Verbinden...

W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9vbgl2zxitamftzxmvanbnl29mzmljzs1izy1pbwfnzs5qcgcixv0
W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9vbgl2zxitamftzxmvanbnl29mzmljzs1izy1pbwfnzs5qcgcixv0

Information Security GRC Analyst

Plaats: City of London, London
Salaris: £40000 - £60000 per annum
Geplaatst: 12 dagen geleden
Contract Type: Permanent
Industrie: Information & Cyber Security
Contactpersoon: Fiona Prescott
Email: Fiona.Prescott@ojassociates.com

Information Security GRC Analyst

The purpose of the role is to support the Head of Information Security, ensuring the effective management of tasks and processes related to information security governance, risk and compliance. You will develop and manage control frameworks, create and maintain the infosec standards and look at risk remediation plans and best business practices.

Responsibilities:


* Develop and manage the information security risk register, evaluate security and privacy risks, risk remediation plans, balancing business drivers, best practices and external drivers
* Develop and manage the internal controls framework, linking information security risks to controls, defining metrics and capturing measurements
* Support the Data Protection team, managing technical controls and maintain a clear mapping to data protection risks
* Assist in the design of security controls and provide input to projects from the early stages of idea development
* Assist in the creation and maintenance of information security standards and technical specifications in collaboration with the Information Security Architect
* Produce insightful and high-quality management information for reporting into the Information Security Group and the Operations Committee
* Design audits of security capabilities, systems and processes to ensure compliance with operational standards and specifications, with a focus on automation and the reduction of manual gathering of metrics (eg patching levels, email security, encryption, data backup, remote access)
* Manage audit activities and be the main point of contact for internal and external audits
* Manage third party assurance activities of suppliers and affiliates


You will:


* Manage compliance control self-assessments and questionnaires from regulators, head office and customers
* Manage day-to-day operational security requests, such as information security approvals and policy exception management
* Oversee penetration testing services and track remediation activity
* Ensure that reported security incidents are logged, investigated, managed and escalated where appropriate
* Provide periodic security awareness training and education to the business

You will bring with you:

* Experience developing and maintaining written security controls, compliance monitoring, and defining treatment strategies
* Experience in performing risk assessment and GITC audits
* Experience with compliance frameworks (ISO2001, NIST, SOX)
* Experience with advanced Microsoft Excel functions
* Good understanding of security sub-systems (eg firewalls, IDS/IPS, DLP)
* Good understanding of public cloud services (eg AWS, Azure)
* Experience with creating and managing information security awareness programs
* Strong interpersonal and consultative skills
* Excellent organisational skills
* Desirable certifications: CISSP/CISA/CRISC/CISM/CIPP
* To be aware of and comply with the relevant rules and regulations in relation to financial crime & conduct

Titel