We are looking to recruit an Information Security Risk & Compliance consultant, to join our existing Information Security team. Working with the Information Security team to provide advice and guidance on IT security and further develop IT policies and processes across a multi-region infrastructure consisting of 8000+ staff and 100+ sites.
As a member of the IT Security team, you will review all aspects of the IT environment and its components. This role shall be responsible for supporting Governance, Risk and Compliance activities within Turner & Townsend. The successful candidate will be required to proactively improve and provide advice and guidance on information security matters. We believe this is an excellent opportunity for candidates who have a strong understanding of IT security with experience of working in a fast-paced environment.
Key Duties and Responsibilities
- Create and maintain policies within our Information Security Management System, to support business requirements and align with ISO 27001
- Maintain a register of security controls, to identify compliance against security standards, including ISO 27001, NIST, COBIT etc
- Develop and enhance security policies, processes, procedures and technical controls to strengthen Turner & Townsend’s security capabilities and resilience to cyber threats
- Maintain and manage the IT Risk Register to ensure that IT risks are regularly reviewed, correctly identified, assessed, reported and mitigated in line with recommended best practices
- Identify and raise awareness of security risks
- Develop a register of regional regulatory privacy requirements and develop processes to monitor regional controls to ensure compliance
- Perform daily, weekly, and monthly security checks, reconciliation and compliance checks and investigate exceptions
- Complete client security requirement questionnaires and support the bidding process
- Assist with security incident management and response activities
- General day-to-day support on managing and responding to security alerts from systems and end users
- Support the wider IT team to provide and share technical knowledge and security best practices
- Support and develop business continuity plans, processes and capabilities to ensure they work as designed, identifying gaps and lessons learnt and work with the business to drive continual development and enhancement
Remember: You should never send cash or cheques to a prospective employer, or provide any financial information. Please get in touch if you see any roles asking for payments or financial details from you. For more information, visit jobsaware.co.uk.