The I.T. Security consultant will be responsible for ongoing strategy, design and improvement of effective security operations for Ergo customers through the development of Information Security Management Systems providing Ergo and its customers with assurance over the design and operational effectiveness of security controls, policies and procedures needed to deliver effective governance, compliance and security services.
This is a Subject Matter Expert role as a dedicated Information Security professional working to ensure Ergo customer data and information is protected by working directly with the business and technologies, to ensure information security risks are identified, assessed, mitigated and controlled through the deployment of a sustainable information security risk management program. The security consultant will support the complete spectrum of business-level IS programs including but not limited to: expert consulting in regards to security requirements and security practices relating to vulnerability and security management systems, creating security policies and delivering security audit and assessment engagements.
The security consultant will also operate in a pre-sales and consultancy role performing all aspects of ICT operational risk management, governance, reporting, security audits and regulatory compliance functions.
- Consult, assess and advise on security best practices for Ergo and Ergo customers
- Support Ergo and its customers with the implementation of ISMS
- Completion of information security engagements:
- Risk assessments
- Gap analysis reviews
- Security architecture review and design
- Policies and procedures review and design
- Training and awareness development and delivery Information security program management
- Formal reporting and presentation to clients
- Contributing to identifying opportunities and winning new business
- Define and provide pragmatic security guidance and architectures that balance business benefit and risk
- Act as security Subject Matter Expert (SME) with a strong technical understanding of private and/or public cloud offerings (such as Microsoft Azure)
- Collaboratively define security configuration standards for internal and external cloud platforms and technologies
- Develop appropriate risk treatment and mitigation options to address security risks identified during security reviews and audits
- Translate technical vulnerabilities into business risk terminology for Ergo customers and recommend corrective actions to customers
- Experience providing and validating security requirements related to cloud security for private, public and hybrid
- Experience with providing security consulting services for global deployments
- Experience providing and validating security requirements related to information system design and implementation
- Experience providing and validating security requirements related to a broad range of operating systems, applications, databases and infrastructures
- Experience conducting risk assessments, vulnerability assessments, vendor and third party risk assessments and recommending risk remediation strategies
- Experience in the use of tools and methodologies to identify security exposures and business risks
- Knowledge of common information security standards, such as: ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT
- Familiarity with information system attack methods and vulnerabilities
- Working experience with the design and engineering of web-based multi-tier information systems and architecture design
- Working experience with web technologies, application firewalls, operating systems, database platforms and mobile enterprise application platforms.
- Strong verbal and written communication skills
- Strong interpersonal skills and ability to build productive working relationships
- Confident in dealing with all levels within an organisation
- Relevant University Degree, or equivalent industry experience and certification
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- ISO 27001 Lead Auditor
Other Information / Circumstances:
- Flexibility in terms of business travel (around Dublin, countrywide and internationally if required)
If this amazing and challenging role excites you please don’t hesitate role to contact us today!!!!!