Information Security Consultant - Policies & Standards
On site
United Kingdom
£ 1,000 / day
Freelance
26-02-2025
Job Specifications
Information Security Policies, Standards and Regulatory Compliance Consultant required for market leading financial services firm. The role is focused on development, implementation, and continuous improvement of security policies, regulatory compliance, and standards across the organization. This role requires a deep understanding of security governance, industry standards, regulatory frameworks, and risk management to ensure the organization's information security posture remains robust and compliant with all regulations.
Duties:
Lead the development, implementation, and maintenance of information security policies, standards, and guidelines to address evolving security risks and compliance requirements.
Ensure security policies are comprehensive, consistent, and aligned with organizational objectives, regulatory mandates (eg, NIST, ISO 27001, GDPR, HIPPA etc), and other industry best practices.
Establish clear processes for periodic review, update, and approval of security policies.
Advise on and ensure compliance with relevant security frameworks and regulatory requirements (eg, NIST, SOC 2, PCI DSS, ISO 27001) for the entire organization.
Provide subject matter expertise to help identify, assess, and mitigate information security risks.
Coordinate with audit and risk management teams to ensure security policies and standards are being followed and risks are properly mitigated.
Design and implement governance structures to monitor, enforce, and ensure adherence to security policies and standards across the organization.
Develop and maintain a security metrics framework to evaluate the effectiveness of information security policies, standards, and procedures.
Serve as a key stakeholder in organizational risk assessments, vulnerability management, and incident response planning.
Collaborate closely with internal teams, including IT, legal, compliance, and business leaders, to ensure the successful adoption and execution of information security policies and standards.
Lead and facilitate security policy training, awareness programs, and workshops across the organization to drive a strong security culture.
Act as a trusted advisor to senior management, providing expert recommendations on security governance, policy issues, and risk management strategies.
Stay current on emerging threats, security technologies, and regulatory changes to proactively adapt policies and standards to maintain best-in-class security practices.
Lead efforts to continuously improve the organization's information security posture through policy enhancements and process optimization.
Publish thought leadership content, and represent the organization at industry conferences, forums, and working groups.
As an ideal candidate, you will have an industry certification such as CISSP, CISM or CRISC. You will also have a proven track record of delivery in a similar role. Financial services experience is highly advantageous.
About the Company
Barclay Simpson is a specialist international recruitment company that recruits Cyber Security, Technology and Governance professionals across internal audit, risk management, information / cyber security, technology and change, regulatory compliance, financial crime, resilience, data protection, data analytics, and legal & governance professionals across all sectors of the economy. Established in 1989, we are based in London and Frankfurt and recruit for clients throughout the UK, Europe, and the Middle East. Know more
Related Jobs
- Company Name
- Stott and May
- Job Title
- Transformation Programme Director - Cybersecurity/Greenfield
- Job Description
- Transformation Programme Director - Cybersecurity/Greenfield Initial 6 month contract Outside IR35 Are you a seasoned cybersecurity transformation leader with a strong track record in programme management? Do you thrive on defining big-picture strategy while ensuring hands-on delivery? If so, this exciting 6-month contract opportunity could be for you. Our client, based in Oxfordshire is embarking on a greenfield cybersecurity transformation and is seeking an experienced Transformation Programme Director to build from the ground up. This role requires a leader who can shape strategy, establish foundational cybersecurity principles, and drive execution. Key Responsibilities: - Develop and lead a comprehensive cybersecurity transformation programme, aligning it with business objectives. - Take a strategic, high-level view while ensuring clear, actionable delivery plans. - Establish and implement core cybersecurity foundations within a greenfield environment. - Work closely with senior stakeholders to define the technology landscape and security priorities. - Ensure smooth execution, managing risks, dependencies, and programme governance. Ideal Candidate: - Proven experience in cybersecurity leadership, with a good understanding of security frameworks and best practices. - Strong background in programme management, delivering large-scale transformation initiatives. - Ability to translate strategic vision into tangible outcomes, balancing big-picture thinking with hands-on execution. - Experience working in greenfield environments, setting up security capabilities from scratch. - Excellent stakeholder management skills, with the ability to engage C-suite executives and technical teams alike. This is a high-impact opportunity for a cybersecurity leader who thrives in fast-paced, transformative environments. If you have the expertise and drive to shape a security strategy from the ground up, we'd love to hear from you. Apply now to be at the forefront of this critical transformation.
