Consultant, Proactive Security Services
Aon is currently recruiting a Senior Consultant to join our team in London. This Senior Consultant will be part of a part of a cross-functional Security Advisory team that assists our clients in addressing and managing a wide variety of Security, Risk, Compliance, and Governance challenges in a consultative and collaborative manner. Typical client engagements include focus on Security Architecture, Risk Assessment, Cloud Security, Data Protection, Compliance, and other areas of transformative Cybersecurity program enhancement.
Headquartered in London, Aon Plc is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance.
Aon is an equal opportunities employer. Aon's recruitment and selection policy ensures the best possible skill mix of colleagues and the highest quality candidates are appointed using objective job-related criteria.
About the Role
The responsibilities of this position include but are not limited to the following:
- Functioning as a senior consulting resource on various Cybersecurity client engagements.
- Evaluate client security programs, technologies, controls, and business environments.
- Recommend and develop enhancements to client Cybersecurity programs, including focus on technologies, processes, and controls.
- Analyse existing client security programs; conducting comprehensive reviews of threats; evaluating and analysing relevant data points.
- Engage in client Security Architecture assessments, regulatory compliance initiatives, and information security program reviews.
- Assist with developing Information Security Plans and Policies, including those for Incident Response, customized to client requirements and risk profile.
- Coordinate with Stroz Friedberg security specialists, incident response handlers, digital forensic experts, network engineers, system engineers and Web application engineers to explore and report on specific security risk issues in depth.
- Provide recommendations on solutions to help clients manage information security risk.
- Assess IT network and security architectures as they relate to managing identity and access privileges, delegated administration models, workflow and access control models.
- Produce and present deliverables for client consulting engagements.
- Track emerging security practices and contribute to building internal processes.
Essential Job Functions
This position requires handling multiple engagements with overlapping deadlines. A demonstrated ability to produce high-quality deliverables on a various types of information security consulting projects is critical.
Expert level technical skills in some of the following areas:
- Risk Management and Assessment practices.
- Security policy, governance, privacy or regulatory experience (e.g., NIST, ISO, HIPAA, PCI).
- Business process governance, compliance, and enterprise risk management.
- Knowledge of BYOD and Mobile Device Management concepts.
- Securing cloud based platforms (Microsoft Azure, Amazon AWS, etc.).
- Knowledge of industry standard frameworks – NIST, ISO, HIPAA, PCI.
- Passion for creating high quality deliverables, tools, and automating processes.
- Knowledge and/or experience with network architecture, including network security.
- Knowledge and/or experience with Active Directory security, including scans, best practices and security configuration.
- Knowledge and/or experience with Application Security controls including design, dynamic scans, static code analysis.
- Knowledge and/or Identity and access management (I&AM) experience with Active Directory, NTFS permissions, LDAP and Single Sign On (SSO) solutions.
- Application and database security experience, including code reviews is helpful.
- Network and security engineering experience, including log and network traffic capture analysis.
- Experience with system hardening procedures for Windows, Linux, Unix is helpful.
- Security operations experience with firewalls, IDS/IPS, SEIM platforms.
- Knowledge of programming and scripting for development of security tools and industry frameworks is helpful.
- Knowledge of TCP/IP Protocols, network analysis and network/security applications.
- Knowledge and/or experience with Nmap, Nessus, Nexpose, Qualys, Burp, Kali, Metasploit, Meterpreter, Wireshark, Kismet, Aircrack-ng is helpful.
Responsible for working in accordance with the Aon UK Limited Risk Management Framework, and compliance with the Aon UK Limited policies, including participation in the management of risks (including completion of mandatory training) that may adversely affect the business, interests or reputation of any Group Company.
The ideal candidate would have 3+ years in information security consulting, risk management, compliance, security engineering, and / or other related areas. The position requires a strong, diverse technical and risk-oriented background and truly exceptional oral and written communications skills. The candidate must demonstrate proven success in working in a team as well as independently and exhibit follow-through to understand root causes of issues. This position calls for an individual who exhibits thoughtful introspection but is also able to assess a broad spectrum of issues. A collaborative approach is a must, as well as the ability to effectively communicate with a wide range of technical and non-technical personnel. Finally, personal flexibility and the ability to travel globally is required.
- 3+ years of IT security, consulting, engineering, or risk management.
- Experience performing security and risk assessment work.
- Excellent written and verbal communication skills.
- Client facing consulting experience is a plus.
- IT security certifications (CISM, CISSP, OSCP, OSCE, GIAC) are a plus.
Bachelors Degree in computer science or information technology, or a related field. Masters degree in information/computer science or a technology-related field preferred
Salary and Benefits
This role offers a competitive salary and bonus, plus a comprehensive benefits package and 25 days holiday. Through our flexible benefits, you will also have the opportunity to choose additional benefits, including healthcare, childcare vouchers and additional holiday.