Lead Information Security Consultant (CSO)

About LRQA

At LRQA Cybersecurity our focus is onexcellence in cyber security. We have teams that offer world class services in red teaming penetration testing threat intelligence research and development detection and response governance risk and compliance and plenty more. Our business is global and so are our clients. We work closely with central banks central and local government critical national infrastructure large retailers and plenty more besides!

Wereanaward winningprovider of cyber security services and we are ata very excitingstage of development. We are looking for the right people to join us as we embrace the challenges thrown up by the advancements within the IT industry and within the threats faced. LRQA will be at the forefront of thisarenaand we want to seek the right people to join the team and make it happen.

You can find out more about us at Role

The purpose of this role is to deliver information security consultancy to LRQA clients specialising in both strategic consultancy via the CISO Support Office (CSO) and governanceriskand compliance (GRC). As a Lead Consultant you will be capable of working autonomously supporting colleagues and leading engagements to ensure that delivery of LRQA services is delivered effectively to scope and in line with budget.

This role is hybrid with occasional travel to client sites and LRQA offices asrequired.

WhatYoullbe Doing in Your Role

Key Responsibilities

Delivery

A core competency for this role is the ability to effectively deliver engagements to clients to a consistently high standard. As a Lead Information Security Consultant you would be expected to drive engagements whilst supporting other members of the team with theultimate aimof achieving excellent client satisfaction results.

Examples of the type of delivery activities a Lead Information Security Consultant may participate in include:

• Provision of client support to achieve compliance/certification against recognised standards such as ISO 27001 the GDPR NIST CSF and CMMC.

• Independently conduct ISO/IEC 27001:2022 audit activities.

• Provision of expert advice to clients on governance structures including policiesproceduresand controls to achieve compliance and reduce risk exposure.

• Cybersecurity Maturity Assessment engagements.

• Facilitation of information asset discovery workshops and engagements.

• Facilitation of risk assessment workshops and engagements.

• Delivery of business continuity scenario tabletop exercises.

• Delivery of external stakeholder training and awareness presentations.

Service Development

Effective service development is key to the success ofGRCand you would contribute tothis by providing guidance and using your subject matterexpertiseand experience toidentify design and deliver collateral. Key activities include:

• Standardization of all customer-facing collateral used throughout every region that weoperatein.

• Implementation and development activities around new and emerging frameworks.

• Improvement / enhancement suggestions for existing collateral.

• Development of new collateral whererequired.

• Collaboration with the developers of LRQAs portal to aid with integration of Information Security and GDPR requirements.

Business Experience Credentials

Degree level qualification in Computer Science Computer Engineering IT Cyber Security or a related field or 5years experienceworking within an information security role.

Minimum 5 years experience in delivering consultative engagements using well known risk management and data security frameworks standards and methodologies.

Current CMMC Professional (CCP) or the ability to attain this within three months.

ISO27001 Lead Auditor or Lead Implementer qualification

Experience implementing SOC 2 Type 2 is strongly preferable.

CISSP/CISM (or equivalent) certification preferable

Experience in ISO 27001 implementation and use of relevant standards to build control frameworks

Demonstrable experience communicating complex information security concepts to top level (C suite) management.

Experience in cyber resilience planning security operations and managing security professionals

Strong communicationskills and the ability to build rapport with key stakeholders

Experience in some orall ofthe following areas of information security:

• GDPR regulation

• TISAX

• CIS Controls

• DORA

• NIS 2 Directive

• HIPAA / NHS DSPT / Healthcare regulation

• Business Continuity

• Supplier Management

• Incident Management

• Physical Security

What we offer

We are a people-focused high-performing high-trust professional services team. Youll be part of a diverse and growing international group of consultants and we go out of your way to make sure our consultants feel part of our team. We use technology to ensure were always communicating with each other and schedule time every week to talk as a team.

The successful candidate will have opportunities to:

• Make a difference as clichéd as it sounds this really is true. We encourage all employees to challenge norms and empower them to get involved. This might be getting involved with other teams or developing a new service offering but if you want to do something we always try to make it happen

• Get involved enjoy blogging or public speaking Our team is committed to getting involved in industry discussions. Wemake timeto attend conferences and get involved in the infosec community

• Develop their skills we love learning and ensure we find time for professional development. Thisisntjust about collectingcertifications and attending training courses gaining and sharing knowledge in new areas is vital. Thesedontalways have to bedirectly relatedto your day job;in fact we actively encourage developing knowledge in new and exciting domains

Apply

Are you interested in this job Apply now via the apply button and upload your C.V. and cover letter

Pre-Employment Checks

If you are successful in securing a role with us we will carry out pre-employment checks in accordance with what is allowed under local law. These checks will include (as permitted):- right to work identification verification of employment history education and criminal records. We may involve the third-party supplier to run the background checks as needed and your data will be retained for a period as needed for the purpose of employing you. Your data will be stored in accordance with all relevant privacy legislation. Please contact us if you have any questions or concerns.