Our client, a leading cyber security consulting firm is looking for a Security Consultant (ISMS) for their office in Saudi Arabia.
A Security Consultant job description should include the following responsibilities:
- Conduct information security management reviews and information security management system (ISMS) assessments
- Ensure technical implementation and business processes are aligned
- Lead the design, implementation, operation and maintenance security management systems
- Lead the creation, review and update of information security policies
- Provide complex technical advice, recommendations and consultancy on networks, infrastructure, products and services supplied
- Provide or assist with implementation documentation
- Ongoing project management
- Assess, Review and validate the ISMS scope in order to identifyareas of scope and the applicability to the ISO27001 standard.
- End to end Implementation of Information Security Management System (ISMS) certification asper ISO 27001 and all controls under it.
- Review and update Statement of applicability.
- Identification and remediation of the gaps based on the Gap Assessment report.
- Conduct a risk assessment for all business functions and controls covered underISO27001 and develop/update risk mitigation and treatment plan and update identifiedrisks in the Risk Management tool.
- Review, update and develop policies, procedures relevant to ISMS.
- Create Security standards and baselines in compliance with ISO 27001 forinformation processing facilities for IT Systems andinfrastructure component.
- Create the ISMS risk registers.
Security Consultant job qualifications and requirements
Holding a degree and having a technical background will be required to gain a Security Consultant role. Degrees in Information Technology and Information Security are often preferred.
As well as formal qualifications, a Security Consultant must demonstrate the following qualities:
- Experience in information security management and related functions such as IT Risk Management ( 7 – 10 years )
- Ability to align information security policies with business requirements
- Flair for translating information security requirements into IT security controls and measures
- Attention to detail
- Excellent communication skills – both written and oral
- Project management skills and an ability to translate business requirements into technical IT security deliverables
- ISO 27001 LI, CISM, CISSP certifications
- Must have done a successful implementations of ISO 27001