Senior Security Consultant (GRC)

The Opportunity

The Senior Security Consultant holds a pivotal position, contributing to the growth of the Consulting practice through the delivery of high quality projects and by providing outstanding customer support for our clients.

Working with the Head of GRC, you will provide ongoing thought leadership for our customers and the wider team and assist the Head of GRC to meet the specific financial targets set for the Consulting division. This will be achieved through effective account management and by providing outstanding engagement and relationship management to our customers, at all times - consistently delivering projects on time, on budget and with exceptional quality.

Leveraging deep technical and security experience, the Senior Security Consultant is integral in championing the organisation’s cyber security program - encompassing both strategic and BAU projects and deliverables, whilst ensuring alignment with best practice security methodologies and industry standards.

The Senior Security Consultant will assist the Head of GRC to plan, coordinate and perform regular security reviews and assessments of enterprise IT systems and applications, whilst continually monitoring security events and triaging alerts, including coordinating and documenting response actions to any security incidents.

The Senior Security Consultant will perform or work with relevant partners to issue third-party service provider risk assessments using the relative frameworks, including follow-up on risk mitigation and remediation actions and maintain up to date records of third-party risks. Additionally, they will be responsible for evangelizing security best practice into the market and supporting clients to become more secure and productive, building lasting relationships with customers.

Collaborating with the Sales team, the role will provide pre and post sales consulting support to identify security gaps, drawing on your extensive industry knowledge around cyber security best practice principles and standards.

‍

‍

Responsibilities

Delivery of Consulting Services:

• Responsible for the 360o consultancy project lifecycle; from quoting of projects and SOW creation, through to successful delivery of consulting services to clients, meeting deliverables and milestones as per agreed SOWs - on time and budget
• Ensure excellent NPS/customer feedback for Consulting team is maintained, leading the wider team to address areas for improvement as required
• Ensure Quality Control standards are met and maintained throughout each engagement
• Lead and work collaboratively with IT teams and the wider business to design, develop and review the security roadmap, taking into account the changing threat landscape
• Perform reviews and assessments based on industry/regulatory requirements such as ISO 27001, NIST Cybersecurity Framework, Essential Eight, CPS 234 and the Australian ISM.
• Delivery of information security advisory services to clients
• Develop, lead and monitor SLA’s, metrics, reporting, project scoping and management, customer escalation, engagement management and overall customer satisfaction
• Provide technical expertise to support Infotrust Sales teams in pre-sales and promotion of cyber security services
• Develop an understanding of the products and services Infotrust sell
• Evaluate and respond to emerging security issues. Evaluate capability risks and gaps and take action, or co-ordinate action to meet objectives
• Evaluate process effectiveness and identify areas for continuous improvement

‍

Services Delivery Management:

• Analyse and document security events. Identify root causes, prioritise threats and recommend or implement corrective actions. Test and deploy risk mitigation process
• Review and advise on technologies threats and risks.
• Conduct security reviews of organisations or security processes and make appropriate recommendations
• Assess and review ways of automating, orchestrating, streamlining and combining relevant technologies to uplift protection capabilities
• Support of internal security Governance, Risk and Compliance activities if required

‍

Team Management:

• Assist the Head of GRC to mentor and grow a team of security consultants across pre and post sales functions, proportionate with business needs
• Assist with the professional development needs of the team, keeping up to date with the latest changes in the industry
• Identify team engagement drivers and address any team concerns
• Working with the Head of GRC, ensure team metrics are being met, in terms of customer success, team effectiveness, utilisation and that business targets are being achieved

‍

Knowledge Expertise:

• Provide extensive industry knowledge to customers on security solutions
• Oversee project deliverables to ensure solutions are implemented to best practice and in line with customer and business requirements
• Create and expand lasting relationships with customers and partners, based on subject matter expertise, cyber thought-leadership - becoming a trusted advisor to our customers on their security strategy
• Ensure customer feedback is reported as excellent, resulting from their experience working with the Consulting team

