastructure) and enterprise application risk assessments to our internal development teams, project teams and Managed Services client(s) - you will be the primary point of contact for all Application Security matters.
  • Supporting CISO and other security managers to establish, maintain and deliver a comprehensive Application Security strategy and program for our managed services client(s).
  • Provide Information Security Consultancy services for a wide range of product development and M&A activity projects to ensure our products, services, platforms, and information assets are secure and cyber resilient (Azure, DevOps, Oracle Cloud)
  • Develop, implement, and maintain Application Security Policies; Application Security Standards; Standard Operating Procedures and Governance models in line with ISO27001 and SOC2 standards.
  • Lead delivery of and support the development of Application Security Maturity Models, Security Reference Architectures, Product Roadmaps; Architecture workflow; DevOps framework; and penetration test strategy.
  • Lead and perform application (and infrastructure) due diligence on potential partners, Mergers & Acquisitions, 3/4th Parties, and new solutions
  • Identify cyber risk within existing business and new business and taking ownership for remediation activities with direction and support from the CISO and other security teams.
  • Report status of the information security program, budgets and status reports on all assigned projects and activities to the CISO and our Managed Services client(s).
  • Deliver occasional presentations and regular reports, metrics, and Service Reviews for technical and non-technical audiences, including three managed services clients (as part of vCISO services).

Key skills

  • Providing clear, organised findings, and recommendations, and tracking progress towards resolution and risk mitigation, providing regular status reports on all assigned projects and activities
  • Working semi-independently, undertaking information security engagements including working co-ordination and project management (client interaction, deliverables, work plans, escalations, etc.)
  • Identify security control gaps and provide recommendation, implement solutions, and track the progress.
  • Support maintaining certifications (ISO 27001, SOC2), including implementation of ISO 27001/SOC2.
  • Support stakeholders in adhering to application data compliance & regulatory requirements (FCA, GDPR)
  • Act as security representative at the Change Advisory Board for application changes, as required
  • Contribute to our methodologies and leverage collaboration to deliver our customer's requirements.
  • Keep abreast of developments in the information security industry, by monitoring the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.

Eames Consulting is acting as an Employment Agency in relation to this vacancy.