Senior Information Security Analyst
Location | City of London |
Discipline: | Technology |
Job type: | Permanent |
Contact name: | Andrew Spence |
Job ref: | AS - 29503 |
Published: | 25 days ago |
Expiry date: | 25 Jan 2024 23:59 |
We are recruiting for a leader in their industry. It’s fantastic opportunity to join an established and award-winning security function as a Senior Information Security Analyst, and be part of the Cyber Security Team's Governance, Risk & Compliance division. Joining this division at this moment presents an exciting opportunity as it is currently undergoing substantial growth and development, offering numerous chances for personal and professional advancement.
Responsibilities:
· Offer expertise in one or more information security management practices, such as security compliance, security risk assessment and management, and security policy management.
· Align processes and activities with the organization's cybersecurity strategy in accordance with company policies and industry-standard frameworks (e.g., NIST CSF, NIST RMF, and ISO 27001).
· Lead and conduct information security risk assessments, continuous security compliance monitoring, and various regulatory or contractual compliance activities.
· Collaborate with other key stakeholders (e.g., quality assurance, legal, data protection office, business continuity, and other information technology business units) to ensure effective analysis and communication of information security risks and control compliance status within the organisation.
· Identify training needs and participate in the development of training materials and communication resources for key stakeholders within your area of expertise.
· Advise and educate stakeholders on managing cybersecurity risks and information assurance activities following policies and procedures.
· Contribute to the creation and review of information security policies and procedures related to information security risk management and information assurance activities.
· Prepare reports for key stakeholders to provide insights into the effectiveness of the cybersecurity risk management and assurance program.
· Perform additional tasks as required to support the strategic mission and objectives of the Cyber and Information Security department.
· Research and stay current on new technical literature relevant to information security, risk management, and information assurance.
· Assist in the development of performance metrics and analyze them in relation to the business functions and processes of the Cybersecurity Risk Management and Assurance team.
Desired Qualifications:
· Proficient technical knowledge of industry best practices and commonly used frameworks and standards (e.g., NIST 800-53/171, COSO, SOC/SSAE 18, COBIT, ISO 27001-2) and various regulations related to information security, cyber risk management, compliance, and data privacy (e.g., SOX, GDPR, HIPAA, GxP/GALP/GMP).
· Previous experience using an integrated risk management tool (e.g., ServiceNow) and/or a vendor risk management tool (e.g., Process Unity) is a valuable asset.
· Possess an intermediate-to-advanced understanding of risks and controls pertaining to technical, management, and operational security controls, system development lifecycle, business continuity, disaster recovery, data center controls, cloud computing, third-party risk management, and privacy.
· Proven experience in identifying process failures or inefficiencies, conflicting business practices, integration issues, and offering alternative solutions.
· Holds a certification such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor or Lead Implementer, or a similar credential (desirable but not mandatory).
Minimum Requirements:
· Advanced skills in project coordination/management, relationship management, and communication.
· Advanced problem-solving abilities and the capability to assess risk exposure or compliance deviations.
· Bachelor's degree in Computer Science, Information Systems, Cybersecurity, Enterprise Risk Management, or a related field, or equivalent experience, along with 5 years of experience in risk management, cybersecurity, compliance, or a related field (or an equivalent combination of education, training, and experience).
· Proficiency in written and verbal communication.
· Fluency in English (reading, writing, and speaking), along with strong documentation and organizational skills.
Latest jobs
- Senior Director, Head of Biostatistics
-
Job location: Boston Job salary: £270000 to £280000
A globally aligned Senior Director, Biostatisti...
- IT Compliance Associate
-
Job location: Cambridge Job salary: £23000 to £35000
I have an excellent opportunity to move into a...
- Formulation Scientist I, Lipid Nanoparticles
-
Job location: Boston Township
Company OverviewElevate your journey with an o...