Cyber Security Consultant

What you’ll be responsible for

The Security Consultant works within the Security Risk and Governance team and is responsible for working with project teams, including architects, analysts, technical designers, programme managers and business users to ensure that projects are delivered securely, protecting customer, company and employee data and ensuring compliance with the Information Security policies and standards.

Responsibilities: 

1. Provide end to end engagement on a wide range of business projects ensuring that security is built in and customer, company and employee data is protected
2. Attend project meetings and represent Information Security, providing direction as required
3. Review and consult on IT / Business change documentation including Business Requirements, Design Documents, Detailed Designs, Network Diagrams, etc
4. Provide the relevant people, process and technology requirements to ensure projects deliver secure solutions
5. Ensure that relevant security policies and standards are applied to specific projects by adopting a hands-on approach where needed
6. Articulate risk in technical and non-technical terminology so that it can be interpreted by Information Technology and business teams
7. Scope, arrange and support penetration testing and vulnerability testing and track remediation to a close
8. Carry out Information Security impact assessments to meet Policies, NIS D obligations and GDPR requirements on projects where appropriate
9. Contribute and to and review security elements in supplier contracts
10. Undertaking any other requirements as outlined by the line manager

Who you’ll work with

Internal

• CISO
• Security Architecture
• Business Sponsors
• Project & Programme Managers
• Head of Procurement
• Head of Legal
• DPO
• IT & OT Architects

External

• Outsource IT providers
• Cloud Service Providers
• Significant suppliers to Welsh Water
• External Auditors
• Regulators 

About you

Knowledge, Skills & Experience 

• Recognised professional certification such as; CISSP, CISM, CISA, CRISC
• Good familiarity with the NIST Cybersecurity Framework, CIS Critical Security controls, and ISO27001    
• Experience of understanding of a Security governance frameworks and Security risk management    
• Experience of delivering Security assurance services to significant Business projects within a large complex business 
• Experience of engaging consultatively and openly with internal & external stakeholders to ensure good collaboration and positive working relationships  
• Strong technology grounding – familiarity with its implementation and use within the corporate environment, and the potential vulnerabilities that could arise    
• Experience of delivering “end to end” Information Security Assurance and achieving optimal risk management outcomes    
• Effective communicator with strong written and verbal communication skills – capable of writing clear concise reports and presenting to senior stakeholder groups    
• Demonstrable Security risk management knowledge and experience    
• Wide ranging knowledge of Information Security and IT Security frameworks (NIST CSF, CIS Critical Security Controls, ISO27001 etc.), standards and application of Security best practice

Good to know

• This role includes hybrid working. 

Benefits

As well as a market competitive salary, 33 days annual leave (pro rata, including public holidays), we offer a range of employee benefits and rewards including:

 
•             Variable pay schemes (your salary band will remain the same, but performance depending, you could receive an incremental within-band increase and a yearly incentive)
•             Option to buy additional annual leave up to 5 days per year
•             Enhanced employer pension contributions – Up to 11% employer contributions
•             Free Mortgage Brokering Services 
•             Enhanced family friendly policies
•             Progression opportunities, including the ability to apply for funded training and coaching and mentoring programmes
•             Gym and fitness discounts as well as high street shopping
•             Cycle to work scheme
•             Discount off all Welsh Water visitor attraction centres and gift shops
•             Car-leasing scheme and free on-site parking at all sites
•             Health CashBack scheme and access to an online GP service
•             An employee assistance programme for employees and their immediate family
•             Many more can be found here!  

 
 
Whilst also working for a not-for profit company that truly cares about earning the trust of customers everyday, and about looking after our beautiful environment
 
 
Please note, we may close this role sooner if required. We may also extend the original closing date depending on interest.
 
Due to the nature of the industry, we require satisfactory references, post offer medical clearance, and a criminal records Basic Disclosure check on all new employees joining the business. For some roles there may be additional checks and security clearance required, and this offer is subject all checks being satisfied. You will receive further information on how to complete these checks via email once you have accepted this offer.

Who we are

Dŵr Cymru Welsh Water keep 3 million people healthy each day with safe, reliable water, and take away wastewater to clean, before returning it safely to our beautiful rivers and seas.

To be able to deliver high quality, essential services which help to protect the health of our customers, colleagues and our environment, we need the right people to deliver on our vision.  This is achieved by living our core values and demonstrating the core behaviours that underpin them.  The security of our people, assets and information is key to us, so we are looking for people who understand and comply with the company’s required security objectives.

We know that the most successful teams are the most diverse teams. Equality, diversity and inclusion provide the very foundation to our culture at Welsh Water. We want every individual to feel confident, proud and able to bring their whole selves to work. 

To ensure an improved representation in our workforce, applications are particularly welcome from minority groups including Black, Asian and Minority Ethnic people, Females, LGBT+, Non-binary and people with disabilities. Together we continue to build a workplace that not only celebrates the diverse voices of our colleagues but also represents each customer we serve.

In essence, ours is a company based on trust, openness, respect, commitment and honesty. A company that our colleagues are proud to work for.