Description:
At DXC, one of our platinum accounts has an opening for a Senior Information Assurance Consultant. The successful candidate will work within multiple teams and will be innovative and analytical with a good eye for detail. Your role will include implementing standards, policies, and procedures for continual service improvement.
We are looking for an experienced Security Consultant who has all round skills in information security risk management.
Role responsibilities :
- Working closely with Security Architects and the design teams, provide a bridge between the technical teams and the security risk owner from the business, helping translate technical security risks into a form understandable to non-technical business people.
- Advise risk owners as to the severity of the risks they are being presented with and potential mitigation strategies (and their impacts) to enable them to make informed risk management decisions
- Monitor implementation and ongoing maintenance of agreed risk management actions
- Create, maintain, and utilise risk assessment and related artefacts such as the risk register and security-specific documentation such as Security Operating Procedures
- Assist the Account Security Lead with creating and maintaining security-related processes, policies and guidance
- Proactively identifying areas for improvement in security across the account, both to improve security, and make good security easier
What you will bring to the team:
- Experience in a similar or related role with desirable additional qualifications to include CISM or CISSP / IISP or other professional body membership
- Experience of working to HMG (e.g. NCSC guidance, DSIT Secure by Design, GovS 007) best practices
- Desire to improve processes, looking for the root cause of a problem
- Willingness to both share your knowledge and learn from others
- A proactive approach towards looking for risks and problems
- A strong team working ethic, with a “customer first” focus and a thirst for knowledge
Desirable Skills and Technologies:
- Deep knowledge and understanding of information and cyber security risk management
- Experience in threat modelling utilising STRIDE or Attack Trees, NIST Cyber Security Framework
- Experience or knowledge of various technology stacks including Cloud (AWS, MS Azure), M365, VMWare, Redhat Openshift or other container orchestration platforms, Windows and Linux operating systems
- Knowledge of industry security guidance provided by the likes of OWASP and CIS
- Awareness of security champions programme
What we will do for you:
- Competitive compensation
- Pension scheme
- DXC Select – Our comprehensive benefits package (includes private health/medical insurance, childcare vouchers, gym membership and more)
- Perks at Work (discounts on technology, groceries, travel and more)
- DXC incentives (recognition tools, employee lunches, regular social events etc)