Virtual CISO

Why Saepio?

The world of cyber security is fast paced and exciting, and so are Saepio!

We are a risk-focused Cyber Security Solutions Provider that works with UK-based corporate customers with anything between 250-5,000 users & sometimes more. Our sole purpose is to help our customers reduce their cyber security risk by increasing their resilience across People, Process and Products following Saepio’s ‘Right size’ approach.

Cyber security is a team sport, and it is our team of talented and driven employees that has been the key to our continued success. We know that, as a cyber security professional, the world is your oyster when it comes to job opportunities, so we aim to build a company culture that you will want to be a part of and that supports you to be the best version of you.

You can find out more about the way we do things at Saepio and what it is like to be a Saepion at our website https://saepio.co.uk/how-we-do-it/.

We recognise that talent comes in many shapes and sizes and from all walks of life and that often the best cyber defenders are the ones that you least expect. We encourage anyone who shares our passion and has the experience/potential to contribute to our success to apply.

The Opportunity for You

As a pure play cyber security company with a broad portfolio of customers, we can say with certainty that this role will ensure that you are working with a wide range of customers focused on solving their security challenges. This opportunity sits within our growing M-CISO Consulting Practice and presents an exciting opportunity to the successful candidate to help us build and grow this service.

With the increasing likelihood and impact of cyber-attacks coupled with a relative lack of internal security knowledge, many Saepio customers turn to us for strategic guidance. Saepio are recruiting for an experienced Information Security Risk Consultant, ideally a former CISO/Hd of IT Security/GRC SME, to work alongside our M-CISO team and deliver an outstanding service to our Customers.

The role is customer facing and customer focused. The successful applicant will be working with key Saepio customers on an onsite, remote, and/or virtual basis as appropriate, helping to develop and deliver the cyber security strategy as well as other security and information risk management initiatives. Operating as a virtual CISO, you will continuously improve and enhance their security posture, drawing on leading industry standards/frameworks e.g. NCSC Cyber Assessment Framework (CAF) that forms the basis of our Cyber Risk Assessment (CRA) approach.

The successful candidate will be expected to exercise a great deal of autonomy when delivering the service; however, there will be support from the broader team in both the Information Security and Customer Service aspects of the role. Saepio will support the training and development of the successful candidate along their journey to becoming a certified Chief Information Security Officer.

Main Responsibilities of this Role

Conduct initial and on-going assessments of maturity against NCSC CAF and/or ISO27001

Guide and drive security initiatives through scheduled weekly, monthly, and quarterly sessions

Establish and maintain an Information Security Management System (ISMS)

Define Risk Management Framework / Risk Register / Risk Treatment Plans

Administer/Inform Risk Committee and Infosec Committee

Produce and present quarterly Board reports

Align the security strategy to the customers business objectives

Understand how security controls can be utilised to plug gaps in a risk centric fashion

Present at Saepio customer events

Knowledge and Skills Required to be successful in the role. The successful candidate should be able to demonstrate the following:

At least 10 years’ experience in a hands-on IT Security function, including time as a CISO/Hd of IT Security/GRC lead/senior Consultant

A broad range of technical and non-technical security related skills and knowledge

Experience of working with, and guiding companies through the attainment of IT and Information Security standards (as a minimum - ISO27001 & Cyber Essentials Plus)

Excellent senior stakeholder management

Proven ability to effectively communicate with all levels at a customer - analyst/manager/head of IT/Board

• Understanding of, and experience implementing, solutions across the CIS 18 Critical Security Controls

Proven Experience in:

• Undertaking security gap analysis assessments
• Developing, documenting, and maintaining security policies, processes, procedures, and standards
• Security Architecture design
• Implementing cyber governance and security strategies
• Producing Weekly/Monthly/Q
• Quarterly reports/dashboards
• Working with outputs of SOC tools/systems
• Risks associated with 3rd party supply chain
• Increasing security awareness, behavior, and culture
• Running Incident Management exercises, table-top or otherwise

Desirable Certifications:

Certified Information Systems Security Professional (CISSP)

Certified Information Security Manager (CISM)

CompTIA Security+

Certified Information Privacy Professional

Cyber Essential Plus Assessor

ISO 27001 Implementor/Auditor

CEH

NCSC-approved Cyber Advisor

A full Driving License is also desirable to ease travel to Clients in non-metropolitan areas.