Cyber Security Senior
As part of the Technology Risk Advisory team at BDO, we are looking for an individual with at least four years' advisory and security consulting experience to join the dynamic advisory team as an assistant manager in a client facing consultancy role.
We are looking to recruit an individual with a good understanding of the fundamentals of IT/ Information/ Cyber security and audit to effectively deliver an increasing portfolio of work. The role will typically focus on running IT audits, security control gap/ maturity assessments and control reviews as well as more technically focused technology assessments. The role will also involve supporting the Advisory Technology team as they look to develop the proposition and grow the business.
The opportunities to develop are significant and appropriate support will be provided, including training. Responsibilities • Deliver IT audits, security reviews and advisory assignments to a high standard
• Understanding of business context and requirements for security controls and able to articulate security risk to non-technical and technical audiences
• Discuss findings with clients and obtain their buy-in to a proposed way forward.
• Keep Managers, Leadership team and colleagues up to date with status, findings and the implications from the work
• Ensure excellent client service
• Continue to develop relevant skills and capabilities
• Assist and up skill more junior staff on client engagements
• Build relationships internally, with promotion of the Advisory Technology and Security services important to creating growth
• Support the Advisory Managers and Partners in the development of new propositions, delivery of the marketing plan and business development strategy
• Act as a point of contact within the firm for the clients together with the Senior Management team and Partner. This includes responding quickly to, as well as anticipating: client requests/needs, keeping clients informed of progress in relation to all aspects of the service provided and maintaining regular contact with clients.
• Responsible for the management internal audit and advisory clients.
• Build and maintain strong relationships with clients at senior levels, being a principal point of contact throughout the year. Develop a strong commercial understanding of each clients' business (es).
• Complete assignments within agreed budgets and timescales and identify opportunities for additional billings.
• Ensure assignments are staffed with the appropriate mix of knowledge and skills required.
• Ensure that the firm's risk management and quality control procedures are adhered to, at-all-times.
• Identify and recognise business and sales opportunities with new clients and inform the Senior Manager and Partner as appropriate.
• Support Partners in the development of new business relationships and business proposals through high level sales and marketing activity.
• Act as a role model for trainees.
• Be a strong leader of people, to inspire and motivate those around you
• Will work as part of management team with other TRA Managers within the business group e.g. resource planning, merit rate meetings and efficiency gains
• Act as an ambassador for and of the firm, participates in office marketing events, keep abreast of the wide range of services the firm offers
• Continue to develop technical skills and capabilities. Requirements Required
• Three years of experience in an information technology/ cyber security (consultancy experience) or IT audit role
• CISSP/CISM/CISA (Exam qualified)
• A strong understanding of network infrastructure such as VPNs, firewalls, switches, routers, LANs, Intrusion Detection, vulnerability scanning etc.
• A good understanding of cyber security concepts and systems/solutions such as IDM, DLP, SIEM SOC, SSO etc.
• A good understanding of Vulnerability and Risk Assessment approaches and methodologies
• Good understanding of the Cyber Security Strategy good practice frameworks (for example, the Cyber Security Essentials NIST CSF, CIS top 20)
• Experience performing cyber risk and control gap assessments
• Understanding of the ISO 2700X series of standards and guidelines
• Flexibility to travel on a regular basis locally with potential for wider travel including international assignments.
• Excellent team player but also confident working on own initiative
• Strong communication skills (both written and oral) and first rate interpersonal skills at all levels. Able to explain technological concepts and risks to non-technological audiences.
• Understanding of the PCI DSS series of standards and guidelines
• Strong presentation skills
• Experience of delivering penetration testing and vulnerability scanning assessments
• Security qualifications CREST Registered Tester, ISO 27001 Lead Implementer / Auditor, CEH