Information Security Analyst

Information Security Analyst required for market-leading financial services firm. The role will be centred around identifying control gaps in areas such: Security tooling, usage of legacy/obsolete IT systems, PAM & IAM, hardening and security training.

Responsibilities:

• Lead the creation of control catalogue.
• Perform gap analysis of current controls and recommended remediation.
• Control testing and optimisation
• Ensure adherence to frameworks such as NIST, COBIT and ISO27001.
• Track, update and manage outstanding Risk Acceptances and mitigating controls therein.
• Track live risk and audit items and actions, including chasing action updates.
• Be a conduit for all audit activities which impact the IT department, this includes any follow-on actions.
• Identify, plan, manage and drive opportunities for improving efficiency and effectiveness cross-functionally, through the Continuous Improvement Plans to help mitigate risks.
• Organize and support continuous improvement activities to improve team skills and enhance knowledge development of risk management within IT.  Act as “go to” management support for risk management activities and initiatives, general process knowledge and strategies for employees at all levels.

As an ideal candidate, you will have an industry certification such as CISSP/GRCP/CRISC and have expert knowledge of technical and non-technical security controls.  You will also have a proven track record of delivery in a similar role. Financial Services experience preferred but essential.