Information Security Advisor

As an Information Security Advisor, you will support our clients in developing and ensuring robust information security policies, practices, and protections across their organisation. You will be responsible for analysing security measures, including network and application security measures, as well as organisational controls to improve the information security profile of client organisations, investigate incidents and identify and evaluate prevention and mitigation strategies., Security Assessments:

Conduct network security assessments, to include, reviewing active directory accounts, identifying exploitable vulnerabilities, reviewing, and verifying firewall settings and conducting port scans, etc.
Assess web application security, including assessing code for vulnerabilities, assessing role/user permissions, verifying 2FA, etc.
Conduct 3rd party information security assessments for onboarding applications.
Conduct assessments against established frameworks, i.e., ISO 27001, NIST SP800-53, CE+, PCI DSS, NIST RMF.
Identify and assess security risks and identify and evaluate relevant appropriate controls for mitigation/remediation.

Vulnerability Assessment & Management:

Conduct regular and comprehensive vulnerability assessments using specialised tools and methodologies.
Generate reports outlining the status of vulnerabilities, progress in remediation efforts, and recommendations for improvement to management and relevant stakeholders.
Evaluate and adapt policies and procedures related to the deployment of security patches and updates across the organisation's systems and software.
Collaborate with relevant teams to develop and implement remediation plans to address identified vulnerabilities.
Provide guidance and recommendations for patching, configuration changes, or other corrective actions to mitigate vulnerabilities.

Security Incident Response:

Conduct incident investigations to determine the root cause and scope of the incident.
Perform forensic analysis by examining logs, conducting memory analysis, and preserving evidence.
Identify vulnerabilities exploited and gather information for potential legal purposes.
Identify areas for improvement and update incident response plans and procedures accordingly.

Relevant certification(s) to support responsibilities such as CompTIA Network+ / Security+, CISSP, CISA, CCNA, CEH, or similar certifications.

Professional knowledge and technical skills:

Essential:

Minimum of 2 years’ experience in a cybersecurity or information security role.
Proficiency in security tools and technologies, including SIEMs, vulnerability scanners, etc.
Strong knowledge on network security.
Strong knowledge of cybersecurity frameworks, standards, and best practices.
Experience in conducting security assessments and incident investigations.
Experience assessing systems against established frameworks.

Desirable:

Experience in leading an organisation to ISO 27001 compliance and certification or other frameworks.
Experience building and maintaining compliance documentation across an organisation.
Strong knowledge on application, including practical knowledge of the OWASP top ten.

Interpersonal skills:

Essential:

Excellent analytical and problem-solving skills.
Effective communication skills to convey complex security concepts to non-technical stakeholders.

Desirable:

Experience working with clients in a managed services role.

At Trilateral Research, we provide ethical AI solutions for tackling complex social issues, from human trafficking and child exploitation, citizen security in crisis to pollution and climate change. We transform research into innovation and sustainable impact , focusing our efforts where we can enhance societal wellbeing.

Our compensation package includes: competitive salary, enhanced holiday entitlement increasing with service, company sick pay and family friendly pay, flexible working hours, remote working/working from home options, enhanced pension scheme based on service and continuous career development., Salary: Commensurate with experience.