Senior Cyber Security Assurance Consultant
29 Jan 2024

Company Background

AMR CyberSecurity is a leading provider of next generation cyber security consulting services and a member of the NCSC CHECK Scheme, CREST accredited penetration testing organisation and a PCI DSS QSA.

Due to a large demand from our customers, we are looking for a motivated talented senior level consultant to join our security assurance practice.

The work will be hybrid in terms of you will be home based, but with requirements for onsite attendance at customer meeting and workshops as required. Our customers are based primarily in the UK, but we also have a number of international customers.

We can offer a great package and benefits, excellent career development opportunities, a good work life balance, and the opportunity to work with a talented supportive team across a range of exciting a challenging customer projects across finance, central government, defence, chemicals, health and industry and engineering.

The role also offers the scope to develop new service lines and capabilities in order to meet market demands and evolving threat levels.

Role Profile

The ideal candidate will have 6 plus years of experience providing cyber security consultancy in a central Government and commercial sector environment.

The ideal candidate will have excellent customer facing and documentation skills and be able to engage with stakeholders at all levels on risk, compliance and technical security matters.

As a senior consultant you will be expected to lead on large scale projects and mentor and support more junior members of the team. As a senior consultant you will also be expected to contribute to the development of the assurance practice supporting the development of new service lines, capabilities and accreditations in order to meet market demands and evolving threat levels.

Technical Experience

• Production of security artefacts (e.g. security policies, information security management system documentation and HMG accreditation documents)
• Review of HLD and LLD documents
• Understanding of application security concepts and secure development life-cycle audits
• Understanding of current good practice standards and guidance (e.g. ISO/IEC 27001; NIST 800-53; PCI DSS; NCSC guidelines and principles)
• Good technical knowledge of assuring cloud environments (AWS, Azure and GCP)
• Good technical knowledge of networking technologies
• System auditing experience
• Good understanding of risk management and threat modelling methodologies

Qualifications

The candidate will be expected to hold a range of career certifications commensurate with the role and seniority level of the position. The below provides an example of the desirable certifications:

• CISM
• AWS or Azure technical security qualification
• CISSP
• SABSA
• QSA
• NCSC CCP SIRA or Architecture

Clearance

Must be able to hold UK National Security Vetting to a minimum of SC level.