Senior Information Security Analyst

Location City of London
Discipline: Technology
Job type: Permanent
Contact name: Andrew Spence

Job ref: AS - 29503
Published: 25 days ago
Expiry date: 25 Jan 2024 23:59

We are recruiting for a leader in their industry. It’s fantastic opportunity to join an established and award-winning security function as a Senior Information Security Analyst, and be part of the Cyber Security Team's Governance, Risk & Compliance division. Joining this division at this moment presents an exciting opportunity as it is currently undergoing substantial growth and development, offering numerous chances for personal and professional advancement.

 

Responsibilities:

 

·         Offer expertise in one or more information security management practices, such as security compliance, security risk assessment and management, and security policy management.

·         Align processes and activities with the organization's cybersecurity strategy in accordance with company policies and industry-standard frameworks (e.g., NIST CSF, NIST RMF, and ISO 27001).

·         Lead and conduct information security risk assessments, continuous security compliance monitoring, and various regulatory or contractual compliance activities.

·         Collaborate with other key stakeholders (e.g., quality assurance, legal, data protection office, business continuity, and other information technology business units) to ensure effective analysis and communication of information security risks and control compliance status within the organisation.

·         Identify training needs and participate in the development of training materials and communication resources for key stakeholders within your area of expertise.

·         Advise and educate stakeholders on managing cybersecurity risks and information assurance activities following policies and procedures.

·         Contribute to the creation and review of information security policies and procedures related to information security risk management and information assurance activities.

·         Prepare reports for key stakeholders to provide insights into the effectiveness of the cybersecurity risk management and assurance program.

·         Perform additional tasks as required to support the strategic mission and objectives of the Cyber and Information Security department.

·         Research and stay current on new technical literature relevant to information security, risk management, and information assurance.

·         Assist in the development of performance metrics and analyze them in relation to the business functions and processes of the Cybersecurity Risk Management and Assurance team.

 

Desired Qualifications:

 

·         Proficient technical knowledge of industry best practices and commonly used frameworks and standards (e.g., NIST 800-53/171, COSO, SOC/SSAE 18, COBIT, ISO 27001-2) and various regulations related to information security, cyber risk management, compliance, and data privacy (e.g., SOX, GDPR, HIPAA, GxP/GALP/GMP).

·         Previous experience using an integrated risk management tool (e.g., ServiceNow) and/or a vendor risk management tool (e.g., Process Unity) is a valuable asset.

·         Possess an intermediate-to-advanced understanding of risks and controls pertaining to technical, management, and operational security controls, system development lifecycle, business continuity, disaster recovery, data center controls, cloud computing, third-party risk management, and privacy.

·         Proven experience in identifying process failures or inefficiencies, conflicting business practices, integration issues, and offering alternative solutions.

·         Holds a certification such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor or Lead Implementer, or a similar credential (desirable but not mandatory).

 

Minimum Requirements:

 

·         Advanced skills in project coordination/management, relationship management, and communication.

·         Advanced problem-solving abilities and the capability to assess risk exposure or compliance deviations.

·         Bachelor's degree in Computer Science, Information Systems, Cybersecurity, Enterprise Risk Management, or a related field, or equivalent experience, along with 5 years of experience in risk management, cybersecurity, compliance, or a related field (or an equivalent combination of education, training, and experience).

·         Proficiency in written and verbal communication.

·         Fluency in English (reading, writing, and speaking), along with strong documentation and organizational skills.