IT Security Audit Risk & Compliance SME in City of London, London

Security Audit, Risk & Compliance SME (SC Clearable)

Fulltime

Permanent

Salary - £67-82K + 10% Bonus plus benefits

Location: London hybrid (4 days per month in office)

Are you an experienced Security Audit, Risk & Compliance SME with strong knowledge of both risk &/or control frameworks such as; the ISO3100 series, NIST, ISO270xx series, ISF, CIS, UK CAF, etc and compliance, such as PCI DSS/ISO/GDPR?

Are you looking for a new permanent role with a global organisation that offers excellent benefits and career progression along with hybrid working?

ARM is recruiting for a fulltime permanent experienced Security Audit, Risk & Compliance SME to work for our global technology client. You will be working for their end customer in the government sector on a hybrid basis with 4 days per month onsite and the rest of the month WFH.

Our client:

They're a leading business with a global reach that empowers local teams, and they undertake hugely exciting work that is genuinely changing the world. Their advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.

What you'll be doing:

Using your background in Risk & Compliance, you will help our clients:

• Assess and test the effectiveness of security controls, and document the compliance levels to identify risks and control gaps.
• Understanding the Security regulatory landscape that affecting UK & EU business and IT areas.
• Evaluate security risks against either client risk models or well-known risk &/or control frameworks such as; the ISO3100 series, NIST, ISO270xx series, ISF, CIS, UK CAF, etc,
• Develop and review security risk models, standards, procedures, and controls to manage client risks.
• Improve security risk posture through defining a process of improvements, leveraging Risk & Compliance platforms, policy, automation, and the continuous evolution of capabilities.
• Ensure & evaluate that required and expected security controls are in place and working as they should.
• Recommend tooling and process improvements and develops reporting metrics, dashboards, and evidence artefacts.
• Document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities.
• What experience you'll bring:

It starts with amazing people, challenging projects and a work environment that supports the creation of tangible solutions that make an impact. You will need to have a broad experience of security risk management and have evidence of experience in a number of the following fields of expertise:

• Demonstrate in-depth knowledge of Risk assessment and risk management methodologies &/or frameworks.
• Experience in applying & using qualitive / qualitive Risk and/or Threat based risk models
• Knowledge of UK / EU information security management, governance, and compliance principles, practices, laws, rules and regulations.
• Experience in implementing and/or operating one or more Security Risk Management, Compliance or Data Protection technology platforms.

Experience in implementing and operating one or more of the following:

• ISO 27001 compliant ISMS
• PCI DSS / SOX compliance
• UK NCSC CAF compliance
• UK or EU GDPR / UK Data Protection compliance
• NIS/NIS2, DORA compliance
• UK Operational Resilience / TSA(R) compliance
• UK CNI / OT / IIOT compliance
• Cyber and Cloud Security standards & frameworks, supporting architecture, design, operations, controls, technology, solutions, and service orchestration.
• Core knowledge of Information Technology systems and processes, network infrastructure, data architecture, data processes, and protocols.
• Information systems auditing, monitoring, controlling, and assessment processes.
• Knowledge of Incident response management.

Along with:

• Outstanding English verbal communication skills with the ability to explain things in a clear and non-technical way.
• Excellent English writing skills for technical documents and improving processes (such as policies and reports).
• The ability to explain complex topics to a diverse range of audiences.
• Strong attention to detail and the ability to deliver high quality work.
• A valid right to work in the UK.
• Have held UK SC clearance or be eligible for obtaining UK SC clearance.
• A relevant and recognised professional Security / Risk / Compliance certification supporting the role, such as; CISSP, PCI ISA, ISO 27001 ISMS Lead Implementer, CRISC, etc.

Standard benefits are:

• Private medical insurance or health cash plan
• 10% annual bonus
• Life assurance
• Income protection
• 25 days holiday
• Holiday trading
• Generous pension scheme

Benefits you can add include:

• Discounted gym membership
• Dental insurance
• Cycle to work scheme
• Travel insurance