Information Security Consultant

Job Description

abrdn plc is one of Europe’s largest investment companies, and we are built on a long-standing culture of caring about the future and making a positive impact. Together we invest for a better future. We do it to make a difference to the lives of our clients and customers, our employees, society, and our shareholders. Our business is structured around three distinct areas focused on our clients' changing needs.  

• abrdn Investments – a leading investment management business looking after £368bn of assets for Institutional, Wholesale and Insurance clients 

• abrdn Adviser – one of the UK’s largest providers of platform services to financial advisers with £75bn in assets across our Wrap and Elevate platforms 

• interactive investor – the UK’s most trusted investment platform for individual investors with 430,000 customers who have invested almost £75bn with us  

Our strategy is to build a vibrant and value-creating purpose-led organisation, with the current and future needs of our stakeholders at the heart of all we do. 

Security, Resilience & Protection (SRP) are at the heart of ensuring that everything we do as a business aligns with keeping our people and data safe. We put our clients and customers at the heart of this mission and use this as a guiding star to shape our approach. 

About The Department 

The Security & Resilience team is dedicated to safeguarding abrdn's operations, ensuring the highest standards of Information and cyber security. The Information Security Assurance team is evolving our approach, with a threat and data led method to assurance that will deliver tangible risk reduction. As part of this team, the Information Security Consultant will help to lead and coordinate information security assurance and advisory activities, promote a security-by-design culture and ensure abrdn maintains a robust cyber resilience control posture in line with global standards and regulatory requirements.   

About the role 

As an Information Security Consultant at abrdn, you will work with the Information Security Lead and the wider team to lead and coordinate information security assurance and advisory activities across the business. Your responsibilities will include acting as a trusted business partner, providing risk tailored advice, driving security best practice, and supporting the delivery of security assurance reviews to ensure the integrity, confidentiality and availability of information systems, in alignment with business objectives, security standards and regulatory requirements. 

Through positive engagement with the business, you will provide impactful information and cyber security control and risk posture assessments, that will contribute to the ongoing effectiveness and reduction of cyber resilience risk for abrdn. 

Key responsibilities  

• Assurance reviews: conducting comprehensive assurance reviews on information assets, projects, programmes and technologies to verify and validate the effectiveness of controls, and ensure compliance within security policies, standards, industry best practice and regulatory requirements. 

• Conducting security risk assessments and providing expert guidance and advice on risk mitigation by advising on appropriate controls to ensure compliance and operation within risk appetite. 

• Provide subject matter expertise to change initiatives and advise on appropriate security control requirements, ensuring the design and approach of these controls support business processes & goals, are timely, cost-effective, pragmatic (not excessive) and in line with our threat landscape and risk appetite. 

• Work with business areas to identify and assess information and cyber security and technology risks and provide pragmatic guidance on risk mitigation to ensure compliance with internal and external policies, standards, industry best practice, and regulatory requirements. 

• Work closely with stakeholders to understand risk exposure and improve the cyber resilience of abrdn through education and the identification and mitigation of risks.

• Deliver insightful information security assurance documentation and reporting to report on Information and cyber risk and control posture, providing strong actionable mitigations to strengthen cyber resilience for abrdn. 

• Engage with stakeholders to ensure alignment with organisational risk appetite and objectives.  

• Support information security assurance initiatives to drive continuous improvement in control and risk posture across the organisation. 

• Support the education and awareness program via interactions with the business. 

Knowledge, Skills and Experience 

The ideal candidate will possess the following: 

• Previous experience of working with information security and related topics such as testing & assurance, cyber security, data privacy, business continuity & resilience. 

• Knowledge of control and risk management processes. Ability to frame decisions in terms of risk and make good risk judgements. 

• Excellent planning skills and high level of organisation and discipline to meet specific targets and objectives. 

• Ability to demonstrate positive engagement and build relationships and trust with internal and external stakeholders. 

• An understanding of governance and risk principles and information security frameworks and/or standards (e.g. ISF SoGP, ISO 27001, NIST 2.0). 

• Recognised professional information security qualification e.g. Security+, CCSP, CISMP, CISA, CISSP, etc.  

• Desirable experience of processes involved in gaining and maintaining accreditation for secure/sensitive systems using structured risk analysis and treatment approaches, including gaining and maintaining certification for Information Security Management Systems, e.g. ISO 27001. 

Our Benefits 
 
There's more to working life than coming home with a good salary. We have an environment where you can learn, get involved and be supported. 
 
When you join us, your reward will be one of the best around. This includes 40 days’ annual leave, a 16% employer pension contribution, a discretionary performance-based bonus (where applicable), private healthcare and a range of flexible benefits – including gym discounts, season ticket loans and access to an employee discount portal. You can read more about our benefits here. 
 
Our business 
 
Enabling our clients to be better investors drives everything we do. Our business is structured around three distinct areas – our vectors of growth – focused on our clients’ changing needs. You can find out more about what we do here. 
 
An inclusive way of working 
 
Whatever way you like to work, if you have the talent and commitment to join our team, we’d like to hear from you. 
 
At abrdn we’ve adopted a ‘blended working’ approach. This approach combines the benefits of face-to-face collaboration, coaching and connecting in our offices with the flexibility of working from home. It enables colleagues to find a balance that works for their roles, their teams, our clients and our business. 
 
An inclusive culture, where diverse perspectives drive our actions, is at the core of who we are and what we do. If you need assistance with your application, or a reasonable adjustment to your interview arrangements – for example, because you are neurodivergent, or have a physical, sensory, cognitive, mental, visible or invisible disability – please let us know and we’ll be happy to help. 

We’re committed to providing an inclusive workplace where all forms of difference are valued and which is free from any form of unfair or unlawful treatment.  We define diversity in its broadest sense – this includes but is not limited to our diversity of educational and professional backgrounds, experience, cognitive and neurodiversity, age, gender, gender identity, sexual orientation, disability, religion or belief and ethnicity and geographical provenance.  We support a culture that values meritocracy, fairness and transparency and welcomes enquiries from everyone.

If you need assistance or an adjustment due to a disability please let us know as part of your application and we will assist.