Digital Security Consultant (Outside IR35) | Ref: PIP0008653

This post is responsible for leading technical security delivery for the ICO. Focused on key areas of project change and ensuring the adherence to corporate policies, controls, and industry best practices.
You will lead and deliver the assessment of project and change requests to assess and articulate vulnerabilities and remediations in collaboration with the wider Information Security team, the ICO Digital and IT product owners and the ICO senior leadership team, you will review all areas of best practices, including ensuring our high value assets our suitably protected.
As part of the Information Security Team, you will provide technical expertise and practical experience to drive ICO policies and education, and to deliver appropriate and proportionate direction, on all security issues and challenges.
Working in collaboration with the wider information security community within the ICO and across strategic partners, such as NCSC, NCA, CPNI, you will ensure that the threat landscape across the regulatory sector and at national levels are understood; that priorities and direction reflect the changing credible threats to the ICO and our operations, and that our key systems and assets are appropriately secured, assessed, monitored.
As Digital Security Consultant your main responsibilities will be:
+ Vulnerability and remediation management
+ Threat modelling and Threat intelligence
+ Project and Change engagement
+ Creation and updating of threat models for the core ICO services. Aligning these threat models and delivering appropriate workstreams to ensure clear oversight of the controls in place for each service.
+ Co-ordinating with relevant ICO departments to provide input and direction into areas such as physical and personnel security, and the ongoing review of credible threats to both staff and the physical estate.

+ Minimum of 5 years' experience in a similar role
+ Experience of defining and refining security controls and producing security standards
+ Proven experience of implementing or reviewing Role based access controls (RBAC)
+ Proven knowledge of MFA, SSO technology
+ Demonstrable experience in leading security deliveries and change.
+ Experience of delivering cross organisation security change, with the ability to influence and guide both technical and non-technical colleagues, through policies and in best practices.
+ Excellent organisation skills, demonstrating an ability to manage complex workloads and identify key priorities in line with organisational strategy and roadmaps.
+ Self-motivated and dynamic with the skills to identify issues and willingness own remediations.
+ Excellent verbal, communication, and interpersonal skills with people at all levels, using tact and diplomacy and able to collaborate with other teams to achieve objectives
+ Current substantial experience in the information security arena. CISSP in good standing or equivalent proven level of experience.
Desirable experience:
+ Cloud security
+ Azure security
+ MS365 & SharePoint Online
+ Experience in working in a public sector or highly regulated organisation
+ CCSP
+ CISM
+ CEH
+ ISO 27001 lead implementor
If this role sounds like something that you would be interested in, please click the link to apply.
Disability confident
As a member of the disability confident scheme, CLIENT guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group.