DescriptionDelivery of Consulting ServicesInformation Security AssessmentsInformation Security Awareness consultingPre-sales - working with the sales function to present and respond to technical requirementsTechnical expertise on specific services/products for pre-sales for key/large enterprises as/when neededDelivery of consulting services to clients, as per scopes of work that are signed before commencementDelivery of ad-hoc advisory to clients within the realms of information security, governance, risk, and complianceEvangelise security best practices, research, and knowledge sharing amongst customers and prospective customersServices Delivery ManagementAdhere and contribute to SLAs, metrics, reporting, project scoping and management,



customer escalation, engagement management, etc.Management of internal security governance, risk, and compliance - using the 'eating our own cooking' approach.Outcomes and measuresDevelop Information security governance & risk management strategies, frameworks (ISO27001 & PCI-DSS), policies, standards, and metrics to measure maturity of overall security operations in alignment with business priorities and its tactical/strategic objectives.Perform reviews, assessments, and system implementations based on industry/regulatory requirements such as ISO27001, NIST Cybersecurity Framework, SOC2/SSAE-18, Australian ISM, etc.Scope required activities and perform project estimates as required, ensuring that consulting activities defined in these scopes are delivered to the highest standards.Engage in skills transfer - both internally and with customers.Deliver assignments securely on time within budget and share results and recommendations to both technical and non-technical customers, in the form of either in-person presentations, written or verbal reports.Develop and maintain strong relationships with customers through timely delivery of projects.Conduct project management,



where required.Maintain InfoTrust's internal security standards and confidentiality of customer material as defined in our ISO 27001:2013 aligned ISMS.Professional skills, qualifications and experienceMinimum of 2-3 years' experience in IT, preferably in information and cybersecurity.Minimum 1-2 years' experience in a GRC focused role.Experience in conducting IT security and cyber/information security assessments.Experience assisting with audits (internal & external) and auditors.Proven track record building strong relationships with key business leaders and stakeholders.Practical understanding of Information Security Standards & Frameworks, for e.g.
NIST CSF, ISO 27001, GDPR, ASD, ISM.Good to have - 1 or more professional Information Security certifications (ISO 27001, CISSP Associate,



CompTIA Security+ or equivalent).Personal Attributes & Interpersonal SkillsStrong Stakeholder management capabilities.Outstanding verbal and written communication.Adaptability to change.Ability to align Cyber/Information Security objectives with key business goals.Prepared to act as a 'hands-on' leader, as required.Leadership CompetenciesDecision making competency.Strong business acumen.Performance management.An understanding of business engagement drivers.Personality Core ValuesCustomer Driven.Accountable.Team Player.Humble.Trustworthy.Health and Safety ResponsibilitiesComply with OHS legislation.Work in accordance with safe working practices.Ensure that any hazard or injuries are reported to your manager.Environmental awareness is followed in daily performance of duties.
#J-18808-Ljbffr