Security Consultant

Overview:

Russian hacker, Vladimir Leonidovitch Levin, attempted the biggest bank heist the world had ever seen via dial-up internet in 1994, Zia Hayat, Callsign CEO and founder, was hooked - armchair fraud became a real possibility. From this moment, Zia knew he wanted to play a part in stopping the bad guys and securing the internet for all. Founded In 2012, Callsign's mission has been to make Digital Identity simple and secure for everyone and everything. In that time, we've grown to over 200 employees, opened offices in Singapore and Abu Dhabi, been recognised as a WEF Global Innovator and our technology is being used by many of the world's leading financial institutions to keep millions of consumers safe.

But we aren't stopping here. The identity revolution has only just begun, and we are looking to hire the brightest and inquisitive minds to help us make every web, mobile and physical Interaction seamless and secure. If this sounds like you, lets chat.

We are now on the hunt to find a Security Consultant to be based out of London office. The Security Consultant will be responsible for improving Callsignʼs overall Security risk and compliance posture and to manage Callsignʼs global data privacy program. Success will be achieved through providing sound advice and consultation to business owners and reduce security risk and improve the efficiency and effectiveness of Callsign's security controls. Work as part of an amazing team of like-minded individuals with a can-do attitude to change the world.

Responsibilities:

• Work with the Data Protection Officer (DPO) to implement and operate the Personal Information Management System in line with ISO 27701.
• Apply your expertise to drive improvements to Callsigns data privacy and protection program in a high-tech space involving AI/ML. Provide guidance to Callsigns Data Governance Group.
• Assist in defining the responsibilities and capabilities for the DPO function.
• Continually improve Callsign’s Information Security Management System and maintain ongoing compliance against ISO 27001, 27017, 27018 and SOC 2 (Type 2).
• Review and continuously improve the security policies and standards to keep pace with the changing threat and compliance landscape.
• Review and improve our records management practices to ensure appropriate retention and disposal of records
• Take ownership of our second and third lines-of-defence including the audit and assurance programs and work with business owners to reduce our operational risk.
• Further develop and maintain the information risk management framework to ensure security and data privacy risks are documented, quantified, owned, communicated and escalated as appropriate across Callsign.
• Develop and improve key metrics and OKRs for reporting to executive management and the Board.
• Provide support to the Third-Party Risk team to operate the program to assess third parties for security.
• Assist in the development and delivery of security awareness materials and training for all Callsign colleagues.
• Define requirements and assess solutions to automate and improve the efficiency of risk assessment and reporting processes.
• Keep informed as to emerging threats in the security and legislative/regulatory space that have the potential to impact Callsign and recommend mitigating strategies.
• Provide key support to the Sales team by assisting with responding to customer security assessments and queries.

Requirements

• 5+ years in a role in information security and risk management practice
• A tertiary qualification in Computer Science, IT, Systems Engineering, Risk Management or a related field
• Experience in implementing security frameworks for: ISO 27001 including in overseeing management of ISMS, SOC2 etc.
• Experience working within a ‘cloud-first" and agile business environment.
• Working knowledge of data privacy laws (such as GDPR, ADGM DP Rule, etc) and the ability to interpret rules into business outcomes
• Knowledge of ISO 27017 and 27018 is a benefit and a working knowledge of ISO 27001 and SOC 2 frameworks is preferred.
• Experience implementing frameworks for information security and data privacy risk management.
• Takes a business focussed and pragmatic approach to security risk management.
• Ability to work as part of a team and able to take pride and ownership in their work.
• Has initiative and passion for all things security, and a willingness to go the extra mile
• Ability to build and maintain relationships with internal and external partners
• Able to effectively communicate with a wide range of people 
• Works collaboratively and empowers others in the team
• An innovative and positive player with a can-do attitude

Benefits

Competitive