About The Role
Cyber Security is one of the most important risks facing businesses today. Systems and processes are becoming increasingly interconnected and automated and many organizations are now reliant upon technology to drive business strategy and growth. As the reliance on technology grows, the risks increase also. For leading companies across all sectors, Cybersecurity is now a critical board agenda item. Our clients are overwhelmingly turning to the firm for help and guidance on how to protect their assets, minimise business disruption and improve security as they continue to exploit technology and the Internet of things (IoT).
That’s why at the firm we have ambitious plans to expand our already market leading Cybersecurity practice. With investment secured, we continue to build our UK based cyber practice and anticipate continued growth throughout the next five years. We need excellent people, across all grades, to join us and to be part of our exciting growth strategy. Interested and have what it takes to develop into a market leading expert in a fast evolving and exciting growth area?
Being part of a dynamic, growing organisation offers an exciting career path full of opportunity. The firm's UK Cyber Practice is part of a global cyber team of over 1000 professions focused on delivering leading edge information security assessment, security transformation programmes, cyber threat management, identity and access management, data protection and privacy, and resilience services. We are part of a wider advisory organisation that collectively comprise a $4 billion and growing, global advisory practice with 18,000 professionals. With an overall global Advisory market of $150 billion, there’s tremendous potential for growth – and we’re prepared to tap into that potential.
As a Consultant or Senior Consultant in our UK Cybersecurity practice you will be working within IT Risk and Security and will have exposure to cyber security assessments and work in teams to deliver security implementations or remediation programmes. We don’t expect you to have formal experience of market facing business development activity but you will be expected to be able to identify opportunities where policies, procedures or process require improvement to strengthen security. Highly motivated, you will be a good communicator with the ability to contribute confidently to technical security discussions with peers and management. You will be a team player who is not only looking to enhance their own career, but recognises the value in working well with others and the value of teamwork.
You will have responsibility for;
- Working across a portfolio of cyber engagements with our clients, reporting to a Manager or Senior Manager, responsible for the day to day completion of security assessments or delivering elements of a security transformation programme.
- Working with team members you will create high quality reports, ready for review by a Manager or Senior Manager.
- Where possible, you will identify opportunities for the firm to assist our clients further and escalate these potential areas to the engagement manager.
- Establishing and building a network of contacts across the firm and across peer level networks within our clients
- Working with the engagement manager you will assist with the planning and delivery phases of engagements
- Contributing to the creation of proposals and marketing material
- Ensuring your work is delivered on time and on budget
- Contributing to the development of the existing cybersecurity team by sharing knowledge, leading by example and helping team members to develop.
Skills & Experience
Experience in information and cyber security is essential for this role. A Big 4 background or comparable consulting experience is helpful, although the firm will provide ongoing training and support to develop your consulting skills. We therefore welcome applicants with industry experience and skills delivering transformation workstreams, or security remediation work. A broad background across security and experience in 1 or more of the following areas would be beneficial;
- Security strategy, assessment, designing and implementing security strategy, governance frameworks over processes, controls, organisation and infrastructure to management cyber security
- Security transformation programmes – design and management of security solution implementations and / or remediation programmes to address risks across AV, patching, secure build, vulnerability scanning & remediation, logging and monitoring, segregation, threat management, user awareness
- Identity and access management (IDAM), assessing current IDAM practices and designing solutions to improve JML processes, privileged access and recertification programmes.
- Breach and incident management, design and implementation of breach and major incident management practices
- Security policies and procedures, design and implementation of security policies, procedures, standards and controls in line with regulation and/or current standards, ISO27001, NIST, SANS etc.
- Data privacy, implementation of data protection / GDPR programmes to address confidentiality and security over customer, employee or patient data.
- Resilience, design and implementation of programmes to improve IT Disaster Recovery, Business Continuity
- Cyber awareness programmes, design and delivery of cyber security awareness programmes to executive level or wider organisation
- Security over operational technology and control systems (SCADA)
- Security architecture – creating secure architecture designs for solutions, designing secure patterns for reuse and the delivery of architectural reviews using TOGAF or SABA.
- Security around emerging technology platforms – mobile device platforms (iOS, Android), cloud services (IaaS, PaaS, SaaS), Big Data, Social media
- Strong academic record, to degree level or equivalent industry experience
- Security relation qualifications such as CISSP, CISM, CISMP, ISO27001 lead implementer or auditor, MBCI, IAPP(desirable)
- Project and programme related qualifications; Prince II, Scrum, Agile