Infrastructure, Security, Technology and Change
£70,000 to £80,000 Per Annum
Bonus + Excellent Benefits
An exciting and challenging opportunity for an Information Security Assurance Analyst to join a leading global broker. You will be involved in planning, scheduling, monitoring and reporting on activities relating to information security.
The role will work in collaboration with information technology, Group Risk and Compliance, HR, Facilities and a number of third party vendors in addition to the main infrastructure outsources partner.
Key Responsibilities & Accountabilities:
- Support the Global Head of Information Security in maintaining and realising the cyber security strategy
- Contribute to Information Security governance and oversight framework
- Produce policies and supporting governance materialTake ownership for the Information Security Risk management processes Identify information security threats and work with technical teams to understand their exposure.
- Provide specialist Information Security input to IT and business operations.
- Ensure information security initiatives are up to date and security risks are identified and managed.
- Investigate, analyse, and review Information Security breaches, including near misses, making recommendations for appropriate control improvements.
- Provide feedback to security policy queries and escalations
- Build close relationships with key internal users, senior managers and external suppliers
- Coordinate security plans with third party vendors and ensure output from IT security services delivered by third parties is acted upon accordingly
- Responsible for management of cyber events, including notification, escalation, response and post incident review
- Maintain awareness and knowledge of contemporary standards, practices, procedures and methods
- Adhere to company and regulatory policies, procedures together with mandatory training requirements.
- Functional & Behavioural Competencies required:
- Proven experience in information security
- Excellent writing and communication skills
- Proven experience in third party supplier and vendor selection and management
- Significant experience and success in managing multiple issues, problems and work streams with a clear ability to prioritise
- Understanding of general information security concepts and principals
- Ability to consider the bigger picture, including the implications of process change and potential impact upon the strategies of the group business
- Maintain the integrity of process and approach, as well as controls, for the whole incident management process including the ability to co-ordinate and manage major/highly sensitive investigations with potential for business wide impact/reputational damage
- Experience of managing information security services specifically in relation to service design and on-going management
- Experience developing and maintaining written security controls, compliance monitoring, and defining treatment strategies
- Experience of Information Security risk management concepts
- Previous experience with Microsoft and other leading security vendors
- Experience of security frameworks such as NIST CSF/ISO-27001
- Experience with creating and managing information security awareness programs