Security Assurance Consultant
BMI Group – London
At BMI Group, we believe a roof can offer so much more than shelter, protection and peace of mind. Today a roof can also be a power station, a living space, a vertical garden, even a work of art.
We are looking to the technology of tomorrow where we will look to be the disruptors and innovators of the industry.
We are looking for security experts to join our team. This is a true opportunity to be involved in something from the start. The ability to influence and shape how we operate using next generation security tools and services.
The purpose of this role is to support the Testing & Assurance Manager in providing assurance of the completeness and effectiveness of security controls deployed to protect BMI Group IT resources and data through appropriate testing and other assurance methods.
What you will be doing:
Asset Categorisation & Prioritisation – categorize information and systems assets as a basis for prioritising security risk assessment, assurance and testing activity
Conduct cyber security risk reporting and aggregate reporting into an Enterprise risk framework
Maintain records of information assets and associated security assurance and testing results.
Responsible for conducting according to the security assurance and testing schedule based on asset risk prioritisation.
Work with IT management to coordinate and track security risk assessment assurance and testing activity including all penetration test activity.
Report on risk reduction and control compliance activity to ensure that prioritised risks are adequately addressed.
Work with procurement and IT management to conduct security assurance and testing according to a schedule agreed with the Testing & assurance Manager.
Conduct the security related due diligence assessment of IT suppliers
What you can bring:
- Previous work experience in IT with direct experience in security assurance and testing activities
- A clear ability to evaluate controls and define appropriate assurance and testing activity based in risk
- Knowledge of common information technology management frameworks such as ISO/IEC 27001, ITIL, COBIT, and NIST
- Knowledge of Cloud Security requirements including CSA or ENISA frameworks
- Broad understanding of relevant legal, regulatory and privacy requirements.
- Comfortable and effective in building partnerships with organizational leaders and influencing senior management
- Be able to deliver to deadlines and manage expectations effectively
- Ability to work collaboratively and effectively with the Technology team and business organizations to implement information security standards and initiatives
- Bachelor degree in Computer Science/Engineering/Information Security preferred or equivalent combination of education and/or relevant experience
- Experience working in an IT organization with global operations desirable
- Experience working in a shared services IT model desirable
- Accreditation should include CISSP or similar
This role will be based in our Central London HQ but require travel.