Lead Information Assurance Consultant - QSA
CNS Group provides skilled experts to help its client build cyber security and information assurance capability through pragmatic consultancy. This role will be a client facing role helping them to implement compliance regimes or controls in order to secure their organisations. CNS Group focuses on assisting UK companies from a variety of verticals (Government, Critical National Infrastructure, Finance, Legal, Retail etc.) therefore a vast majority or work takes place in the UK though there is some international travel required in certain instances.
CNS Group has a team of 6 Governance, Risk and Compliance consultants who cover a multitude of compliance regimes and control sets such as PCI DSS, ISO 27001, HMG (PSN Code of Connection), CPNI Top20 and our own Cyber Security Maturity Model.
CNS Group requires a Lead Consultant to lead the team to ensure that, as CNS Group continues to grow, our services remain of the highest quality and we continue to provide an invaluable service.
The role of Lead Consultant aligns with CCP/ SFIA Level 5.:
To lead the CNS Group Governance, Risk & Compliance Team (GRC) (part of the Advisory Team) and meet delivery targets:
- Meet a personal chargeable target of 180 days per year (min) delivering GRC services across CNS’s client base as needed.
- Meet the chargeable days target for the GRC team as agreed with the GMT on a monthly and quarterly basis, taking into account the effects of overrun and overtime.
- Ensure that all CNS Group GRC Consultancy Services are delivered to a quality and standard commensurate with the professional quality of consultancy that is expected by our clients. This will include ensuring that accreditation, regulation and legislatively based consultancy is accurate and meets the relevant standards or regulation, but more broadly to ensure that consultants are knowledgeable, diligent and professional in their delivery. Also ensure that our QA processes are in line with our own and our clients’ professional expectations, and the stated requirements of our accreditation partners.
- Ensure that the GRC team maintains all appropriate accreditations, including timely submission of reports, QA, customer feedback, and re-accreditation documentation to the relevant accreditation bodies.
- Ensure that CNS Group GRC consultants are adequately trained and sufficiently skilled to execute the consultancy work that they are required to complete and that consultants maintain the appropriate formal accreditations over time.
- Ensure that CNS Group GRC consultants maintain the requisite knowledge based, accreditations and CE hours to undertake the role required of them.
- Ensure timely delivery of consultancy deliverables to clients.
- Interact with clients to ensure the correct scheduling and overall quality of consultancy delivery.
- Ensure that CNS consultants keep records and evidence of work as appropriate and in line with accreditation and regulation as needed.
- Ensure that CNS consultants follow correct provisions in ensuring the security of customer data, results and reports, including the dissemination of reports.
- Undertake appraisals for direct reports and ensure that team appraisals are completed across the consultancy team.
- Direct line management of the team members as appropriate.
- Work with the Project Management and Resourcing to ensure appropriate allocation of projects to the team, timely delivery and reporting of time
- Own and develop Advisory service definitions and operational definitions in partnership with the CTO and Head of Sales.
- Ensure that appropriate pre-sales support is provided to the sales team at all times in terms of CNS Group GRC services.
- Ensure ethics and professional standards of the consultancy team, including time keeping, appearance and conduct onsite
- Maintain an awareness of the information assurance and cyber security market in order to ensure that the CNS Group offerings remain current
- Maintain a personal industry profile and promote CNS Group in the industry.
- Act in the best interests of CNS Group and its clients at all times.
- Actively participate in regular Group management meetings and provide feedback to other group disciplines.
- Attend weekly back order review meetings with Project Management to ensure efficient project delivery.
- Allocate projects to the GRC team as deemed appropriate to ensure timely delivery.
- Understand and articulate performance targets for the GRC team.
- Monitor sales pipeline to understand upcoming resource requirements.
- Day to day management of team members.
- Overall responsibility for booking of consultant time and calendar management, using Project Management resource as appropriate.
- Stay current with latest developments in marketplace and competitor activities.
- Development of new services and maintenance of existing services in partnership with the CTO in line with marketplace requirements and emerging & evolving accreditation
- Communicate up-to-date information about new services and enhancements to Head of Sales and CTO.
- Work with Head of Sales and specific sales staff as needed to develop sales proposals, quotations, and pricings.
- To develop the sales pipeline for GRC consultancy across all disciplines.
- Undertake chargeable work for effective customer delivery and to meet target.
- Over-seeing annual appraisals of all consultants.
Success Criteria/ Objectives:
- Continual improvement of GRC services
- Delivery of prompt and high quality consultancy services.
- Quarter on quarter achievement of GRC consultancy targets.
- Growing the GRC team and increasing targets accordingly.
- Working within budget constraints to deliver performance targets
- Success and well-being of all Team Members
- “Can-do” attitude.
- A proven enthusiast, expert and leader
- An active member in the Cyber Security/ Information Assurance community.
- Professional, driven and independent by nature.
- Must have gravitas and be exceptional in front of customers
Desired Technical Skills
- Understanding of networking and the OSI 7 Layer Model
- The ability to technically audit technology such as FWs, Switches, Servers, Applications and Development Environments.
- Basic understanding of security testing techniques
Mandatory Non-Technical Skills
- Detailed understanding of IT Security Governance in SME, mid-corporate and enterprise environments.
- Ability to manage multiple complex customers
- Ability to work with other technical providers and organisations.
- Ability to present highly technical work in a simple, straight forward, compressed and non-technical manner.
- Deep understanding of risk and risk management.
- MUST BE SC CLEARED OR CLEARABLE.
- PCI DSS Qualified Security Assessor (3+ years experience, and experience of drafting 10 or more RoCs)
- CISSP, CISA or CISM
- ISO27001 Lead Auditor
- CCP Principle/ Senior Practitioner (previously CLAS)
- Exposure or experience in the following is considered highly desirable:
- HMG IA policy and accreditation process
- Protective Monitoring (GPG-13)
- PCI DSS
- Delivery of security managed services
Please contact firstname.lastname@example.org
for more information.
For further job opportunities follow us on LinkedIn