We're sorry, but this job has now expired.
To search live jobs like this one click here.
Information Security Risk & Privacy Consultant
- South East: Berkshire
- IT and Internet
- Working Pattern:
- Full time
- Date Posted:
- Friday, 12th October 2012
- Flexibility Offered:
- Job Ref:
Information Security, Risk and Privacy Management (ISR&P) is responsible for the provision of an ISR&P management service to the business units within Prudential Assurance UK and Europe.
This role supports the delivery of that service and includes:
* Consultancy , support and delivery of ISR&P Projects
* Systematic assessment of ISR& in the business and development of appropriate strategies to manage this risk.
* Ensuring that existing ISR&P Policy, Standards Process and Guidelines are consistently embedded and communicated across the business units, ensuring appropriate alignment with business need and providing effective and proactive mitigation of related risks to Prudential UK and Europe.
* Provision of specialist consultancy and advice on ISR&P management to managers, project teams and infrastructure delivery teams (including provision of guidance on conformance with the legal aspects of information processing, eg Data Protection Act, Computer Misuse Act etc).
* Ensuring ISR&P requirements are embedded within all new architecture and infrastructure, working with Security Architecture, Project Management, Development teams and third parties to ensure the implementation of the required level of security functionality into all new products and services.
* Managing elements of an ongoing programme of monitoring in order to demonstrate appropriate management of risk and compliance with policy.
Scope & Key Dimensions:
Responsible for the effective day to day delivery of Information Security, Risk & Privacy services and consultancy for all UK and European business operations (including those located in Mumbai).
Location: Reading and/or Craigforth, with a requirement to travel when appropriate.
Key Results Areas
Responsibilities may include, eg:
* Ensuring that technology and processes are well managed so that every effort is made to secure all customer and sensitive data held by PruUKIO
* Consultancy , support and delivery of ISR&P Projects
* Overall ownership and leadership of significant, and complex, components of work relating to ISR&P, including risk assessments, system reviews and consultancy.
* Development of ISR&P controls and guidelines, and the subsequent process of communication with the business.
* Research, assessment and reporting of security vulnerabilities and recommending appropriate remedial actions.
* Evaluation of ISR&P tools, products and solutions, and contributing to the decision process for their purchase and use.
* Development of new ideas to contribute to the continued success of the department and the services provided.
* Providing specialist advice and guidance to managers, project teams, infrastructure delivery team and ISR&P peers.
* Promoting ISR&P awareness throughout the business.
* Acting as an ambassador for ISR&P Management.
* Participation with the EA (Enterprise Architecture) community, providing information security guidance and recommendations during the Enterprise Security planning process
* Compliance – To ensure that you understand and adhere to Prudential’s Code of Conduct and, where appropriate, comply with all relevant regulatory policies. This includes completion of any mandatory training requirements.
* Financial Controls – Ensure all expenditure commitments (orders, contracts, budgets etc) and all payments are properly authorised, controlled and monitored, in accordance with Prudential UK delegated authority requirements. The responsibilities of expenditure authorisers are documented in the Prudential UK Financial Procedures Manual.
* Performance Management – To ensure the delivery of People Management Pru and that all its processes and tools are fully utilised in managing your people.
* Ensure ISR&P internal and external audits are effectively communicated and subsequent remedial activities are followed through to agreed actions
* To demonstrate a positive risk, compliance and control culture through the identification, assessment, monitoring and management of risks and issues within the business area, alongside ensuring timely and appropriate resolution of control weaknesses, actions and failures that arise.
* IT SMT (Senior Management Team), IT Risk and Audit, Business Unit Representatives for all Pru UK Business Areas, Risk, Strategic Sourcing, Group Security, Risk Coordinators.
* All Third Parties including Capita IT, Capita Information Risk, Privacy and Security, PGDS IT Security, RR Donnelly, Zensar.
* Data Protection and Information Security industry bodies and members, audit and regulatory bodies.
* Demonstrable consultative and delivery skills in ISR&P projects, work prioritisation and planning with the ability to analyse complex issues, recommending and implementing tools or solutions where appropriate.
* Stakeholder Management demonstrating a ‘can do’ attitude; good relationship skills, able to effectively listen, communicate, challenge, influence and deal with people at all levels.
* Experience in information management skills using approaches such as IRAM, analysing the results of audits (performed by other functions) providing advice on acceptable risk, or risk mitigation strategies including the creation and implementation of controls and standards.
* Knowledge on appropriate information security management and governance standards, eg ISO 27001, CoBIT, ISF Code of Practice. and/or financial services regulations relating to IT (e.g. SOX & Turnbull).
* A thorough knowledge and understanding of information risk related legislation e.g. the Data Protection Act, and Computer Misuse Act etc.
* Experience and understanding of the information risk implications of third party relationships and the management strategies required.
* Ability to manage investigations of confidential issues at all levels and to apply judgement as to how these are conducted and the actions arising from them, exercising absolute discretion.
* 5+ years experience within and IT and Financial Services with a demonstrable knowledge of the Financial Services Industry or relevant industry sector.
* Highly aware and experienced of working within the financial services regulatory environment (Specifically the FSA and ICO).
* Excellent interpersonal skills.
* Effective report writing and presentation skills.
* Good negotiation and communication skills.
* Ability to work on own initiative.
* Good project management and planning and delivery skills
* Significant spread of skills in 3 to 5 specialist areas (eg Mainframe, NT, Midrange, Network, security architecture design, security management, user awareness, risk assessment).
* Knowledge of security investigation techniques, the rules of evidence and practical experience of computer forensics would be useful.
* Good knowledge of networking (TCP/IP, and routing protocols)
* Operational and/or implementation experience of various information security tools would be beneficial such as IAM, DLP (Data Loss Prevention), Endpoint Security, Mobile Device Management, Intrusion Prevention Platforms, GRC (Governance Risk and Compliance) Platforms and Database Security technologies
* Qualifications such as CISSP, CISA, CISM Lead Auditor of equivalents would be advantageous
Closing Date: 26th October 2012