I am a Job Seeker looking for work

Overview

Our leading Financial Services Sector Client is continuing a high growth trajectory, coupled with an ambitious transformation programme are now seeking an Information Security Analyst to assist in the provision of day-to-day information security authorisations on key controls; the monitoring, audit, and reporting on information security controls; the creation and maintenance of information security documentation; and to participate in information security audits.

Role Profile

• Assist in the documentation of information security incidents and their follow-up actions, agreeing the required actions and ensuring that all required actions are carried out
• Documentation, regular review and update and ongoing production of runbooks to assist in the timely resolution of Security Incidents
• Assist with development of relevant BCP plans for IT and business
• Reports IT & security risk and escalates for appropriate remediation
• Assist in the assessment of risk to the security of information, assets, and personnel
• Assist in management of cyber risk including risk reviews and mitigation planning
• Assist with the initial certification and ongoing adoption of ISO27001
• Maintain and develop information security documentation to agreed standards
• Assist in the support of external information security audits, management reviews and internal information security audits
• Monitor, or assist in the monitoring of, key measures of ISMS performance
• Assist in projects to implement corrective actions resulting from risk assessments, security incidents and other sources revealing information security weaknesses that need to be addressed
• Authorise the release of system changes into production environments according to agreed parameters and processes
• Provide information security guidance to software development IT team as part of Software Development Lifecycle
• Perform regular internal and external security audits and testing including penetration testing
• Assist in projects to implement corrective actions resulting from risk assessments, security incidents and other sources revealing information security weaknesses that need to be addressed
• Contributing to the creation of a culture of risk awareness and the highest standards of corporate governance
• Assess operational risks, associated day-day activities and implement risk mitigation controls as necessary
• Ensure operational risk events are reported on a timely basis and risk event actions are completed within agreed timelines
• Maintain effective relations with all key stakeholders across company
• Quality and timeliness of communication updates to all relevant parties
• Ensure appropriate service is delivered at all times, across all business lines and that feedback is sought from key stakeholders to fully assess the service quality
• Represents company strategy and commercial decisions in a proactive and positive manner
• Leads by example, to motivate and assist with managing change across the organization

Person Profile

• Relevant degree level qualification in IT or equivalent industry qualifications (CISSP, MCP)
• Experience in / Knowledge of security tools and solutions

Desirable

• At least 2 years' experience in Information Security, or IT system administration
• Relevant certification is preferred (ISO27001 lead auditor, CISSP, CISM, CRISC, CCRO) along with following experience:
• ISO27001
• Internal audit knowledge
• Risk analysis - systems/projects/changes
• Security technical knowledge / skills
• Information Systems such as Active
• Directory, VMware, Firewalls, Network,
• Storage, QRadar/SIEM
• IT hardware, software, process appreciation