GRC – Senior Security Consultant

The Opportunity

The Senior Security Consultant holds a pivotal position, contributing to the growth of the Consulting practice through the delivery of high-quality projects and by providing outstanding customer support for our clients.

Working with the Head of GRC, you will provide ongoing thought leadership for our customers and the wider team and assist the Head of GRC to meet the specific financial targets set for the Consulting division. This will be achieved through effective account management and by providing outstanding engagement and relationship management to our customers, at all times - consistently delivering projects on time, on budget and with exceptional quality.

Leveraging deep technical and security experience, the Senior Security Consultant is integral in championing our client’s cyber security programs and outcomes – delivering strategic and tactical projects and deliverables, whilst ensuring alignment with client objectives, best practice security methodologies and industry standards.

The Senior Security Consultant will assist the Head of GRC to plan, coordinate and perform regular security reviews and assessments of client’s information security management systems, business continuity management systems, and more recently artificial intelligence management systems. This role is also expected to deliver and support clients in remediation to address prior reviews, assessments or audits.

The Senior Security Consultant will perform or work with relevant partners to complete thirdparty security risk assessments. Additionally, this role is responsible for delivering training and awareness workshops; communicating security best practice and supporting clients to become mature and meet security objectives; building lasting relationships with customers.

Collaborating with the Sales team, the role will provide both pre and post sales consulting support to develop proposals. This role should have skills to both identify and clearly articulate security services or solutions relevant to our clients (this includes penetration testing, security incident and event monitoring, digital forensics, security engineering and other operational security needs). Drawing on your extensive industry knowledge around cyber security best practice principles and standards you will help to continually improve security outcomes for Infotrust’s and our customers.

‍

Responsibilities

Delivery of Consulting Services

• Responsible for delivering or overseeing security consulting projects; from quoting of projects and Statement of Work (SOW) creation, through to successful delivery of services to clients, meeting deliverables and milestones - on time and budget
• Ensure excellent customer feedback for the Consulting team is maintained, supporting the wider team and company on areas for improvement, as and where required
• Ensure quality control standards are met and maintained during pre-sales and delivery
• Lead and work collaboratively with clients to design, review or improve security maturity
• Perform reviews, assessments and implementation support based on industry framework and Standards particularly ISO/IEC 27001, ISO/IEC 42001, ISO/IEC 22301, NIST Cybersecurity Framework (CSF), NIST SP 800-53 and other NIST Special Publications, CPS 230 or 234, ISA 62443, and the Australian Government’s Information Security Manual (ISM).
• Delivery of information security advisory services to clients to support identifying or remediating risks or issues relevant to project outcomes.
• Develop, lead and monitor relevant Service Level Agreements (SLAs), metrics, reporting, project scoping and management, customer escalation and engagement management
• Provide expertise to Infotrust sales and marketing teams in pre-sales and promotion of the company’s security services
• Develop an understanding of the products and services Infotrust sell
• Evaluate capability risks and gaps and take action, or co-ordinate action to meet objectives
• Evaluate process effectiveness and identify areas for continuous improvement

Services Delivery Management

• Analyse and document security events or problem spaces. Identify root causes, prioritise threats and recommend or implement corrective actions.
• Review and advise on threats and risks relevant to client’s operating models, governance structures and technologies.
• Conduct security reviews of organisation’s people, processes and technologies to make appropriate and pragmatic recommendations.
• Assess and identify improved ways of automating, orchestrating, streamlining and combining technologies and processes to achieve security maturity outcomes.
• Support of internal security Governance, Risk and Compliance activities if required

Team Management

• Assist the Head of GRC to mentor and grow a team of security consultants across pre and post sales functions, proportionate with business needs
• Assist with the professional development needs of the team, keeping up to date with the changes in the industry; including emerging trends in organisational, personnel, physical and information security domains.
• Identify team engagement drivers and address any team concerns.
• Working with the Head of GRC to help ensure team metrics and client outcomes are met.

