Information Security Consultant

Job Description

About Columbia Threadneedle InvestmentsYoull find the promise we make to our clients is the same one we make to our employees: Your success is our priority.Here, youll find growth and career opportunities across all our businesses. Were intentionally built to help you succeed. Our reach is expansive with a global team of 2,000 people working together. Our expertise is diverse with more than 450 investment professionalssharing global perspectives across all major asset classes and markets. Our clients have access to a broad array of investment strategies and we have the capability to build tailored solutions matched to clients specific requirements. Columbia Threadneedle is a people business and we recognise that our success is due to our talented and dedicated people, who bring diversity of thought, complementary skills and capabilities. We are committed to providing an inclusive work environment thatsupports the diversity of our employees and reflects our broader communities and client-base. We encourage applications from returners to the industry. We appreciate that work-life balance is an important factor for many when considering their next move so please discuss any flexible working requirements directly with your recruiter. Job Purpose StatementWhere youll fit in & what our team goals are.... You will function as the local point of contact and information security subject matter expert for Business Change, Regulatory and Information Security initiatives delivered across EMEA and APAC. This role will drive the delivery, standardisation, and assuranceacross all project functions in the field of information security consultancy. The culture that you will be working in will be one of dynamism and strong teamwork Role ResponsibilitiesHow youll spend your time....

• Working as an SME on a variety of different projects across the organisation, ranging from large acquisitions through to initiatives that touches technology, people and processes.
• Serve as a security expert on change programmes, providing guidance and support to enable change delivery teams to comply with enterprise and technology security policies, industry regulations and best practices.
• Support deliveries with robust risk assessment/mitigation and ensure that they align to the appropriate technology change framework and that solutions meet the relevant operating principles, in order to protect the Business, whilst continuing to deliverchange
• Identify appropriate security requirements, through a deep understanding of the business requirements and security control environment for each phase of a project or change initiative.
• Undertake technology evaluations and provide recommendations for the security aspects of new applications
• Working with the IT solutions team to detail the security design into project templates.
• For the global and local delivery teams - ensure all stakeholders are aware that global and local requirements are met, with the skillset to influence change at all levels.
• Conduct risk analysis and contribute to the prioritisation of information security initiatives based on risk and business need.
• Weigh business needs and security concerns, make recommendations and clearly articulate options (including benefits and risks) to business partners, decision makers and key stakeholders.
• Communicate known security risks and solutions to mitigate risks to business and technology partners as needed.
• Assist with the investigation and operational support of the information security incident management processes.
• Ensure solutions are fully integrated into business-as-usual activities.
• Ensure regional KPIs and KRIs are defined and delivered.
• Maintain current expertise in information security technology, methodology, tools, threats/vulnerabilities, news and regulatory changes, emerging security trends, issues and threats.
• Work with Project Management to ensure that projects have met all Security / Production acceptance criteria prior to design, and implementation into production
• Provide leadership within a framework of prudent and effective controls which enable risk to be assessed and managed to fit within the Organizations agreed risk appetite

Key CapabilitiesTo be successful in this role you will have....

• Demonstrated knowledge and understanding of cyber risks and threats.
• Understanding of information security constraints and best practice.
• Knowledge of IT security solutions and their integration and operation into business systems and processes.
• Good understanding and demonstrated operational ability of IT Security Operations, Malware analysis, Advance Persistent Threat (APT), Cyber Threat etc
• Able to contribute to architecture sessions on security tools in complex environments.
• Good all-round technical knowledge of Applications, Databases, and Infrastructure
• Excellent understanding of project management lifecycle and methodologies.
• Strong stakeholder management, persuasion & influencing skills at all levels.
• Security knowledge / background essential (CISSP or similar).
• Well organised / analytical & logical approach, with attention to detail.
• Able to demonstrate "pragmatism with principle", i.e. blend a rules-based-approach with an ability to read - and to act in accordance with - the organisations implicit risk tolerances.
• Client focussed - able to focus on the big picture, risk vs business benefit.
• Ability to work under pressure and show flexibility.
• Able to communicate succinctly and influence at all levels.
• Capable of innovative Consultant problem-solving and process improvements.
• Proven experience delivering continuous service improvements for the business

Desired CapabilitiesIf you also had this, it would be great....

• Experience of a complex, multi-platform environment
• ITIL Managers or foundation certificate desirable
• Exposure to risk management methodologies