CyberSecurity Practice Lead

Who You’ll Work With

As a Cybersecurity Practice Security Lead, you will work directly with Practice leadership, engagement teams and product teams on a range of information security, data protection, and governance, risk and compliance activities, including client assurance, policy compliance, vulnerability management, risk assessments, and incident response.

Sitting within the Client Practice Cybersecurity team, but deployed to one of the Firm's specific practice areas full-time, you will be responsible for implementing an information security program that meets both our policies and standards, as well as the expectations of our clients. This will involve operating and continually improving existing information security processes, as well as the development of new processes in response to evolving threats and business opportunities.

What You’ll Do

You will act as a security point of contact for one of our core Practices with additional support from the rest of the CyberSecurity organization as and when required. You will leverage the team to continually improve the security posture of applications and solutions developed within the Practice by ensuring risks are identified and appropriately mitigated. You will provide client assurance via proposal requests, contract reviews, security questionnaires, and other due diligence processes.

You will drive with the promotion and adoption of secure development lifecycle, DevSecOps and Cloud security policies, standards and guidelines and contribute to the development and continual improvement of the CyberSecurity strategy. You will provide reporting on security compliance, incidents, Key Performance Indicators (KPIs) and Objectives and Key Results (OKRs). You will also deliver and represent the priorities of the Practice back to CyberSecurity Leadership.

Requirements

• 3-5+ years of experience in a similar information security role.
• Technical understanding of a range of enterprise IT and cloud-based architectures and technologies, such as networking, server infrastructure, operating systems, web applications, databases, containerization, mobile.
• Working knowledge of common information security controls, guidelines and standards, such as ISO27001, OWASP, SOC 2, NIST.
• Experience of conducting risk assessments, threat modeling and information security reviews, and audits.
• Excellent problem solving, organizational skills, and attention to detail.
• Excellent interpersonal skills including persuasiveness and/or assertiveness skills.
• Strong written and verbal communication with the ability to converse effectively at all levels of seniority, both internally and externally.
• Strong analytical and organizational skills and the ability to work independently, as well as part of a wider team, with minimal supervision.
• Experience with security technologies and tooling, e.g. vulnerability scanners, firewalls, network monitors, IAM, SIEM, IDS/IPS.

• Knowledge of Privacy and Data Protection regulations, e.g. GDPR, CCPA, HIPAA.
• Knowledge of Secure Software Development Lifecycle and DevSecOps
• BSc/MSc in Information Security, Computer Science or other technical discipline.
• CISSP, CISA, CIPP or other security/privacy related certifications.