Information Security Consultant

Our client Scottish Power are currently recruiting for an Information Security Consultant to join their team based in Glasgow on a contract basis initially. Ideally for this role they are looking for a candidate with previous experience in an Information Security Management position who is also familiar with NIS Regulation and the NSCS CAF. For more information on this role see below:

Job Purpose Statement

Cyber security is one of the defining topics of our age, and cyber risk represents one of the most significant strategic risks to the UK’s critical national infrastructure. At Scottish Power Energy Networks (SPEN) you will have the opportunity to approach this risk head on. SPEN have invested significantly in an ambitious security transformation programme to transparently reduce risk, achieve compliance with NIS regulations and deliver a cyber resilient business.

Reporting into the Cyber Security Architecture Lead, the Information Security Consultant role is a critical role in ensuring delivery against our strategic security vision. The role holder will ensure that our critical applications and information are protected, resilient and prepared against cyber-attacks.
This position requires the ability to implement new and improve existing frameworks and processes. To do this, the role holder must be able to influence and communicate successfully with the relevant parties inside and outside of the company while remaining accountable for the outcomes. The role holder will work closely across IT, OT, Security and Business teams to achieve key goals.

Accountability Statements
Dimensions

Complexity & Creativity:
 ? Works and collaborates across the international companies within the Iberdrola Group to deliver strategic security solutions which require interfaces with a variety of internal and external stakeholders.
 ? Good at building relationship and engendering trust and confidence.
Judgement & decisions:
 ? Gather relevant information and make recommendations on best solution to effectively satisfy business and department needs in line with timescales, budgetary costs, and desired outcomes.

Skills, Knowledge & Experience

 ? Excellent at engaging and managing stakeholders.
 ? Expert in Information risk assessment and risk management including the assessment, analysis, and reporting of information security risk in a business context.
 ? Knowledge and experience of delivering one of more of the following areas: application security, cloud security, information security management, identity and access management.
 ? Experienced in defining information and application security controls.
 ? Able to analyse problems, identify core issues and recommend appropriate solutions.
 ? Recognised cyber security qualifications (e.g., CISSP, CISM etc.)
 ? Familiar with the NIS regulation and the NCSC CAF (Cybersecurity Assessment Framework)
Planning & Organising

 ? Organise and plan complex work (Project Management experience)
 ? Communicate security requirements to relevant stakeholders.
 ? Influencing stakeholders at both business and technical levels.
 ? Translating business requirements into simple, effective security designs that, once delivered contribute towards a simpler, more cost-effective security architecture within the Group.
 ? Takes a holistic view of requirements across projects to ensure that solutions are standardised and re-used to minimise investment required to meet the requirements.
Minimum Criteria (mandatory)
Criteria

 ? Previous experience in an information security management, governance, or assurance role
 ? Recognised cyber security qualifications (e.g., CISSP, CISM etc.)
 ? Familiar with the NIS regulation and the NCSC CAF (Cybersecurity Assessment Framework)
 ? Excellent oral and written communication skills
 ? Ability to influence key technical and non-technical stakeholders in relation to required security strategy.
 ? Must be a self-starter and proven team player to work, promote and consolidate efficient team working relationships.