Cyber Security Consultant

London

Information Security /Full-time/ Hybrid

Reporting to the Information Security Manager, and part of a small team of information security specialists, the Cyber Security Consultant will ensure that R3\'s technical and organisational security control environment is robust, fit for purpose and provides the assurance required by some exacting customers with conservative risk profiles..

The Cyber Security Consultant is a hybrid internal and customer-facing role:

• The internal aspect of the role is one of a Technical Security Manager who also understands the human element of security. The Cyber Security Consultant will have oversight for responsibilities for R3\'s technology estate as required. They will bring a risk-based approach to a fast-moving enterprise software and professional services organisation.
• The customer-facing aspect of the role involves providing customers with assurance that R3\'s products and services are fit for purpose. The Cyber Security Consultant must be comfortable as the R3 security lead on customer engagements. They will be familiar with the working practices and concerns of security architecture and technology risk management teams. They will draw on their experience to enable innovative solutions that remain compatible with the the security objectives of financial markets infrastructure.
• The Cyber Security Consultant will have a background within financial services, enterprise software or telecoms, or maybe an enterprise-scale end-user security department.

Responsibilities:

• Play a lead role within R3\'s security program, specifying and implementing the technical and organisational security controls required for a world-class enterprise software and professional services organisation. This may range from creating and reviewing high-level policy documents through running security awareness or phishing simulation campaigns to hands-on incident response activities.
• Deputise for the Head of Information Security where necessary, ensuring that R3\'s security objectives are met and its policies are complied with.
• Manage external entities delivering vulnerability assessment, managed detection and response or other security services to R3.
• Consult with R3 clients and partners to understand their security requirements. Lead client security and technology risk management reviews, compile responses for reviews, negotiate remedial activities with R3 internal teams, and manage such activities to completion.

Qualifications (Must Haves):

• First and foremost the candidate must love what they do. They\'ll need to be a security advocate within R3 and its customers.
• They\'ll have at least five years experience in a senior role within a security organisation in a blue-chip or high-growth, cloud-native technology organisation.
• They\'ll have deep, specialist skills in multiple (3+) security domains.
• They\'ll need excellent communication skills, both verbal and written. They must be capable of delivering clear and concise descriptions of complex security concepts to senior R3 and customer stakeholders. They will be able display sufficient gravitas to influence small groups of senior management or board members, but also have the energy to present to a conference hall.
• They will be capable of defining security objectives and implementing controls and metrics for complex, long-term projects involving substantial multi-disciplinary teams.
• They will have an appreciation of the variety of technical security controls available to R3. They will be expected to have significant hands-on experience of several out of endpoint and cloud security, identity and access management, vulnerability assessment, source code analysis or security event management and log analysis.

Qualifications (Nice to Haves Haves):

• Relevant professional qualifications would be great. We have ISACA, ISC2, and SANS-certified team members, so will look favourably on professional certifications (as long as they are relevant). Candidates will need to demonstrate that any certifications they claim are valid and current (we will check).
• An engineering or science degree would be valuable but not essential. Outstanding career experience is just as important. Candidates should be prepared to tell us all about that experience.

R3 is leading the future of digital finance by powering multi-party solutions that deliver digital trust and unlocking greater potential for regulated businesses everywhere. R3ers center around our core values – Collaborative, Ownership, Bold and Customer First – as a result our flagship DLT platform, Corda, is trusted by the world’s leading financial market infrastructures (FMIs), exchanges, central banks and commercial banks.

Corda is an open and permissioned distributed application platform that empowers regulated institutions to realize the full potential of direct digital collaboration to solve complex multi-party workflows.

R3 is is proud to be an equal opportunity workplace. We are a diverse and inclusive workplace that supports all ethnicities, races, genders, sexual orientations, origins, disability and veteran status and cultures. At R3, we’re committed to fostering an environment where individuality–not conformity–is embraced and valued because we believe our collective differences are what make us better together. If you don’t meet all of the above criteria, but you think you’d be a great addition to R3, send us your CV/resume. We’re always interested in meeting bold, collaborative people who are excited to work with us.