Why Saepio? The world of cyber security is fast paced and exciting, and so are Saepio! We are a risk-focused Cyber Security Solutions Provider that works with UK-based corporate customers with anything between 250-5,000 users & sometimes more. Our sole purpose is to help our customers reduce their cyber security risk by increasing their resilience across People, Process and Products following Saepio’s ‘Right size’ approach.Cyber security is a team sport, and it is our team of talented and driven employees that has been the key to our continued success. We know that, as a cyber security professional, the world is your oyster when it comes to job opportunities, so we aim to build a company culture that you will want to be a part of and that supports you to be the best version of you.You can find out more about the way we do things at Saepio and what it is like to be a Saepion at our website https://saepio.co.uk/how-we-do-it/.We recognise that talent comes in many shapes and sizes and from all walks of life and that often the best cyber defenders are the ones that you least expect. We encourage anyone who shares our passion and has the experience/potential to contribute to our success to apply.The Opportunity for YouAs a pure play cyber security company with a broad portfolio of customers, we can say with certainty that this role will ensure that you are working with a wide range of customers focused on solving their security challenges. This opportunity sits within our growing M-CISO Consulting Practice and presents an exciting opportunity to the successful candidate to help us build and grow this service.With the increasing likelihood and impact of cyber-attacks coupled with a relative lack of internal security knowledge, many Saepio customers turn to us for strategic guidance. Saepio are recruiting for an experienced Information Security Risk Consultant, ideally a former CISO/Hd of IT Security/GRC SME, to work alongside our M-CISO team and deliver an outstanding service to our Customers. The role is customer facing and customer focused. The successful applicant will be working with key Saepio customers on an onsite, remote, and/or virtual basis as appropriate, helping to develop and deliver the cyber security strategy as well as other security and information risk management initiatives. Operating as a virtual CISO, you will continuously improve and enhance their security posture, drawing on leading industry standards/frameworks e.g. NCSC Cyber Assessment Framework (CAF) that forms the basis of our Cyber Risk Assessment (CRA) approach. The successful candidate will be expected to exercise a great deal of autonomy when delivering the service; however, there will be support from the broader team in both the Information Security and Customer Service aspects of the role. Saepio will support the training and development of the successful candidate along their journey to becoming a certified Chief Information Security Officer.Main Responsibilities of this RoleConduct initial and on-going assessments of maturity against NCSC CAF and/or ISO27001Guide and drive security initiatives through scheduled weekly, monthly, and quarterly sessionsEstablish and maintain an Information Security Management System (ISMS)Define Risk Management Framework / Risk Register / Risk Treatment PlansAdminister/Inform Risk Committee and Infosec CommitteeProduce and present quarterly Board reportsAlign the security strategy to the customers business objectivesUnderstand how security controls can be utilised to plug gaps in a risk centric fashionPresent at Saepio customer eventsKnowledge and Skills Required to be successful in the role. The successful candidate should be able to demonstrate the following:At least 10 years’ experience in a hands-on IT Security function, including time as a CISO/Hd of IT Security/GRC lead/senior ConsultantA broad range of technical and non-technical security related skills and knowledgeExperience of working with, and guiding companies through the attainment of IT and Information Security standards (as a minimum - ISO27001 & Cyber Essentials Plus)Excellent senior stakeholder managementProven ability to effectively communicate with all levels at a customer - analyst/manager/head of IT/Board Understanding of, and experience implementing, solutions across the CIS 18 Critical Security ControlsProven Experience in:Undertaking security gap analysis assessmentsDeveloping, documenting, and maintaining security policies, processes, procedures, and standardsSecurity Architecture designImplementing cyber governance and security strategiesProducing Weekly/Monthly/QQuarterly reports/dashboardsWorking with outputs of SOC tools/systemsRisks associated with 3rd party supply chainIncreasing security awareness, behavior, and cultureRunning Incident Management exercises, table-top or otherwiseDesirable Certifications:Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) CompTIA Security+Certified Information Privacy Professional Cyber Essential Plus AssessorISO 27001 Implementor/AuditorCEHNCSC-approved Cyber AdvisorA full Driving License is also desirable to ease travel to Clients in non-metropolitan areas.