‍

‍

Key Competencies & Experience:

• Develop Information security governance and risk management strategies, frameworks, policies, standards and metrics to measure maturity of overall security operations, in alignment with business priorities and its tactical/strategic objectives
• Perform reviews, assessments and system implementations based on industry/regulatory requirements such as ISO 27001, NIST Cybersecurity Framework, SOC2/SSAE-18, CPS 234
• Create and maintain a cyber security incident response plan
• Organisation/review of IT risks and operational risk register, in conjunction with COO
• Develop IT and executive reports of relevant risk ratings and threats across the technology landscape
• Organisational review of security processes and procedures
• Work with partners in conducting security audits
• Develop professional communications to business stakeholders on threats and risks, as required
• Contribute to the management of vendor security via questionnaires and reviews
• Deliver projects securely on time and within budget and share results and recommendations to both technical and non-technical customers, in the form of either in-person presentations, written or verbal reports
• Scope required activities and perform project estimates as required, ensuring that consulting activities defined in these scopes are delivered to the highest standard
• Engage in skills transfer - both internally and with customers
• Deliver exceptional project management for our internal stakeholders and our customers
• Develop tools and templates to provide delivery efficiencies for the GRC team
• Ensure projects are estimated in line with customer needs and deliverables and are competitively priced (whilst understanding the customer’s financial expectations). You know you are on track, when divisional targets and metrics are being met or exceeded, in accordance with annual KPIs set by the business (specific utilisation and financial targets)

‍

Skills:

• 5-7 years’ experience, ideally working in a Consulting security specialist role
• Sound understanding and experience in developing information security practices in an organisational context
• Strong written and verbal communication skills, including the ability to clearly articulate complex security and technology concepts to a broad and diverse audience
• Ability to write and present formal reports and presentations on security proposals, results or issues
• Relevant tertiary qualifications
• Relevant security (CISSP, CISM, ISO 27001, IRAP Assessor, PCI DSS QSA etc) or other technical certifications
• Practical understanding of Information Security Standards and Frameworks, e.g. ISO 27001, NIST Cybersecurity Framework, Essential Eight, Australian ISM)
• Experience in developing cyber/information security strategy and strategy execution
• Experience in implementing and assisting in certification of an ISMS to an industry standard (e.g. ISO 27001)
• Experience managing audits (internal and external) and auditors
• Proven track record building strong relationships with customers, key business leaders and stakeholders

‍

Platforms and Software:

• Knowledge of network security, platform security and application security concepts
• Familiarity or proficient experience working with some, or all security domains, including:
• Identity and access management projects
• Data governance and security projects
• On premise or hybrid IT operating environments
• Private and public cloud platforms
  
  • Network security
  • Email security
  • Infrastructure & Platform (IaaS, PaaS) security
• Application security

‍

Personal Attributes:

• Ability to stay calm and focused under pressure, particularly during security incidents or crises
• Exceptional time management
• Strong Stakeholder management capabilities
• Outstanding verbal and written communication
• Excellent leadership, communication and interpersonal skills, with the ability to engage effectively with both technical and non-technical stakeholders
• Exceptional problem-solving skills, with a focus on delivering pragmatic and innovative solutions
• Highly client-focused with a deep understanding of client needs and the ability to build lasting partnerships
• Flexibility
• Ability to align cyber security objectives with key business goals
• Lead by example on Infotrust Values and Vision
• A high aptitude to want to learn new technologies and study as required
• Ability to work autonomously but also as part of an agile, collaborative team
• Ability to set goals, motivate and mentor the team – recognising developmental requirements
• High level of attention to detail
• Willingness to comprehend, use and introduce innovative technologies and processes

‍

Leadership Competencies:

• Decision making competency
• Strong business acumen
• Performance management
• An understanding of business engagement drivers

‍

How to Apply

Please send resumes to: pauline.tabirara@infotrust.com.au