Security Consultant/Analyst
Role details
Job location
Tech stack
Job description
Are you a security professional with a "shift-left" mindset and a passion for building secure-by-design platforms? Join Barclaycard Payments as we build a brand-new, cloud-native, and fully independent fintech-style merchant acquiring platform.
This isn't about maintaining legacy systems; it's about building a target-state platform from the ground up. As a Security Consultant / Analyst, you will be embedded within the CISO function, working directly with engineering and product teams to ensure security is woven into the fabric of the GAIA roadmap.
You will act as a bridge between high-level security standards and technical execution. This role is a blend of Cyber Business Analysis, GRC (Governance, Risk, and Compliance), and Technical Consultancy., * Secure-by-Design: Provide pragmatic security guidance to engineering workstreams, reviewing designs and technical specifications to identify risks early in the SDLC.
- Control Mapping & BA: Perform deep-dive business analysis to map cyber controls against the GAIA roadmap, ensuring alignment with the Barclays Cyber Control Library and refreshed Cyber Standards.
- Cloud & DevOps Security: Support the secure configuration of AWS workloads, CI/CD pipelines (GitHub), and containerised environments (Docker/Kubernetes).
- Compliance & Frameworks: Ensure the platform is built to be PCI DSS compliant, utilizing frameworks such as ISO 27001/2 and NIST CSF.
- Risk Orchestration: Help translate complex technical risks into business-relevant terms for stakeholders, ensuring all risks are logged, understood, and mitigated.
- Assurance: Assist in preparing for penetration testing, remediating findings, and validating control improvements.
Requirements
Do you have experience in NIST standards?, Do you have a Bachelor's degree?, We are looking for a high-energy consultant who has spent the last 5+ years in Cyber Security, ideally within Fintech or Financial Services. You should be comfortable "spinning plates" in a greenfield environment and have a strong background in reporting to CISO leadership., * Cyber experience within Fintech/Financial Services: Proven experience in security consultancy, advisory, or GRC roles.
- Cyber Business Analysis: At least 2 years of recent experience in mapping cyber controls and navigating complex project roadmaps.
- Framework Fluency: Deep understanding of ISO 27001/2, NIST CSF, and PCI DSS.
- Cloud & Modern Engineering: A solid grasp of cloud implementations (AWS preferred) and secure development lifecycle principles.
- Stakeholder Mastery: The ability to challenge and influence developers, architects, and risk officers effectively.
Desirable Skills:
- Experience securing End User Compute (EUC), specifically MacBooks managed via JAMF.
- Administration and securing of Google Workspace environments.
- Knowledge of merchant acquiring, payment flows, and fintech ecosystems.
- Security certifications (CISM, CISSP, or equivalent) are a plus.
Benefits & conditions
Pulled from the full job description
- Employee discount
- Company pension, As a contract employee of Randstad Sourceright, you'll receive a wide range of financial and personal benefits. There's enrolment in a pension plan (after 12 weeks on assignment) and holiday pay. You'll also get 24/7 access to an Employee Assistance Programme, designed to help you deal with any problems that could be affecting your home or work life. Plus, there's discounts at heaps of high street shops, restaurants and entertainment - from Asda to Zizzi Italian restaurants.
