Information Security Analyst

Information Security Analyst required for market-leading financial services firm. The role be focused on supporting their GRC function and assisting with certification of ISO27001

Role Overview

• Support the development, implementation, and maintenance of information security policies, procedures, and standards.
• Support the establishment and enforcement of information security best practices and controls across the Global Executive Office and Member Firms.
• Provide support and expertise to ensure the confidentiality, integrity, and availability of company data and systems.
• Mentor and guide junior team members in information security best practices

Key Responsibilities

• Contribute to the development of a cybersecurity-oriented culture within the global network.
• Support the definition of information security standards, policies and procedures for both Global Executive Office and the wider Network.
• Support the monitoring and reporting of a global Information Security Management System (ISMS) across 100 different locations to ensure compliance with the requirements of ISO27001.
• Support the recertification process to ISO27001:2022, coordinating the migration across 100 different locations.
• Conduct due diligence and assessments of third-party and Member Firm information security policies, standards, controls, and assurance.
• Assess security risks and track remediation activities for the global network.
• Provide advice and guidance on improvements and remediation actions to enhance security posture.
• Assess and manage third-party vendor security risks with respect to the Global Executive Office.
• Support the mentorship of the information security governance team members to foster a culture of collaboration, learning, and excellence within the team.

Skills, Knowledge, and Experience

• Professional certifications such as CISSP, CRISC, CISM, or CISA are highly desirable.
• Experience in information security, including hands-on technical expertise, along with a proven track record in team management and leadership.
• Strong knowledge of information security frameworks, standards, and best practices.
• Excellent communication and interpersonal skills.
• Experience with information security and IT Audit, Risk, and Technology Assurance.
• Excellent knowledge and understanding of information security risks and threats, with the ability effectively communicate and collaborate with stakeholders to identify potential areas for improvement.
• Proficiency in the concise communication of security concepts to a broad audience while demonstrating their relevance to business value.
• Proficiency in engaging stakeholders at all levels, interacting with individuals from diverse backgrounds, including those from business and technical domains, both internally and externally facing.
• Familiarity with security frameworks such as ISO27001 and the NIST Cyber Security Framework.
• Desirable understanding of data privacy regulations, e.g. GDPR.

 

IND123