Cyro Senior Information Assurance Consultant (GRC)
Location: Hybrid/Home
Type of Job: Permanent
Ref No: V11564
Cyro Cyber is looking for an enthusiastic team player to grow their Information Assurance career working on some projects of significant national interest.
Role Profile
Cyro provides skilled experts to help its client build cyber security and information assurance capability through pragmatic consultancy. This role will be a client facing role helping them to implement compliance regimes or controls to secure their organisations. Cyro focuses on assisting UK companies from a variety of verticals (Government, Critical National Infrastructure, Finance, Legal, Retail etc.) therefore a vast majority of work takes place in the UK though there is some international travel required in certain instances. The work is varied and engagements can vary from a 5-day risk assessment or regular vCISO engagements to a 6-month placement with the client. It’s an ideal way to broaden experience and prepare oneseld for a CISO role in the future.
The role of Senior IA Consultant aligns with CCP/ SFIA Level 4.
Responsibilities:
You will be working with the clients businesses across critical areas of infrastructure, technology and applications to apply policy and procedural alignment against central ISO2700, NIST or CAF standards. Responsibilities will include:
• Lead security risk assessments at business, technical architecture reviews
• Undertake gap analysis across projects and programmes using mature methodologies such as NIST (National Institute of Standards and Technology) CSF (Cyber Security Framework).
• Interpreting and applying appropriate standards, policies and legislation, e.g. DPA, HMG SPF, NCSC IA Portfolio, ISO27001,etc.
• Produce gap RTP (risk treatment plan) remediation plans for projects and programmes and report findings with recommendations to customers. RTPs must incorporate where possible relevant (current) threats to new systems that are being deployed along with highlighting internal, external vulnerabilities along with likelihood of exploitation
• Assist with the continual implementation and improvement of governance procedures within clients whilst adhering to centrals processes
• Collaborate with the wider cyber teams to ensure full coverage of implementation of best practice and IA across the group
• Evaluate new technologies for potential adoption in accordance with IA and good practice guides such as NCSC, CNI GPG’s, IA architectural patterns
• Support the development of junior IA professionals (apprentices) across the business
• Support clients IT and business units with conformance against (as applicable) NIS Directive, PSN CoCo, re-certifications against schemes such as Cyber Essentials
Requirements:
• Experience and knowledge to apply NIST, CSF, HMG SPF, ISO27001 standards and frameworks
• Experience of undertaking and leading risk assessments, risk treatment and implementing practice countermeasures for pragmatic remediation
• Strong knowledge and experience of IT security
• Security qualifications, preferably NCSC certified (minimum Practitioner level), CISSP, CISM, CompTIA CASP+
• High documentation standards
• Penetration testing / ethical hacking experience
• Experience of running or planning vulnerability scans and understanding the security risk review process
• Knowledge and understanding of the current and developing strategic information requirements of a Technology Services business
• Strong interpersonal and communication skills
• Skill in organising resources and establishing priorities
• Ability to steer on regulatory and compliance matters
• ISO27001 internal auditor or other CISA an advantage
• Working knowledge of List X, List N, IEC62443-3-3 related standards advantageous
• Eligible for Security Clearance (successful appointment will be subject to being granted Security Clearance)
Excellent Employee Benefits:
Cyro is committed to ensuring that we offer industry leading career opportunities, salary and benefits packages. Join us and you can expect to receive:
· 25 days holiday, including public holidays, plus the option to buy or sell five days each year
· Company pension scheme
· A range of family friendly policies
· An employee-funded car leasing scheme
· Occupational health support
· Cyro Rewards Scheme
SFIA 5 Head line definition:
Autonomy - Works under general direction within a clear framework of accountability. Exercises substantial personal responsibility and autonomy. Plans own work to meet given objectives and processes.
Influence - Influences customers, suppliers and partners at account level. May have some responsibility for the work of others and for the allocation of resources. Participates in external activities related to own specialism. Makes decisions which influence the success of projects and team objectives.
Complexity - Work includes a broad range of complex technical or professional activities, in a variety of contexts. Investigates, defines and resolves complex issues.
Business skills - Selects appropriately from applicable standards, methods, tools and applications. Communicates fluently, orally and in writing, and can present complex information to both technical and non-technical audiences. Facilitates collaboration between stakeholders who share common objectives. Plans, schedules and monitors work to meet time and quality targets. Rapidly absorbs new information and applies it effectively. Maintains an awareness of developing technologies and their application and takes some responsibility for driving own development. Contributes fully to the work of teams. Plans, schedules and monitors own work (and that of others where applicable) competently within limited deadlines and according to relevant legislation, standards and procedures. Appreciates the wider business context, and how own role relates to other roles and to the business of the employer or client."
So why choose Cyro for your next opportunity?
· To build, run and maintain a successful compliance programme, you need a connected approach – a team you can trust from strategy to support, and everything in between. At Cyro, this is what we do!
· As part of our team, you could be working with some of the biggest names in the Critical Nation Infrastructure and Service Provider sectors including London Underground, Network Rail, Transport for London, RNLI, MOD and Virgin Media. You’ll help us ensure the most important messages get through – however tough the conditions.
· Here are just some of the ways we’re different:
o You’ll go further with us. We understand the importance of career development and will give you all the support you need to realise your potential. You’ll receive formal training, e-learning and mentoring from top professionals. And we offer opportunities to transfer to other sectors – or even different technology areas.
o You’ll make a difference. You could be working outdoors, battling the elements, or in one of our many offices helping us develop the network infrastructures of tomorrow.
o You’ll be treated as an individual. We’re not a vast corporation, which means every individual counts. With us, you’ll be valued and supported, involved and empowered from day one.
o You’ll be well rewarded. We offer salary progression that reflects market rates and personal performance, a flexible working environment and excellent training.
We reserve the right to close this vacancy once we have received sufficient applications.
Cyro is an equal opportunities employer and is committed to diversity and inclusion.
This job description sets out the duties and responsibilities of the job at the time when it was drawn up. Such duties and responsibilities may vary from time to time without changing the general character of the duties or the level of responsibility entailed. Such variations are a common occurrence and cannot in themselves justify a reconsideration of the grading of the job.