Cyro Lead/Principal Information Assurance Consultant (GRC)

Location: Hybrid/Home
Type of Job: Permanent
Ref No: V11564

Cyro Cyber is looking for a real game changer in the Information Assurance space. Someone who can lead Cyro’s clients in the ever changing world of Governance, Risk and Compliace.

Role Profile

Cyro provides skilled experts to help its client build cyber security and information assurance capability through pragmatic consultancy. This role will be a client facing role helping them to implement compliance regimes or controls to secure their organisations. Cyro focuses on assisting UK companies from a variety of verticals (Government, Critical National Infrastructure, Finance, Legal, Retail etc.) therefore a vast majority of work takes place in the UK though there is some international travel required in certain instances. The work is varied and engagements can vary from a 5-day risk assessment or regular vCISO engagements to a 6-month placement with the client. It’s an ideal way to broaden experience and prepare oneseld for a CISO role in the future.

The role of Lead/ Principal IA Consultant aligns with CCP/ SFIA Level 5.

Autonomy - Works under broad direction. Work is often self-initiated. Is fully responsible for meeting allocated technical and/or group objectives. Analyses, designs, plans, executes and evaluates work to time, cost and quality targets. Establishes milestones and has a significant role in the assignment of tasks and/or responsibilities.
Influence - Influences organisation, customers, suppliers, partners and peers on the contribution of own specialism. Makes decisions which impact the success of assigned work, i.e. results, deadlines and budget. Has significant influence over the allocation and management of resources appropriate to given assignments. Leads on user/customer and group collaboration throughout all stages of work. Ensures users’ needs are met consistently through each work stage. Builds appropriate and effective business relationships across the organisation and with customers, suppliers and partners. Creates and supports collaborative ways of working across group/area of responsibility. Facilitates collaboration between stakeholders who have diverse objectives.
Complexity - Implements and executes policies aligned to strategic plans. Performs an extensive range and variety of complex technical and/or professional work activities. Undertakes work which requires the application of fundamental principles in a wide and often unpredictable range of contexts. Engages and coordinates with subject matter experts to resolve complex issues as they relate to customer/organisational requirements. Understands the relationships between own specialism and customer/organisational requirements.
Business skills - Demonstrates leadership in operational management. Analyses requirements and advises on scope and options for continual operational improvement. Assesses and evaluates risk. Takes all requirements into account when making proposals. Shares own knowledge and experience and encourages learning and growth. Advises on available standards, methods, tools, applications and processes relevant to group specialism(s) and can make appropriate choices from alternatives. Understands and evaluates the organisational impact of new technologies and digital services. Creatively applies innovative thinking and design practices in identifying solutions that will deliver value for the benefit of the customer/stakeholder. Clearly demonstrates impactful communication skills (oral, written and presentation) in both formal and informal settings, articulating complex ideas to broad audiences. Learning and professional development —  takes initiative to advance own skills and identify and manage development opportunities in area of responsibility. Security, privacy and ethics — proactively contributes to the implementation of appropriate working practices and culture.
Knowledge - Is fully familiar with recognised industry bodies of knowledge both generic and specific, and knowledge of the business, suppliers, partners, competitors and clients. Develops a wider breadth of knowledge across the industry or business. Applies knowledge to help to define the standards which others will apply.

Responsibilities:

You will be working with the clients businesses across critical areas of infrastructure, technology and applications to apply policy and procedural alignment against central ISO2700, NIST, TSA or CAF standards. Responsibilities will include:

•             Lead security risk assessments at business, technical architecture reviews

•             Undertake gap analysis across projects and programmes using mature methodologies such as NIST (National Institute of Standards and Technology), CSF (Cyber Security Framework) & Telecoms Security Act.

•             Interpreting and applying appropriate standards, policies and legislation, e.g. DPA, HMG SPF, NCSC IA Portfolio, ISO27001,etc.

•             Produce gap RTP (risk treatment plan) remediation plans for projects and programmes and report findings with recommendations to customers. RTPs must incorporate where possible relevant (current) threats to new systems that are being deployed along with highlighting internal, external vulnerabilities along with likelihood of exploitation

•             Assist with the continual implementation and improvement of governance procedures within clients whilst adhering to centrals processes

•             Collaborate with the wider cyber teams to ensure full coverage of implementation of best practice and IA across the group

•             Evaluate new technologies for potential adoption in accordance with IA and good practice guides such as NCSC, CNI GPG’s, IA architectural patterns

•             Lead a team of junior IA professionals (apprentices) across the business (Lead role only)

•             Support clients IT and business units with conformance against (as applicable) NIS Directive, PSN CoCo, re-certifications against schemes such as Cyber Essentials

 

Requirements:

•            Experience and knowledge to apply NIST, CSF, HMG SPF, ISO27001 standards and frameworks

•             Experience of undertaking and leading risk assessments, risk treatment and implementing practice countermeasures for pragmatic remediation

•             Strong knowledge and experience of IT security

•             Security qualifications, preferably NCSC certified (minimum Practitioner level), CISSP, CISM, CompTIA CASP+

•             High documentation standards

•             Penetration testing / ethical hacking experience

•             Experience of running or planning vulnerability scans and understanding the security risk review process

•             Knowledge and understanding of the current and developing strategic information requirements of a Technology Services business

•             Strong interpersonal and communication skills

•             Skill in organising resources and establishing priorities

•             Ability to steer on regulatory and compliance matters

•             ISO27001 internal auditor or other CISA an advantage

•             Working knowledge of List X, List N, IEC62443-3-3 related standards advantageous

•             Eligible for Security Clearance (successful appointment will be subject to being granted Security Clearance) 

Excellent Employee Benefits:

Cyro is committed to ensuring that we offer industry leading career opportunities, salary and benefits packages. Join us and you can expect to receive:

·      26 days holiday, including public holidays, plus the option to buy or sell five days each year

·      Company pension scheme

·      A range of family friendly policies

·      An employee-funded car leasing scheme

·      Occupational health support

·      Cyro Rewards Scheme

So why choose Cyro for your next opportunity?

  • Be prt of the UK’s fastest growing Cyber Security Company      

  • To build, run and maintain a successful compliance programme, you need a connected approach – a team you can trust from strategy to support, and everything in between. At Cyro, this is what we do!

  • As part of our team, you could be working with some of the biggest names in the Critical Nation Infrastructure and Service Provider sectors including London Underground, Network Rail, Transport for London, RNLI, MOD and Virgin Media. You’ll help us ensure the most important messages get through – however tough the conditions.

  • Here are just some of the ways we’re different:

o   You’ll go further with us. We understand the importance of career development and will give you all the support you need to realise your potential. You’ll receive formal training, e-learning and mentoring from top professionals. And we offer opportunities to transfer to other sectors – or even different technology areas.

o   You’ll make a difference. You could be working outdoors, battling the elements, or in one of our many offices helping us develop the network infrastructures of tomorrow.

o   You’ll be treated as an individual. We’re not a vast corporation, which means every individual counts. With us, you’ll be valued and supported, involved and empowered from day one.

o   You’ll be well rewarded. We offer salary progression that reflects market rates and personal performance, a flexible working environment and excellent training.

We reserve the right to close this vacancy once we have received sufficient applications.

Cyro is an equal opportunities employer and is committed to diversity and inclusion.

This job description sets out the duties and responsibilities of the job at the time when it was drawn up.  Such duties and responsibilities may vary from time to time without changing the general character of the duties or the level of responsibility entailed.  Such variations are a common occurrence and cannot in themselves justify a reconsideration of the grading of the job.