Security Consultant

Russian hacker, Vladimir Leonidovitch Levin, attempted the biggest bank heist the world had ever seen via dial-up internet in 1994, Zia Hayat, Callsign CEO and founder, was hooked - armchair fraud became a real possibility. From this moment, Zia knew he wanted to play a part in stopping the bad guys and securing the internet for all. Founded In 2012, Callsign's mission has been to make Digital Identity simple and secure for everyone and everything. In that time, we've grown to over 200 employees, opened offices in Singapore and Abu Dhabi, been recognised as a WEF Global Innovator and our technology is being used by many of the world's leading financial institutions to keep millions of consumers safe.

But we aren't stopping here. The identity revolution has only just begun, and we are looking to hire the brightest and inquisitive minds to help us make every web, mobile and physical Interaction seamless and secure. If this sounds like you, lets chat.

We are now on the hunt to find a Security Consultant to be based out of our London HQ. This is a critical role within the Security Team to ensure Callsign remains compliant and can meet ongoing customer audit expectations and manage the overall Security risk and compliance posture across a range of industry standards. Success will be achieved through providing sound advice and consultation to business owners and reduce security risk and improve the efficiency and effectiveness of Callsign's security controls. Work as part of an amazing team of like-minded individuals with a can-do attitude to change the world.

Responsibilities

- Take full ownership of our audit and assurance program to schedule internal and external audits and consult with business owners to reduce our operational risk.

- Assess security risks across all areas of Callsign's business, including product, platform, and third-party software and services to ensure they are well understood and managed within Callsign’s appetite for risk.

- Refresh our existing suite of security policies and standards to keep pace with the changing threat and compliance landscape.

- Further develop and maintain the information risk management framework to ensure security and data privacy risks are documented, quantified, owned, communicated and escalated as appropriate across Callsign.

- Continually improve Callsign’s Information Security Management System and framework. Review and continuously improve the security policies and standards to keep pace with the changing threat and compliance landscape. You will also be tasked with implementing our second line of defence.

- Work with the Head of Third-Party Risk and business owners by managing information security assessments using our newly implemented Vendor Risk Management tool. You will be expected to continually improve the tool and unleash its reporting potential.

- Assist in the development and delivery of security awareness materials and managing the training future Callsign staff using our newly implemented Learning Management System.

- Keep informed as to emerging security threats that have the potential to impact Callsign and recommend mitigating strategies.

- Assist the VP of InfoSec to respond to customer and supplier security assessments and queries.

Requirements

Technical Requirements:

• 3-5 years in a role in information security and risk management practice with Big-4 experience preferred
• A tertiary qualification in Computer Science, IT, Systems Engineering, Risk Management or a related field
• Experience in implementing security frameworks for: ISO 27001 including in overseeing management of ISMS, SOC2 etc. Having ISO lead auditor accreditation is a bonus
• Familiarity with other ISO standards ISO 27017, 27018, 27701 and more
• Experience working within a ‘cloud-first" and agile business environment.
• Working knowledge of data privacy laws (such as GDPR, ADGMDP Rule, etc) and the ability to interpret rules into business outcomes

You will:

• Be a strong communicator and team player with a consultative approach to solving problems
• Be able to take full ownership of key “in development” risk frameworks in for information, third party and data privacy risk and drive to high degrees of maturity.
• Be able to work with a variety of business owners to take ownership of risks and drive down risk scores to tolerable levels
• Present a clear and concise view of Callsign’s information risk posture. With the ability to articulate results to top management
• Have proven experience with process refactoring and improvement, policy development and having a desire to continually improve
• Take a business focussed and pragmatic approach to security risk management.
• An innovative and positive player with a can-do attitude
• Be able to effectively communicate with a wide range of people
• Have the ability to build and maintain relationships with internal and external partners
• Show initiative and passion for all things security, and a willingness to go the extra mile

Benefits

Compeitive