Information Security Analyst GRC

My client, an International bank, based in London, is looking for an Information Security Analyst to join it's team. Three MUST for this role:1) Three days per week in the office2) They dont offer sponsorship3) You must come from banking or financial services background4) Must have at least 2/3 years experience in your current firm

About the Information Security Analyst role:

To assist the Branch Information Security Officer in developing and maintaining the Branch ISMS, and in providing a professional responsive service to assist management in identifying and mitigating information security risks which could seriously impact the Bank.

This includes the provision of expert advice, oversight, and assurance on, the selection, design, justification and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability, and relevant compliance of information systems with legislation, regulation, and relevant standards, in concert with Bank Head Office alignment.

Notes from HM:

I’m ideally looking for someone who has a broad infosec background (it will usually be a smaller operation or someone who has moved roles in a larger operation) but with an understanding of how to translate this in GRC terms and generate KRI/KPI (as opposed to someone who works within a dedicated GRC function and knows how to use the tooling and work to policy).

KEY RESPONSIBILITIES

• To maintain Information Security assurance activity (structured and unstructured) to assess and report on divergence from policy or agreed standards (control objectives) or to identify opportunities for improvement, thus allowing flaws to be redressed and continual improvement for 1st Line of Defence (1LoD)
• To track, and report on, findings and actions arising from Information Security reviews, audits, and incidents and in update of Management Information for Information Security activity – maintaining management reporting and Key Risk reporting
• To develop, review, and coordinate Information Security Awareness training, to ensure staff have a good understanding of their obligations and expectations for information Security
• To track and respond to Information Security queries and activity arising from audits (internal and external) and from Bank Head Office.
• To participate in Information Security related elements of annual Vendor risk assessments
• To develop information security guidance for business and technical functions including agreeing information security control objectives with Branch stakeholders (Business and IT)
• To assist in monitoring and response to Information Security alerts arising from IT security tools and logs
• j) To assist in Incident response and in Incident simulation exercises
• k) To assist in carrying out Information Security Roles and duties as defined in Bank procedures and policies (A4, A7-A, A7-B, Section 27, Section 61)
• l) To undertake professional development and update knowledge in industry expected practice for Information Security to ensure personal skills and knowledge of information security are appropriate for the job holder’s duties and responsibilities

Other

• j) To support the SMF24 (IT & InfoSec)
• k) To carry out such other duties as requested by the Head of Information Security or the General Manager.

QUALIFICATIONS AND EXPERIENCE

Knowledge and experience of information Security Management System (ISMS) maintenance in conformance with a recognised framework such as ISO27001, NIST or SOC2.

Preferably with a recognised certification in a governance and management-oriented discipline of Information Security (CISSP, CISM or similar).

Other qualifications related to governance assessment and reporting (such as CISA).

2+ years experience in Information Security, conducting information security reviews and guiding business and technical management in prioritising security improvement for technical and procedural Information Security measures.

Strong documentation and reporting skills.

Technical experience and knowledge of Cyber Security (up to date).

(Desirable) experience working with Security Information and Event Management (SIEM) and Vulnerability Assessment.

(Desirable) Knowledge of attack methodologies and system hardening principles including aspects of vulnerability scanning and detection and security testing.

(Desirable) experience working with MS Sentinel (SIEM), Darktrace (NDR), Carbon Black (EDR) and Qualys (VM)

If the above sounds like you please apply to this advertisement or send your CV to or call me on

Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates

#J-18808-Ljbffr