Cyber Security Consultant (1896)

  • Location: Gloucester
  • Duration: Permanent
  • Working hours: 35 hours per week, Monday to Friday
  • Application end date: 29/11/19

About the role

The role holder will deliver a Cyber Security service to all areas of Ecclesiastical across UK & Ireland, complying with Industry Standards.

Key accountabilities

  • To define the Group’s overarching cyber security standards and ensure that these are adopted on a Group wide basis
  • To agree and manage Cyber Security budget as it applies to ‘2nd line’ function including prioritisation of resources and spend
  • Effectively participate in Business & IT Projects providing technical advice and challenge on all aspects of Cyber Security and manage within timescales and budget
  • Produce written reports highlighting Cyber Security risks and recommending areas of improvement internally and externally
  • Perform Internal Audits relating to Cyber Security risks across Business and IT and produce  relevant Audit actions
  • Allocated Cyber Security support calls to be addressed within SLA
  • Perform Due Diligence on External Suppliers providing appropriate feedback to the Business Owner and Supplier and produce risk recommendations that protect and enable the business
  • Manage internal exercises to verify our compliance to Cyber Security standards and policies and report findings
  • Manage Cyber Security  incidents, taking control where required including out of office hours and provide reporting of events
  • Act as a mentor for members of GRC on all matters relating to Cyber Security 
  • Designing and delivering Cyber Security awareness and education programme in line with identified business needs
  • Provide consultancy on Cyber Security to others areas of the Group 
  • Act as liaison with other SBUs and central functions, providing expertise, assistance and guidance to ensure that all aspects of Cyber Security is considered by the other areas
  • Work with Human Resources to identify and monitor breaches of policy leading to potential loss of confidential/commercially sensitive material
  • As requested provide support and assistance to the Business Continuity Officer
  • Act as a confidential adviser in HR and Business investigations e.g. Grievance/Conduct
  • To oversee and manage all outsourced Cyber Security providers (e.g. Penetration testing providers)
  • To define the Group’s overarching operational resilience standards and ensure that these are adopted on a Group wide basis
  • Ensure the effective operation of the UK crisis management responses through designing and testing plans 
  • To work closely with SBU BCM leads and other SMEs (particularly in Business Solutions and Facilities management) to support the Group’s preparedness for disruptive events
  • Oversee and manage the use of external consultancy support on operational resilience to provide additional expertise as required
  • Manage one direct report

Key performance indicators

  • Provide level of confidence to GMB, senior management and the Board that risks are identified and managed effectively
  • Minimise the impact of any Cyber Security and service disruption incidents which take place 
  • Being recognised by colleagues as source of expert guidance and support

Knowledge, skills and experience

  • Qualified CISSP, CSLLP, CISM, CISA, QiCA other IT audit qualification  or equivalent
  • Proven experience of working in Cyber Security 
  • Thorough understanding of Cyber Security
  • Good understanding of Business Continuity/operational resilience practices
  • Experienced in working and communicating with staff at all levels
  • Experienced in Project Management
  • Experience of Supplier Management 
  • Excellent Analytical, Problem Solving, Decision Making and Judgement skills
  • Flexible, resilient and able to work under pressure 
  • Experience of working in the Financial Services Industry