i-confidential offers a range of information security consulting services. We provide cost effective services to help our clients to clearly understand their information risks and develop their information and cyber security strategies. We deliver practical, understandable solutions to protect information. Our client base is expanding, and our clients are asking for an increasingly diverse range of services.
We are looking for an experienced Cyber Risk professional to assist a key client for a period of 5-6 months, this is starting ASAP and falls inside IR35.
- Security Risk Management:
- Apply seasoned security risk management techniques and experience to define, design and implement changes to processes required to support increased coverage and capability for Operational Cyber risk management (including documentation and user training workshops), following the introduction of the Surecloud risk management tool, and increased demand from management for detailed risk reporting across the business. Build on existing risk management structures to design and implement periodic business unit-aligned risk forums, and review changes in the business environment by updating the Supplier and Application database elements of the toolset. Perform a thorough review of risks in the risk register to ensure risk treatment plans and risk statuses are up to date.
- Affinity Partner Security Risk Management:
- Produce a security control knowledge resource (central repository) to support upcoming Partner-commissioned audits, to include detailed information on the service provided, technology supporting it, including applications and hosting.
- Third Party Security Risk Management:
- Design, develop and plan changes to OpCyberRisk processes relating to third party cyber risk management arising from the review (Q2/21). Implement any identified ‘quick wins’ as able, and package significant tasks for inclusion in the CISO 2022 Cyber Programme.
- Experienced corporate security risk professional.
- A generalist who can hit the ground running.
- Covering a lot of domains across cyber risk.
- Requires minimal instruction.
- Ability to put coherent thoughts and words around risk together and take non-risk specialist through the thought process.