At a Glance
- Tasks: Implement security standards and improve risk management processes.
- Company: Join DXC Technology, a leader in IT solutions with a people-first culture.
- Benefits: Enjoy competitive pay, health insurance, gym memberships, and more perks.
- Other info: Be part of a community that values inclusion and personal development.
- Why this job: Make a real impact in cybersecurity while growing your skills in a supportive environment.
- Qualifications: Experience in information security risk management and strong communication skills.
The predicted salary is between 60000 - 80000 £ per year.
At DXC Technology, delivering excellence for our customers and colleagues is more than just a motto; it’s something we strive towards constantly through our work. Every day we deliver mission critical services in a secure environment whilst promoting our people first agenda, a real sense of community and a healthy work-life balance. Our consistently positive customer feedback and continuous growth helps us cement our place as one of the world’s leading IT solutions enterprises, helping us deliver services and solutions in both challenging and exciting situations.
We actively encourage consistent growth on our journey towards a culture of inclusion and recognise that the people we employ are vital to providing a great customer experience. As such, we have a variety of training, support, and tools available to aid in your continual personal and professional development. At DXC, building a better you builds a better us.
Your role will include implementing standards, policies, and procedures for continual service improvement. We are looking for an experienced Security Consultant who has all round skills in information security risk management. Working closely with Security Architects and the design teams, provide a bridge between the technical teams and the security risk owner from the business, helping translate technical security risks into a form understandable to non-technical business people. Advise risk owners as to the severity of the risks they are being presented with and potential mitigation strategies (and their impacts) to enable them to make informed risk management decisions.
- Monitor implementation and ongoing maintenance of agreed risk management actions.
- Create, maintain, and utilise risk assessment and related artefacts such as the risk register and security-specific documentation such as Security Operating Procedures.
- Assist the Account Security Lead with creating and maintaining security-related processes, policies and guidance.
- Proactively identifying areas for improvement in security across the account, both to improve security, and make good security easier.
- A proactive approach towards looking for risks and problems.
- Deep knowledge and understanding of information and cyber security risk management.
- Experience in threat modelling utilising STRIDE or Attack Trees, NIST Cyber Security Framework.
- Experience or knowledge of various technology stacks including Cloud (AWS, MS Azure), M365, VMWare, Redhat Openshift or other container orchestration platforms, Windows and Linux operating systems.
- Knowledge of industry security guidance provided by the likes of OWASP and CIS.
- Aware of security champions programmes.
Competitive compensation includes a pension scheme, DXC Select – our comprehensive benefits package (includes private health/medical insurance, childcare vouchers, gym membership and more), perks at work (discounts on technology, groceries, travel and more), and DXC incentives (recognition tools, employee lunches, regular social events etc).
At DXC Technology, we believe strong connections and community are key to our success. Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf.