Information Security Consultant
See yourself being part of a large, transformational change? This could be the role for you!
At Iress, we make things happen
We believe technology should help people perform better every day. Since our beginning in 1993, people across financial services have trusted us to take their performance to the next level. More than 10,000 businesses and 500,000 people use our software, from the world’s most iconic financial services brands to advice firms of all sizes, banks, insurers, investment managers, traders and brokers. Iress is one of Australia’s largest technology companies and employs more than 2,000 people across Australia, The United Kingdom, Africa, Canada, France, New Zealand and Asia.
Build your career at Iress!
Reporting into the Head of Security Risk and Assurance, this is a key role to support the implementation of the organisation's structured information security audit and improvement programme.
The role requires the individual to work closely with the Head of Security Risk and Assurance and the other members of the Information Security group to support the operation of the Iress ISMS. They will also be required to work closely with business and technical stakeholders within Iress who have operational responsibility for security activities. This may be through auditing the controls for which they are responsible, assisting them with the design or implementation of their security controls, or providing targeted security advice and awareness training.
By working with pragmatism and recognition of what the business needs to achieve, this role will help the Head of Security Risk and Assurance drive continuous improvement in the Information Security Team’s engagement across the organisation and deliver ongoing and increasing business value from the function.
Some of the awesome things you’ll be involved with:
Promote a business-partner approach to engagement - ensuring the function collaborates and works with (rather than police) business teams
Participate and assist in maturing, streamlining, maintenance and embedding of the organisation’s Information Security Management System (ISMS) - ensuring continuous yet pragmatic improvement to the non-IT (“business-facing”) elements
Assist in maintaining the organisation’s Information Security Management System (ISMS) artefact library
Assist in the preparation of information security policies, standards, procedures and guidelines
Participate and assist in the maintenance of ISO27001 and SOC 2 certifications
Participate and assist in the risk assessment internal audit programme (RAIA) and its associated processes against critical products and services provided by external suppliers, and support the tracking of remediation findings
Help to ensure the enterprise risk register is properly maintained and risk mitigation activities are prioritised (based on risk rating) and help to ensure Iress maintains effective awareness and monitoring of information security risks
Assist in socialising of policy, Data Protection Impact Assessments (DPIAs), client assurance, third party supplier due diligence to all relevant areas of the organisation - empowering and educating our people to take care of their own obligations
Support and operate the client assurance program; perform content reviews of FAQ databases, maintain proposal material and other client facing documentation
Assist in the development of Client Information Packs; participate and assist with Infosec responses to Client RFPs/Bids & DDQs
Participate and assist in Client-led security audits, assist with scheduling, meeting logistics and follow-up of findings
Assist other information security team members on direct engagements with internal and external clients on information security matters
Assist in the running of Information Security Management Forums (ISMF) meetings
Participate and assist in reviews of Infosec clauses in client contracts
Participate and assist in the infosec Incident & Breach response process. Liaising with Compliance and other teams (including other Info Sec squads) and helping to coordinate incident activity as required
Participate and assist in BCP & DR activities across the business based on priorities/risk. Assisting the measuring and reporting on the business' readiness to respond to stated event scenarios
What you will bring:
Experience in creating client facing collateral and maintaining it to remain relevant for changes in technology and procedures
Good communication skills and ability to facilitate client facing meetings
Designing, assessing and implementing effective security control solutions
Operation, and maintenance of an ISO 27001 certified ISMS
Performing security audits and/or technical risk assessments of systems and suppliers
Managing or performing an incident management and/or audit findings program
Exposure to eGRC systems
Strong understanding of current trends and developments in information security
Knowledge and understanding of relevant legal and regulatory requirements and guidelines (eg UK Data Protection Act, EU GDPR, APRA, Companies Act, Computer Misuse Act, FCA Regulation, ISO 27001, PCI DSS), IRAP and SOC 2.
Why work with us?
8 additional paid days per year to extend your weekends
Generous cash bonus for every successful referral
Annual Profit Share when Iress meets its annual profit targets
Starting school leave - 8.5 days of leave to assist your children with the transition to school
Up to 26 weeks’ paid parental leave for primary carers (up to 4 weeks for secondary carers), and the ability to work part-time when returning to work
3 days’ paid leave per year to participate in charity initiatives
Discounted health insurance premiums
Access to learning and development programs through Udemy
Iress is committed to fostering a welcoming and inclusive culture. We strongly believe that diversity is what makes our teams and our products succeed. Our people have different experiences, skills, perspectives and beliefs and everyone’s uniqueness is valued and celebrated.
Our hiring decisions are never based on sexual orientation, race, gender identity, religion, disability, citizenship, marital or family status and age. Even if you feel you don’t meet all of the requirements of the role, we would still like to hear from you!
We’re also proud to be globally recognised as a WORK180 Endorsed Employer that promotes and supports all women in the workplace.
For more information about what we do, our people and values, please visit our website - https://www.iress.com/join-us/careers/