Responsibilities
:
* Support the delivery of the Information Security Management System and drive continuous improvement in information security.
* Evaluate and assess cybersecurity controls across the business and third-party vendors to ensurepliance with the NIST Cyber Security Framework (CSF).
* Conductprehensive risk assessments using the NIST CSF.
* Identify cyber threats, risks, and issues using risk management techniques.
* Develop and conduct third-party vendor security assurance activities.
* Collaborate with cross-functional teams to develop and implement risk management activities.
* Respond to security support tickets and provide information security support and escalation.
* Create and collect metrics, validate security control performance, and identify emerging cyber risks.
* Collaborate with the Enterprise Risk Management (ERM) team to maintain, develop, and deliver cyber risk reporting and appetite statements.
* Maintain and develop Information Security policies and procedures relevant to the current cyber threat landscape.
* Maintain, develop, and test the Cyber Incident Response Plan.
* Monitor and managepliance with relevant cybersecurity regulations.
* Manage actions and output from stakeholder engagements, including customers, regulators, and auditors.
* Stay current with emerging security trends, threat intelligence, industry standards, and security-enhancing technologies.
Essential Skills, Knowledge & Experience:
* Proven experience in an Information Security role.
* Experience working in a professional or financial services environment.
* Hands-on experience conducting cyber risk assessments and developing mitigation strategies.
* Experience with cybersecurity control assessments and maintaining risk reporting and appetite statements.
* Knowledge and experience with recognized security frameworks such as NIST CSF, ISO27001, etc.
* Experience managing and maintaining cybersecuritypliance with regulatory frameworks such as FCA, PRA, NYDFS.
* Experience developing aernance framework by maintaining policies and procedures.
* Ability to meet agreed deadlines and work independently or collaboratively.
* Strong interpersonal andmunication skills, both written and verbal, with the ability to interact with technical and non-technical stakeholders.
* Strong analytical, problem-solving, organization, and planning skills.
* A proactive and enthusiastic approach.
* Knowledge of Microsoft systems (on-premise and Azure cloud), technologies, infrastructure, and systems management tools.
* Ability to respond positively to exceptional events in information security.
This is a fantastic opportunity to contribute to apanymitted to continuous improvement in information security during a time of digital transformation and growth. If you are passionate about cybersecurity and meet the above criteria, we would love to hear from you.
Job ID BBBH106782
