Security Consultant

The Security Consultant works performs a critical role within the Security Risk & Assurance team and is designated as Welsh Water's Cyber Risk Lead. The Cyber Risk Lead manages all aspects of our cyber and supply chain risk management frameworks. They work across all areas of the business including; Integrated Technology Services, Operational Services, Retail, Water Services, and Wastewater. The role will require close collaboration with a wide range of technical stakeholders and senior leadership within cyber, technology and the wider business. The role balances hands on delivery of risk assessments and risk treatment plans with risk reporting and capability management. Your responsibilities will include:

• Ensure an effective process for stakeholders to report cyber risks is implemented
• Lead the assessment of cyber risks and provide appropriate likelihood and impact statements
• Support the development of risk treatment plans and govern their delivery
• Manage the cyber risk register and manage compliance with defined risk tolerance levels
• Define and manage Key Risk Indicators (KRIs) for cyber
• Ensure the Cyber Risk Management policy and associated guidance documentation is accurate, up-to-date and meets organisational requirements
• Support internal governance and assurance forums with accurate risk reporting
• Ensure the Supply Chain Risk Management & Third Party Security policy is accurate up-to-date and meets organisational requirements
• Onboard and assess suppliers via our 3rd Party Risk Management platform - supporting remediation actions and consequence management for non-compliant suppliers
• Support project teams and procurement in supply chain risk management
• Undertaking any other requirements as outlined by the line manager
Who you'll work with Internal
• CISO, Integrated Technology Services Senior Leadership, Security Architecture, Business Sponsors, Project & Programme Managers, Head of Procurement, Head of Legal, DPO, Chief Data Officer, IT &OT Architects.
External
• Outsource IT providers, Cloud Service Providers, Significant suppliers to Welsh Water, External Auditors, Regulators.
  
  Knowledge, Skills & Experience:
• Recognised professional certification such as; CISSP, CISM, CISA, CRISC
• Wide ranging knowledge of Information Security and IT Security frameworks(NIST CSF, CIS Critical Security Controls, ISO27001 etc.), standards and application of Security best practice
• Experience of assessing complex technical cyber risks in a large complex business and managing them via a risk register
• Experience of managing supply chain security risks and associated tools to monitor supplier security posture
• Experience of engaging consultatively and openly with internal & external stakeholders to ensure good collaboration and positive working relationships
• Strong technology grounding - familiarity with its implementation and use within the corporate environment, and the potential vulnerabilities that could arise
• Demonstrable Security risk management knowledge and experience
  
  Dŵr Cymru Welsh Water keep 3 million people healthy each day with safe, reliable water, and take away wastewater to clean, before returning it safely to our beautiful rivers and seas.
To be able to deliver high quality, essential services which help to protect the health of our customers, colleagues and our environment, we need the right people to deliver on our vision. This is achieved by living our core values and demonstrating the core behaviours that underpin them. The security of our people, assets and information is key to us, so we are looking for people who understand and comply with the company's required security objectives. We know that the most successful teams are the most diverse teams. Equality, diversity and inclusion provide the very foundation to our culture at Welsh Water. We want every individual to feel confident, proud and able to bring their whole selves to work. To ensure an improved representation in our workforce, applications are particularly welcome from minority groups including Black, Asian and Minority Ethnic people, Females, LGBT+, Non-binary and people with disabilities. Together we continue to build a workplace that not only celebrates the diverse voices of our colleagues but also represents each customer we serve. In essence, ours is a company based on trust, openness, respect, commitment and honesty. A company that our colleagues are proud to work for. Dŵr Cymru Cyf, a limited company registered in Wales No. 2366777. Registered office: Linea, Fortran Road, St. Mellons, Cardiff CF3 0LT

As well as a market competitive salary, 33 days annual leave (pro rata, including public holidays), we offer a range of employee benefits and rewards including:
• Variable pay schemes (your salary band will remain the same, but performance depending, you could receive an incremental within-band increase and a yearly incentive)
• Option to buy additional annual leave up to 5 days per year
• Enhanced employer pension contributions - Up to 11% employer contributions
• Free Mortgage Brokering Services
• Enhanced family friendly policies
• Progression opportunities, including the ability to apply for funded training and coaching and mentoring programmes
• Gym and fitness discounts as well as high street shopping
• Cycle to work scheme
• Discount off all Welsh Water visitor attraction centres and gift shops
• Car-leasing scheme and free on-site parking at all sites
• Health CashBack scheme and access to an online GP service
• An employee assistance programme for employees and their immediate family
• Many more can be found here!
Whilst also working for a not-for profit company that truly cares about earning the trust of customers everyday, and about looking after our beautiful environment. Please note, we may close this role sooner if required. We may also extend the original closing date depending on interest. Due to the nature of the industry, we require satisfactory references, post offer medical clearance, and a criminal records Basic Disclosure check on all new employees joining the business. For some roles there may be additional checks and security clearance required, and this offer is subject all checks being satisfied. You will receive further information on how to complete these checks via email once you have accepted this offer.