Security Consultant - Digital Portal

Role Overview

The Security Consultant will provide expert guidance and hands-on support during the analysis and design phase of critical technology projects. This role ensures that security requirements are embedded into system architecture and operational processes, mitigating risks and aligning with regulatory standards.

What you'll be doing:

• Conduct security gap analysis for applications and infrastructure.
• Define and document security requirements for new systems and integrations.
• Define and document security functional specification for new systems and integrations.
• Define and document identity and access controls specification for authentication and authorization.
• Collaborate with Tech Risk, Architecture, and Project Management teams to ensure compliance with internal and external security standards.
• Review and validate design documents for adherence to security best practices.
• Provide recommendations for remediation and risk mitigation strategies.
• Support security testing plans and assist in vendor assessments.

What experience you'll bring:

• Solid track records on security controls design and architecture.
• Experience with secure design principles and threat modelling.
• Sound knowledge and experience on authentication and authorization controls design (e.g. OAuth, OIDC, SAML, JWT, B2B, B2C, MFA, CSRF, PKCE, etc.).
• Proven experience in information security consulting within financial services or regulated environments.
• Strong knowledge of risk management frameworks (ISO 27001, NIST, etc.).
• Expertise in application security, network security, and cloud security.
• Familiarity with regulatory compliance (e.g., GDPR, FCA guidelines).
• Ability to work collaboratively with cross-functional teams and external vendors.
• Excellent communication and documentation skills.

Preferred Qualifications

• CISSP, CISM, or equivalent certifications.
• Prior involvement in digital transformation or post-trade systems projects.