Knowledge & Expertise

• Provide industry knowledge to customers and the broader team on security solutions or issues affecting customer’s security governance, risk management or compliance goals.
• Oversee project deliverables to ensure solutions and outcomes agreed are applied and met in line with customer and business requirements
• Create and expand lasting relationships with customers and partners based on subject matter expertise, thought leadership and practical advice.
• Deep knowledge of security regulations and legislation (particularly Australia, and AsiaPacific however experience or knowledge of US and UK regulatory and legislativeframeworks a bonus).
• Develop information security governance and risk management strategies and frameworks (including policies and standards development or issuing targeted, specialist advice) to help clients measure themselves against defined objectives.
• Perform reviews, assessments and implementation support based on relevant frameworks or Standards applicable particularly ISO/IEC 27001, ISO/IEC 42001, ISO/IEC22301, NIST Cybersecurity Framework (CSF), ISA 62443, and the Australian Government’s Information Security Manual (ISM).
• Deliver projects on time and within budget, sharing results and recommendations in an appropriate manner to executives and technologists.
• Scope, resource and deliver security consulting projects ensuring activities defined are delivered to the highest standard.
• Engage in skills transfer activities internally and with customers; security education and awareness services are some of the core capabilities the GRC team deliver.
• Develop tools and templates or provide delivery efficiencies for the GRC team.

‍

Skills

• 5-7+ years’ experience, ideally in security consulting or security practitioner roles
• Sound understanding and experience in developing security objectives
• Strong written and verbal communication skills, including the ability to clearly articulate complex security and technology concepts to a broad and diverse audience
• Ability to write and present formal reports and presentations on security proposals, results or issues
• Relevant tertiary qualifications
• Relevant security certifications (CISSP, CISM, CISA, ISO 27001 Lead Auditor or Lead Implementor, IRAP Assessor, PCI DSS QSA etc.).
• Practical understanding of Information Security Standards and Frameworks, e.g. ISO 27001, NIST Cybersecurity Framework, Essential Eight, Australian ISM)
• Experience in both developing security strategy and delivering against outcomes.
• Proven track record building strong relationships with customers, business leaders andstakeholders

‍

Platforms and Software

• Strong knowledge of network security, platform security and application security concepts
• Familiarity or proficient experience working in some, or all security domains, including:
  
  • Physical security:
    
    • Building management systems
    • Monitoring and access control systems
  • Information security, including:
    
    • Identity and access management
    • Security architecture and design
    • Security operations or engineering.
• Experience reviewing and understanding information security risks applicable to onpremises and cloud or hosted environments
• Private and public cloud platforms and native security capabilities or tooling available to AWS, Azure, or GCP environments
• Network security experience or deep knowledge
• Operating system security experience or deep knowledge
• Application and data security experience or deep knowledge

‍

Personal Attributes

• Ability to stay calm and focused under pressure, particularly during incidents or crises
• Exceptional time management
• Strong Stakeholder management capabilities
• Outstanding verbal and written communication
• Excellent leadership, communication and interpersonal skills, with the ability to engage effectively with both technical and non-technical stakeholders
• Exceptional problem-solving skills, with a focus on delivering pragmatic and innovative solutions
• Highly client-focused with a deep understanding of client needs and the ability to build lasting partnerships
• Flexibility
• Ability to align cyber security objectives with key business goals
• Lead by example on Infotrust Values and Vision
• A high aptitude to want to learn new technologies and study as required
• Ability to work autonomously but also as part of an agile, collaborative team
• Ability to set goals, motivate and mentor the team – recognising developmental requirementsHigh level of attention to detail
• Willingness to comprehend, use and introduce innovative technologies and processes

‍

Leadership Competencies

• Decision making competency
• Strong business acumen
• Performance management
• An understanding of business engagement drivers

‍

How to Apply

Please send resumes to: pauline.tabirara@infotrust.com.au