Back to Job SearchThe team you'll be working with:
The GRC Consultant (Cyber Assurance / Security Operations Manager) is primarily responsible for ensuring the security controls (people, process, technology) are in place and operating as designed. The primary aim is the design, development, test and evaluation of information security throughout its lifecycle. This is to ensure the business purpose of the system is enabled in a safe and secure manner based on the alignment of identified risks to the acceptable risk posture of the business.
What you'll be doing:
-
Providing security expertise across security standards and accreditations, measure and control the effectiveness of the security controls framework and maintain the Information Security Management System.
Deriving and delivering documented Information Security Management Plans which incorporate Regulatory, Legal and Compliance in relation to applicable security policies. Standards and guidelines
Assisting with the identification of identified risks and emerging cyber security vulnerabilities and threats. The subsequent analysis to quantify and lead risk mitigation plans
Work with Service Management to ensure that partners and suppliers adhere to agreed standards, policies and verify/evidence appropriate compliance and security KPIs
Work closely with 1st, 2nd and 3rd lines of defence on all matters relating to cyber security, information assurance, cyber risk, data privacy including regulatory and compliance considerations
Lead the development and enhancement of governance, risk and compliance aligned to policy, standards an industry good practice
Ensure that continuous assessment, identification, analysis and reporting of useful metrics to enable informed risk based decisions to be taken
Constructively challenge established processes and controls to identify, recommend and facilitate continuous improvement, ensuring that all personnel (including senior stakeholders) understand their responsibilities in relation to security risk mitigation and remediation
Review and verify that documentation relating to process and technical security controls are maintained
Develops and maintains Information Security Management practice and process to ensure certification to required industry standards (e.g., ISO 27001) within relevant geographic boundaries.
Develops, proposes and seeks sponsorship for changes to policies, procedures and controls to ensure the integrity of the in-scope IT services and effective management and control of information assets. Facilitates the implementation of these controls.
Performs focused information risk assessments of existing or new services and technologies, alongside the Operational/Service Management team and technology subject matter experts.
As required, will extend the assessment of existing and proposed services to third party suppliers, including the facilitation of IT Security checks during the supplier onboarding and contract lifecycle to ensure coherent approach to risk management
Coordinate audit, ITHC and risk assurance activities to evidence compliance with established regulatory and governance requirements including governance of any Remediation Action Plan (RAP) to ensure timely mitigation of identified risks / vulnerabilities
Maintains strong working relationships with individuals and groups involved in managing information risk across the in-scope services and aligned suppliers / 3rd parties
Chairs and co-ordinates the Security Working Group (SWG) and actively participates in supporting/governing forums
Contribute to the analysis and mitigation of data protection risks
Monitors information security incidents, contributing to incident response and root cause analysis. Will own resulting actions as required where they relate to required changes in IT Security and Information Risk Management policy and controls
Security operations and incident response, liaison with internal teams and 3rd party suppliers
What experience you'll bring:
- A track record of delivering security solutions for large-scale infrastructure, transformation or integration programmes
- Practical knowledge and understanding of industry security frameworks and guidance such as NIST CSF, NIST 800-53, NCSC CAF and other NCSC guidelines
- Good knowledge of networking (switching, routing, firewalls)
- In-depth knowledge of modern security concepts, common attack vectors, malware, security analytics and threat intelligence.
- A good understanding of security testing and vulnerability management is important (including pen testing/ITHC, CVSS/CVE)
- Experience working with security standards such as ISO 27001, 27002, 27017, 27108 etc
DESIRABLE SKILLS AND EXPERIENCE
- Experience with the design concepts associated with adoption of Cloud platforms (AWS and/or Microsoft Azure)
- An understanding of the native security capabilities and good practice within Cloud platforms (AWS and/or Microsoft Azure)
- CISSP, CISM, CCSP, CRISC or equivalent experience
- Good knowledge covering several of the following examples (this list is not exhaustive): AD, Cryptography, End User Computing, IAM, PKI, Server hardening, SIEM, SOAR, virtualisation (VMware)
- Familiarity with MITRE ATT&CK
- Familiarity with ITIL
Who we are:
We’re a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.
Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.
For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA
what we'll offer you:
We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.
We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a Disability Confident Committed Employer - we want to see every candidate performing at their best throughout the job application and interview process, if you require any reasonable adjustments during the recruitment process, please let us know and we look forward to hearing from you.
Service Line Manager
Warren is a seasoned security consulting advisory leader & practitioner, who has worked in the Professional & Consulting Services sector for more than 25 years. Employed by NTT he holds a trusted client advisory & consulting role as well as working in client executive or director level roles, Warren is focused on building, leading & directing corporate security functions, educating client boards & executive management on Information & Cyber Security risks, defining strategies in Enterprise & Service Provider environments, as well as helping clients solve individual Cyber & Info. Sec. challenges. Warren understands business language, identifies key drivers and links this to his extensive experience in enterprise security, strategy & road mapping, audit, and a depth of knowledge in a portfolio of security, risk and privacy / industry methodologies & frameworks; NIST, ITIL, SABSA, TOGAF, COBIT, COSO & ISO to name just a few.
Location
“Upon joining the NTT DATA UK family, you will experience a culturally diverse organisation living our values of Clients First, Teamwork and Foresight as we partner with our customers every day.
At NTT DATA UK, we are proud to support and invest in our people. We offer a variety of rewarding career paths and opportunities to develop professionally - with access to cutting edge innovation.”
Fernando Apezteguia, CEO, NTT DATA UK
