Job Description
Technical Information Security Consultant required for market-leading financial services firm. The role will be centred on ensuring security is delivered into a wide range of projects. There will be a focus on working closely with DevOps teams and embedding security throughout a software development life cycle. Responsibilities:
- Act as the main security point of contact & SME for required projects
- Manage security risk for the whole project life cycle
- Perform security activities, including but not limited to, security design reviews, risk assessments, threat modelling, and vulnerability management and risk mitigation on internally & externally developed software
- Embedding security within DevOps (eg CI/CD pipelines), developing security requirements
- On-demand Security assessment of various components like Web apps, Containers, Platforms etc
- Reviewing security assessment reports and create remediation pipelines
- Experience in web application security assessments like SAST, DAST etc.
- Act as the Security subject matter expert within Agile/waterfall project planning, development, and execution
- Obtain and review all required artefacts as part of the application security framework
- Drive security evaluation early in the cycles through iterative security testing
- Provide advisory services and direction to application development teams during development cycles
- Manage control exemptions/remediations identified through projects
- Advise on external regulatory requirements
- Provide metrics for relevant areas of responsibility when required
As an ideal candidate, you will have an industry certification such as CISSP/CISM/CRISC and have expert knowledge of project-based Information Security. You will also have a proven track record of delivery in a similar role. Experience in financial services is highly advantageous.
#J-18808-Ljbffr