Senior Security and Information Risk Adviser – 12 Months – Hybrid – Outside IR35

Day Rate – Circa £600

Harvey Nash’s public sector client are currently looking to recruit a Senior Security and Information Risk Adviser to join their team based In Edinburgh/Glasgow/Remote for an initial 12 month period.

Assignment Description

An experienced Senior Security and Information Risk Advisor (SIRA) is required to provide expertise to teams for risk identification, analysis, evaluation, and treatment and to develop, operate, maintain, and improve the organisation’s ISMS.

They shall be responsible for providing technical information security expertise to projects and services to ensure compliance with the organisations policies, processes, applicable legislation and regulation, and relative international standards.

The assigned contingent worker will operate as the primary conduit for business teams and functional leads for advice and guidance on all matters relating to Information Security Risk and Assurance. They will combine an expert understanding of information security risk and assurance, with excellent stakeholder engagement and customer focus. This will involve engaging with non technical and technical stakeholders to communicate the requirements of our information security standards and policies, foster understanding of threats and controls, negotiate improved security outcomes, and conduct assurance activities across products and services both on-premise and in public cloud environments They will also contribute to the improvement of our policies, processes and controls, to enhance security awareness within the organisation and to providing management reporting.

Essential Skills

The successful candidate will have a strong understanding and background in technical information security and risk and have the ability to engage with management and technical/non-technical SMEs for the successful implementation and operation of the ISMS and its associated deliverables. The candidate will have knowledge including (but not limited to):

• Identification, assessment, and management of risk
• Security assurance and the measurement of controls
• Creation of ISMS and IT Security documentation (Policies, Standards, Processes, Procedures and Patterns)
• Internal and Third-Party Audits
• Risk and threat modelling
• Compliance and Assurance Activities
• Business process analysis and mapping (to determine alignment against agreed industry practice and recognised control frameworks)

The candidate will hold the following certifications/qualifications or equivalent:

• Certified Information Systems Security Professional (CISSP)
• Certified ISO 27001 Lead Implementer/Auditor of Management Systems (including Information Security and Business Continuity)

This role has been deemed Outside IR35 by the client. Applicants must hold, or be happy to apply for, a valid Basic Disclosure Scotland. Please click the link to apply.