Change & Transformation, Security, Technology and Change
£60,000 to £70,000 Per Annum
A Leading Lloyd’s Syndicate has a fantastic opportunity for a Business Information Security Analyst to partner with Head of Compliance and work closely with IT acting as a resident security expert assisting with the UK entities and Global IT Security Leadership team with the improvement of information security company wide.
·Work with Compliance Team and Information Security Team to drive risk averse behavior and adoption of controls to mitigate risks.
·The adoption of core security services (PKI, Identity, Key Management, Detection and Response, and Vulnerability Management)
·Adapt and implement Global information security policies and standards specific to the clients UK and Europe businesses ensuring alignment with regional requirements.
·You’ll develop and communicate security and compliance requirements to internal stakeholders and key business partners.
·Provide information security direction and guidance for business initiatives and engagements with third-party service providers.
·Provide business and technical advice on a wide variety of IT risk issues, concerns, and problems, making sure all business processes incorporate adequate information security.
·Be a technical leader in periodic information systems and applications risk assessments, including those associated with the development of new or significantly improved business applications
·Monitor current and proposed laws, regulations, industry standards and ethical requirements related to IT risk, privacy, and information security and liaise with the Head of Compliance and Head of IT as appropriate.
·3-5 years of hands on experience with managing regulatory and data security issues including tracking of new regulations affecting data
·5+ years experience working in a security focused role in the technology or other technology heavy industry (e.g. Financial Services)
·Bachelor's degree in Computer Science, Information Systems, Engineering or a related discipline
·Strong understanding of Operational Risks including identifying risks, prioritizing, and implementing remediation activities
·In depth understanding of IT risk, information security fundamentals, defense-in-depth practices, IT risk assessment fundamentals and risk management practices.
·Hands on experience in managing large programs of work across many business units and functional areas
·Superb communication and interpersonal skills.
·Certified Information System Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) certifications preferred
·Working knowledge of:
·Cloud computing architectures and the associated security designs and challenges
·Common open source libraries and technologies (e.g. Kafka, Spark, Hadoop) and how to effectively harden them
·Common web application development technologies (e.g. Java, PHP, Python, AJAX, .NET etc...) along with tools and processes to enable teams to develop safely
·Strong executive presence and ability to engage with customers regarding security (e.g. Executive Briefings and incident communications)