Lead Information Security Consultant (CSO)
Role details
Job location
Tech stack
Job description
The purpose of this role is to deliver information security consultancy to LRQA clients, specialising in both strategic consultancy - via the CISO Support Office (CSO) and governance, risk and compliance (GRC). As a Lead Consultant, you will be capable of working autonomously, supporting colleagues and leading engagements to ensure that delivery of LRQA services is delivered effectively, to scope and in line with budget.
This role is hybrid, with occasional travel to client sites and LRQA offices as required.
What You'll be Doing in Your Role
Key Responsibilities
Delivery
A core competency for this role is the ability to effectively deliver engagements to clients to a consistently high standard. As a Lead Information Security Consultant, you would be expected to drive engagements whilst supporting other members of the team with the ultimate aim of achieving excellent client satisfaction results.
Examples of the type of delivery activities a Lead Information Security Consultant may participate in include:
-
Provision of client support to achieve compliance/certification against recognised standards such as ISO 27001, the GDPR, NIST CSF and CMMC.
-
Independently conduct ISO/IEC 27001:2022 audit activities.
-
Provision of expert advice to clients on governance structures - including policies, procedures and controls to achieve compliance and reduce risk exposure.
-
Cybersecurity Maturity Assessment engagements.
-
Facilitation of information asset discovery workshops and engagements.
-
Facilitation of risk assessment workshops and engagements.
-
Delivery of business continuity scenario tabletop exercises.
-
Delivery of external stakeholder training and awareness presentations.
Service Development
Effective service development is key to the success of GRC and you would contribute to this by providing guidance and using your subject matter expertise and experience to identify, design and deliver collateral. Key activities include:
-
Standardization of all customer-facing collateral used throughout every region that we operate in.
-
Implementation and development activities around new and emerging frameworks.
-
Improvement / enhancement suggestions for existing collateral.
-
Development of new collateral where required.
-
Collaboration with the developers of LRQA's portal to aid with integration of Information Security and GDPR requirements., We are a people-focused, high-performing, high-trust professional services team. You'll be part of a diverse and growing international group of consultants, and we go out of your way to make sure our consultants feel part of our team. We use technology to ensure we're always communicating with each other and schedule time every week to talk as a team.
The successful candidate will have opportunities to:
-
Make a difference - as clichéd as it sounds, this really is true. We encourage all employees to challenge norms and empower them to get involved. This might be getting involved with other teams or developing a new service offering - but if you want to do something, we always try to make it happen
-
Get involved - enjoy blogging or public speaking? Our team is committed to getting involved in industry discussions. We make time to attend conferences and get involved in the infosec community
-
Develop their skills - we love learning and ensure we find time for professional development. This isn't just about collecting certifications and attending training courses - gaining and sharing knowledge in new areas is vital. These don't always have to be directly related to your "day job"; in fact, we actively encourage developing knowledge in new and exciting domains
Requirements
Degree level qualification in Computer Science, Computer Engineering, IT, Cyber Security, or a related field or 5 years experience working within an information security role.
Minimum 5 years experience in delivering consultative engagements using well known risk management and data security frameworks, standards, and methodologies.
Current CMMC Professional (CCP) or the ability to attain this within three months.
ISO 27001 Lead Auditor or Lead Implementer qualification
Experience implementing SOC 2 Type 2 is strongly preferable.
CISSP/CISM (or equivalent) certification preferable
Experience in ISO 27001 implementation and use of relevant standards to build control frameworks
Demonstrable experience communicating complex information security concepts to top level (C suite) management.
Experience in cyber resilience planning, security operations, and managing security professionals
Strong communication skills and the ability to build rapport with key stakeholders
Experience in some or all of the following areas of information security:
-
GDPR regulation
-
TISAX
-
CIS Controls
-
DORA
-
NIS 2 Directive
-
HIPAA / NHS DSPT / Healthcare regulation
-
Business Continuity
-
Supplier Management
-
Incident Management
-
Physical Security
