|
What you’ll be responsible for
The Technical Supply Chain Risk Consultant will support cyber project workstreams to identify 3rd Party technical risks to DCWW and support remediation activity as required.
Responsibilities:
- Attend project meetings and represent the Cyber Security Team, providing direction as required and as defined by the Head of Security Operations and Assurance.
- Support the Project Manager and Cyber Risk Consultant in delivery of project activities as required
- Deliver a comprehensive review of 3rd party connectivity and technical risks across the enterprise. To include capital partner connectivity methods, B2B federation, API connectivity, and other forms of remote access.
- Recommend and where appropriate implement risk treatment plans for identified issues.
- Support the development of Supply Chain Security Policy and Processes.
- Work with business contract owners and capability leads to understand their exposure to 3rd Party security risk.
- To assist the business to form process and systems solutions appropriate to security risk appetite and adequate to satisfy both tactical and strategic business needs.
- Ensure that relevant security policies and standards are applied to specific projects by adopting a hands-on approach where needed.
- Articulate risk so that it can be understood by both technical and non-technical stakeholders.
- Scope, arrange and support penetration testing and vulnerability testing and track remediation to a close.
About you
|
Essential |
Desirable |
Qualifications |
||
Recognised professional certification such as; CISSP, CISM, CISA, CRISC |
S |
|
Relevant Degree in a Technology / Security discipline |
|
S |
Experience |
||
Experience and understanding of security governance frameworks and security risk management. |
S |
|
Good familiarity with the NIST Cybersecurity Framework, CIS Critical Security controls, and ISO27001. |
S |
|
Experience of delivering security assurance services to significant projects within a large complex business |
S |
|
Experience of engaging consultatively and openly with internal & external stakeholders to ensure good collaboration and positive working relationships |
S |
|
Strong technology grounding – familiarity with its implementation and use within the corporate environment, and the potential vulnerabilities that could arise |
S |
|
Familiarity with utility-based organisations and operational technology |
|
S |
Experience of delivering “end to end” Information security assurance activities and achieving optimal risk management outcomes |
S |
|
Knowledge & Skills |
||
Effective communicator with strong written and verbal communication skills – capable of writing clear concise reports and presenting to senior stakeholder groups |
S |
|
Demonstrable security risk management knowledge and experience |
S |
|
Wide ranging knowledge of information security and IT security frameworks (NIST CSF, CIS Critical Security Controls, ISO27001 etc.), standards and application of Security best practice |
S |
|
A good understanding of security tooling including vulnerability scanning, SIEM monitoring, DDoS Protection, AV, EDR, remote access technologies, WAF, authentication and authorisation techniques, network sniffing, Data Loss Prevention |
|
S |