Strategic CISO Consultant - Advisory Services
Birmingham, GB, B37 7ES
LRQA
We help businesses evolve by connecting them with tomorrow’s thinking, today.About Nettitude
Nettitude is a LRQA Company. We’ve been around since 2003 and our focus has always been on excellence in cyber security. We have teams that offer world class services in red teaming, penetration testing, threat intelligence, research and development, detection and response, governance, risk, and compliance, and plenty more. Our business is global and so are our clients. We work closely with central banks, central and local government, critical national infrastructure, large retailers, and plenty more besides!
We’re an award winning provider of cyber security services and we’re are at a very exciting stage of development. We are looking for the right people to join us as we embrace the challenges thrown up by the advancements within the IT industry and within the threats faced. Nettitude will be at the forefront of this arena and we want to seek the right people to join the team and make it happen.
You can find out more about us at www.nettitude.com. If you want to review our research and tooling, then head on over to https://labs.nettitude.com
Role definition
The role of the senior CISO level consultant is primarily characterised as technical and business focused contributions at a senior or board level, helping to advise and set direction. The role is to lead the advice, consulting, the coaching of the client on CISO level issues and be able to deliver effective project management and program oversight.
However, with this said, the knowledge and experience of the senior CISO Consultant means that there will be a dependence on ensuring tactical level work is completed and may involve times where the tactical work is done by the senior CISO consultant, but this is not the main effort.
The role
As a senior CISO consultant, the expectation is that the role holder will lead the work commissioned with a number of different clients on an ongoing basis, acting as their CISO In various guises) and helping to mature and manage their business-as-usual information security functions. Candidates must have a broad skillset, and previous experience working up to board level in a consultancy role. You must possess leadership qualities and be skilled at proactively managing client engagements, as well as coaching colleagues who form part of the wider CISO support team.
As well as delivering ongoing CISO services, you’ll also have opportunities to deliver other Nettitude services including security awareness training, third-party risk reviews, and cybersecurity assessments in mergers and acquisitions.
Whilst certification does not equate to experience, successful candidates will likely hold recognised certifications such as CISSP/CISM and ISO 27001 Lead Auditor/Implementer. Type certification. Previous client-facing consultancy experience is a strong preference. This is not an auditor/assessor type role, we need someone to ‘do the right thing’ in terms of leadership with the client and challenge the security maturity journey where needed.
What you’ll be doing in your role:
- Leading Virtual CISO, interim CISO and CISO support engagements.
- Contributing to board level briefings on status and future planning.
- Conducting security benchmarking reviews against standards or guidelines such as the NCSC 10 Steps to Cyber Security, NIST CSF, CIS controls
- Performing gap analyses, providing strategic and tactic recommendations as part of the security maturity and resilience journey.
- Helping our clients to implement Information Security Management Systems, and achieve and maintain security certifications (e.g., ISO27001) and regulatory compliance.
- Conducting risk assessments at a technical level and providing risk models against ISO27001 and NIST 800-38.
- Technical understanding of threats and vulnerabilities from SOC outputs and being able to implement a vulnerability management program.
- Creating third-party risk management and audit programmes for clients and build necessary risk models.
Key Skills:
The successful candidate will have experience and skills including:
Personal Competencies:
- Degree level education in a technical degree which is relevant to the role.
- Solid track record of consultancy and/or internal experience in leading and managing a cyber security function within a business or a client facing environment.
- Demonstrable experience in risk management – assessment, treatment, and remediation.
- Innovative and creative thinker – ability to think on the spot and provide solutions.
- Be able to deliver difficult messages whilst showing empathy and be able to provide a solution.
- Willingness to “roll up your sleeves” and get involved and take responsibility for ensuring we always exceed client expectation.
Business Experience credentials.
- CISSP/CISM (or equivalent) certification is preferable but not a pre-requisite.
- Representation in regular information security governance forums, working groups or change advisory boards to advise and guide on information security requirements.
- Representation briefing and support of board level activity where required by the customer, acting in an advisory or mentoring capacity as defined by the client.
- Strong understanding of ISO 27001/NIST CSF and experience in implementation of an ISMS and experience in using relevant standards and guidelines to build and implement control frameworks.
- Oversight and strategic advice, guidance, and support in the maintenance of compliance regimes such as PCI DSS and GDPR.
- Provision of Management information and reporting applicable to the vCISO activities.
- Security best practice reviews at a strategic and tactical level.
- Cyber Resilience Planning – Incident Management, Business Continuity and Disaster Recovery.
- Security Operations – Understand the 3 lines of defence and be able to deploy effective vulnerability management countermeasures.
- Experience of managing security professionals and recruitment of talent for the relevant teams
- Strong communication skills and an ability to build rapport with key stakeholders.
- Be able to frame a new solution to client needs and define expected deliverables.
Location
This role is remote. We can support working from across the UK. All applicants will require residence in the UK.
What we offer:
We offer you an exciting working environment with intellectual challenges, responsibility and high-level client interaction. An attractive remuneration package will be provided. #LI-Nettitude
Apply?
Are you interested in this job? Apply now via the ‘apply’ button and upload your C.V. and cover letter
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: C CISM CISO CISSP Compliance GDPR Governance ISMS ISO 27001 NIST PCI DSS Pentesting Red team Risk assessment Risk management SOC Threat intelligence Vulnerabilities Vulnerability management
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs