Information Security Consultant – Policies & Standards

Information Security Policies and Standards Consultant required for market leading financial services firm. The role is focused on development, implementation, and continuous improvement of security policies, procedures, and standards across the organization. This role requires a deep understanding of security governance, industry standards, regulatory frameworks, and risk management to ensure the organization’s information security posture remains robust and compliant with all regulations.

Duties:

• Lead the development, implementation, and maintenance of information security policies, standards, and guidelines to address evolving security risks and compliance requirements.
• Ensure security policies are comprehensive, consistent, and aligned with organizational objectives, regulatory mandates (e.g., NIST, ISO 27001, GDPR, HIPAA), and other industry best practices.
• Establish clear processes for periodic review, update, and approval of security policies.
• Advise on and ensure compliance with relevant security frameworks and regulatory requirements (e.g., NIST, SOC 2, PCI DSS, ISO 27001) for the entire organization.
• Provide subject matter expertise to help identify, assess, and mitigate information security risks.
• Coordinate with audit and risk management teams to ensure security policies and standards are being followed and risks are properly mitigated.
• Design and implement governance structures to monitor, enforce, and ensure adherence to security policies and standards across the organization.
• Develop and maintain a security metrics framework to evaluate the effectiveness of information security policies, standards, and procedures.
• Serve as a key stakeholder in organizational risk assessments, vulnerability management, and incident response planning.
• Collaborate closely with internal teams, including IT, legal, compliance, and business leaders, to ensure the successful adoption and execution of information security policies and standards.
• Lead and facilitate security policy training, awareness programs, and workshops across the organization to drive a strong security culture.
• Act as a trusted advisor to senior management, providing expert recommendations on security governance, policy issues, and risk management strategies.
• Stay current on emerging threats, security technologies, and regulatory changes to proactively adapt policies and standards to maintain best-in-class security practices.
• Lead efforts to continuously improve the organization’s information security posture through policy enhancements and process optimization.
• Publish thought leadership content, and represent the organization at industry conferences, forums, and working groups.

As an ideal candidate, you will have an industry certification such as CISSP, CISM, or CRISC. You will also have a proven track record of delivery in a similar role. Financial services experience is highly advantageous.