- Company Name
- Arthur
- Job Title
- Information Security Lead
- Job Description
- Arthur are partnered with an excellent growing reinsurance company in Central London who are seeking an Information Security Lead to drive security strategy, manage risks, and ensure compliance with industry standards. You will be joining a newly formed agile technology function focused on enterprise technology, digital, and data strategy. Innovation, collaboration, and user experience are at the heart of everything we do. In this role, you'll be a key player in our leadership team, shaping and strengthening our security posture. Responsibilities include: Develop and implement a Cyber Security Strategy aligned with FCA regulations. Oversee risk assessments, audits, compliance (ISO 27001, NIST, Cyber Essentials+), and third-party security management. Lead the Security Operations Centre (SOC), ensuring Real Time monitoring and incident response. Implement technical security solutions (firewalls, IDS/IPS, encryption) and collaborate on secure system designs. Drive security awareness training and governance, risk, and compliance (GRC) initiatives.What We're Looking For 10+ years of experience in information security, with 4+ years in a leadership role. Strong knowledge of NIST, ISO/IEC 27000, SOC 2, CIS Critical Security Controls and FCA regulations. Expertise in Microsoft Azure security services (Defender, Sentinel, Key Vault, Firewall, Security Center, Policy). Proven leadership, risk management, and incident response skills. Relevant certifications (CISSP, CISM, CISA) are a plus.For further information, please apply for immediate review!
- Company Name
- Henderson Scott
- Job Title
- Solution Architect - Cyber Security, Insurance
- Job Description
- Job Title: Solution Architect - Cyber Security - Insurance Domain Location: Hybrid - London 3 days per week Job Type: 6 months contract (outside IR35) Industry: Cloud Security, Cyber Risk, Data Engineering, Insurance Domain About the Role We are seeking a highly skilled Solution Architect with expertise in Azure Cloud, Zero Trust security, and Databricks Lakehouses. This role will be working for an Insurance customer but through a consultancy. In this role, you will play a critical part in designing and implementing cyber security-focused data architectures, leveraging machine learning (ML), cyber data pipelines, and BDAP infrastructure to enhance cyber risk analysis. Key Responsibilities Architect and implement cloud-based solutions in Azure, ensuring alignment with Zero Trust security principles. Design and optimize Databricks Lakehouse architectures for cyber data storage, processing, and analytics. Develop and manage cyber data pipelines, enabling seamless data integration for cyber risk modelling and threat intelligence. Integrate and operationalize machine learning models to improve cyber risk detection and response capabilities. Leverage BDAP (Big Data Analytics Platform) infrastructure to enhance cyber risk analysis and decision-making. Collaborate with security, data science, and engineering teams to ensure scalable and resilient architectures. Stay ahead of emerging cybersecurity threats, cloud innovations, and data analytics trends to enhance solutions. Key Requirements - Proven experience as a Solution Architect specializing in Azure cloud solutions. - Expertise in Zero Trust security frameworks and cloud security best practices. - Strong hands-on experience with Databricks Lakehouse for big data processing and analytics. - Deep understanding of data integration, ETL processes, and cyber data pipelines. - Experience working with machine learning models in cybersecurity and risk analysis. - Knowledge of BDAP (Big Data Analytics Platform) infrastructure and its role in cyber risk management. - Strong problem-solving skills and ability to work in a fast-paced, security-focused environment.
- Company Name
- Reed
- Job Title
- Network Engineer
- Job Description
- Bristol - Hybrid 3 days per week **MUST LIVES 60 MINS COMMUTE OF BRISTOL** 1 month initially £275 (neg) inside IR35 We are seeking a Network Engineer to manage the day-to-day support of our network and supporting infrastructure. This role involves working closely with IT security analysts and managers to ensure the highest levels of network and security standards are maintained. The ideal candidate will have experience in a large building environment and hold a CCNA or equivalent vendor certification. Experience in a networking engineer role, ideally in a large building environment. CCNA or equivalent vendor certification. Demonstrable expert knowledge in enterprise networking, L2/L3 concepts, high availability protocols, Wi-Fi administration, next-generation firewalls, and network monitoring tools. Familiarity with VPN & Remote Access. Exposure to ISO27001 is desirable. Proactive, well-organised, and able to work both independently and as part of a team.