Cyro Information Assurance Practitioner (GRC)

Location: Hybrid/Home
Type of Job: Permanent
Ref No: V11565

Cyro Cyber is looking for an enthusiastic team player to grow their Information Assurance career working on some projects of significant national interest.

Role Profile

Cyro provides skilled experts to help its clients build cyber security and information assurance capability through pragmatic consultancy. This role will be a client facing role helping them to implement compliance regimes or controls to secure their organisations whilst learning from of the most seasoned and savvy Information Assurance and Cyber Security experts in the country. Cyro focuses on assisting UK companies from a variety of verticals (Government, Critical National Infrastructure, Finance, Legal, Retail etc.) therefore a vast majority of work takes place in the UK though there is some international travel required in certain instances. The work is varied and engagements can vary from a 5-day risk assessment or regular vCISO engagements to a 6-month placement with the client. It’s an ideal way to broaden experience and prepare oneself for a CISO role in the future.

The role of IA Practitioner aligns with CCP/ SFIA Level 3.

Responsibilities:

You will be working with the businesses across critical areas of infrastructure, technology and applications to apply policy and procedural alignment against standards inc ISO27001, CAF, CSP, IEC62443, NIST etc.

Responsibilities will include: 

  • Working on security risk assessments at business, technical architecture reviews  

  • Undertake gap analysis across projects and programmes using mature methodologies such as NIST (National Institute of Standards and Technology) CSF (Cyber Security Framework). 

  • Orchestrating and planning vulnerability scan/ management programmes

  • Orchestrating and planning penetration test programmes

  • Orchestrating and planning remediation programmes

  • Interpreting and applying appropriate standards, policies and legislation, e.g. SOX, DPA, HMG SPF, NCSC IA Portfolio, ISO27001,etc. 

  • Produce gap RTP (risk treatment plan) remediation plans for projects and programmes and report findings with recommendations to customers. RTPs must incorporate, where possible, relevant (current) threats to new systems that are being deployed along with highlighting internal, external vulnerabilities along with likelihood of exploitation 

  • Assist with the continual implementation and improvement of governance procedures within business units whilst adhering to centrals processes 

  • Collaborate with the wider cyber teams to ensure full coverage of implementation of best practice and IA

  • Support business units with conformance against (as applicable) NIS Directive, PSN CoCo, re-certifications against schemes such as Cyber Essentials  

Requirements:

•            Experience and knowledge to apply NIST, CSF, HMG SPF or ISO27001 standards and frameworks

•             Experience of working on risk assessments, risk treatment and implementing practice countermeasures for pragmatic remediation

•             Strong knowledge and experience of IT security

•             Security qualifications CISSP, CISM, CompTIA CASP+

•             High documentation standards

•             Experience of running or planning vulnerability scans and understanding the security risk review process

•             Strong interpersonal and communication skills

•             Skill in organising resources and establishing priorities

•             Ability to steer on regulatory and compliance matters

•             ISO27001 internal auditor or other CISA an advantage

•             Eligible for Security Clearance (successful appointment will be subject to being granted Security Clearance) 

Excellent Employee Benefits:

Cyro is committed to ensuring that we offer industry leading career opportunities, salary and benefits packages. Join us and you can expect to receive:

·      25 days holiday, including public holidays, plus the option to buy or sell five days each year

·      Company pension scheme

·      A range of family friendly policies

·      An employee-funded car leasing scheme

·      Occupational health support

·      Cyro Rewards Scheme

SFIA 3 Head line definition:

Autonomy -  Works under general supervision. Uses discretion in identifying and resolving complex problems and assignments. Specific instruction is usually given and work is reviewed at frequent milestones. Determines when problems should be escalated to a higher level.
Influence -  Interacts with and influences department/project team members. Frequent external contact with customers and suppliers. In predictable and structured areas may supervise others. Decisions may impact work assigned to individual/phases of project.
Complexity - Broad range of work, sometimes complex and non routine, in variety of environments.
Business skills - Understands and uses appropriate methods tools and applications. Demonstrates analytical and systematic approach to problem solving. Takes initiative in identifying and negotiating appropriate development opportunities. Demonstrates effective communication skills. Contributes fully to the work of teams. Can plan, schedule and monitor own work (and that of others where applicable) competently within limited time horizons and according to health and safety procedures. Is able to absorb and apply new technical information. Is able to work to required standards and to understand and use the appropriate methods, tools and applications. Appreciates wider field of information systems, how own role relates to other roles and to the business of the employer or client.

So why choose Cyro for your next opportunity?

·       To build, run and maintain a successful compliance programme, you need a connected approach – a team you can trust from strategy to support, and everything in between. At Cyro, this is what we do!

·       As part of our team, you could be working with some of the biggest names in the Critical Nation Infrastructure and Service Provider sectors including London Underground, Network Rail, Transport for London, RNLI, MOD and Virgin Media. You’ll help us ensure the most important messages get through – however tough the conditions.

·       Here are just some of the ways we’re different:

o   You’ll go further with us. We understand the importance of career development and will give you all the support you need to realise your potential. You’ll receive formal training, e-learning and mentoring from top professionals. And we offer opportunities to transfer to other sectors – or even different technology areas.

o   You’ll make a difference. You could be working outdoors, battling the elements, or in one of our many offices helping us develop the network infrastructures of tomorrow.

o   You’ll be treated as an individual. We’re not a vast corporation, which means every individual counts. With us, you’ll be valued and supported, involved and empowered from day one.

o   You’ll be well rewarded. We offer salary progression that reflects market rates and personal performance, a flexible working environment and excellent training.

We reserve the right to close this vacancy once we have received sufficient applications.

Cyro is an equal opportunities employer and is committed to diversity and inclusion.