Job Description
Technical Information Security Consultant required for market-leading financial services firm. The role will be centred on ensuring security is delivered into a wide range of projects. There will be a focus on working closely with DevOps teams and embedding security throughout a software development life cycle. Responsibilities: Act as the main security point of contact & SME for required projectsManage security risk for the whole project life cyclePerform security activities, including but not limited to, security design reviews, risk assessments, threat modelling, and vulnerability management and risk mitigation on internally & externally developed softwareEmbedding security within DevOps (eg CI/CD pipelines), developing security requirementsOn-demand Security assessment of various components like Web apps, Containers, Platforms etcReviewing security assessment reports and create remediation pipelinesExperience in web application security assessments like SAST, DAST etc.Act as the Security subject matter expert within Agile/waterfall project planning, development, and executionObtain and review all required artefacts as part of the application security frameworkDrive security evaluation early in the cycles through iterative security testingProvide advisory services and direction to application development teams during development cyclesManage control exemptions/remediations identified through projectsAdvise on external regulatory requirementsProvide metrics for relevant areas of responsibility when required As an ideal candidate, you will have an industry certification such as CISSP/CISM/CRISC and have expert knowledge of project-based Information Security. You will also have a proven track record of delivery in a similar role. Experience in financial services is highly advantageous.