Information Security Assurance Analyst

See more results

Information Security Assurance Analyst

Information Security Assurance Analyst

• Perform a threat modelling exercise of all projects and provide mitigating cyber security requirements to help ensure the secure delivery of compliant systems, applications and business processes
• Review both high/low level architecture definition documents for compliance against security policies, standards and regulatory requirements, defining Cyber non-functional requirements
• Attend Technical Design Authority (TDA meeting to provide security signoffs
• Work within the Security Assurance team consisting of security assurance analyst / consultants providing thought leadership across several assurance functions, and helping smooth engagements with project delivery teams
• Perform cyber security risk assessments, compliance checks, audits and reviews to ensure that appropriate security controls are in place and highlight any deficiencies and gaps for management consideration.
• Provide support in scoping and overseeing pen tests and re-tests. Review recommendations and collaborate with the relevant teams to support remediation efforts.
• Provide cyber security assurance activities by ensuring implemented solutions are a replica of agreed and approved architecture definition documents, helping to facilitate penetration testing, whilst providing security advice and guidance.
• Support to management, BAU and projects to comply with legal and regulatory requirements
• Where required, propose solutions and coordinate delivery of mitigating actions to ensure risk levels are aligned with risk appetite.
• Perform compliance checks to ensure Cyber Security controls are operating as designed.
• Ensure security assurance processes and procedures are followed and evidence retained for regulatory and audit purposes
• Support continued service improvement activities
• Provide relevant updates to monthly CNI and governance forums
• Provide relevant input to security reports to execs, shareholder and the board
• Support regulatory reporting
• Support regulatory inspections, internal and external audits and remediation of findings
• Ensure identified issues and risks resulting from security assurance activities are appropriately managed, providing visibility to senior leaders of high-risk areas
• Support the CISO and wider cyber management team
• Build and maintain relationships with key stakeholders, including the PMO and delivery teams, IT Operations and product groups, Architecture and third-party security providers.

WHAT YOU’LL BRING

• The individual should be educated to degree level in a relevant discipline. Must be CISM/CISSP/CCSP/TOGAF/CRISC/AWS Solution Architect or equivalent certified or willing to undergo certification on the job.
• Must have Security Clearance or be eligible for security cleared
• Must have experience in Cloud (IaaS, Paas, SaaS)
• Must have proven expertise in three of the following security areas: identity and access management, network security, end user security, threat modelling, Security Risk and Compliance, penetration testing,
• Must have at least 3 years’ cyber security experience
• Good understanding and practical experience of Cyber Security Frameworks and standards such as NCSC CAF, NIST Framework, ISO 27001, ISO27005, IEC62443 etc.
• Good understanding of Cyber Assurance Framework and experience with working with Regulators and providing compliance updates

Skills that will help you in the role:

• Knowledge and experience on IT Auditing/Control testing, IT Information Security and IT generic computing controls
• Knowledge of technology risk and controls including relevant tools and techniques
• Knowledge of key areas in technology risk, including operations, change, security, resilience at both application and infrastructure layers
• The suitable candidate must be a highly motivated individual.
• A proven track record as a cyber security subject matter expertise in this or other organisations is a prerequisite requirement.
• The role will require a significant attention to detail and ability to work with both a strategic, Director level as well as working with subject matter experts on detailed design issues and application, integration and data modelling.
• The successful candidate will be required to be an excellent communicator and not averse to dealing with conflict management and decision making on a regular basis.
• Desirable experience in Vulnerability Assessment and Management, Cloud Security Architecture, Application Security, Security Operations Centre and Investigations, Incident Management and Security Engineering

Information Security Assurance Analyst

• Perform a threat modelling exercise of all projects and provide mitigating cyber security requirements to help ensure the secure delivery of compliant systems, applications and business processes
• Review both high/low level architecture definition documents for compliance against security policies, standards and regulatory requirements, defining Cyber non-functional requirements
• Attend Technical Design Authority (TDA meeting to provide security signoffs
• Work within the Security Assurance team consisting of security assurance analyst / consultants providing thought leadership across several assurance functions, and helping smooth engagements with project delivery teams
• Perform cyber security risk assessments, compliance checks, audits and reviews to ensure that appropriate security controls are in place and highlight any deficiencies and gaps for management consideration.
• Provide support in scoping and overseeing pen tests and re-tests. Review recommendations and collaborate with the relevant teams to support remediation efforts.
• Provide cyber security assurance activities by ensuring implemented solutions are a replica of agreed and approved architecture definition documents, helping to facilitate penetration testing, whilst providing security advice and guidance.
• Support to management, BAU and projects to comply with legal and regulatory requirements
• Where required, propose solutions and coordinate delivery of mitigating actions to ensure risk levels are aligned with risk appetite.
• Perform compliance checks to ensure Cyber Security controls are operating as designed.
• Ensure security assurance processes and procedures are followed and evidence retained for regulatory and audit purposes
• Support continued service improvement activities
• Provide relevant updates to monthly CNI and governance forums
• Provide relevant input to security reports to execs, shareholder and the board
• Support regulatory reporting
• Support regulatory inspections, internal and external audits and remediation of findings
• Ensure identified issues and risks resulting from security assurance activities are appropriately managed, providing visibility to senior leaders of high-risk areas
• Support the CISO and wider cyber management team
• Build and maintain relationships with key stakeholders, including the PMO and delivery teams, IT Operations and product groups, Architecture and third-party security providers.

WHAT YOU’LL BRING

• The individual should be educated to degree level in a relevant discipline. Must be CISM/CISSP/CCSP/TOGAF/CRISC/AWS Solution Architect or equivalent certified or willing to undergo certification on the job.
• Must have Security Clearance or be eligible for security cleared
• Must have experience in Cloud (IaaS, Paas, SaaS)
• Must have proven expertise in three of the following security areas: identity and access management, network security, end user security, threat modelling, Security Risk and Compliance, penetration testing,
• Must have at least 3 years’ cyber security experience
• Good understanding and practical experience of Cyber Security Frameworks and standards such as NCSC CAF, NIST Framework, ISO 27001, ISO27005, IEC62443 etc.
• Good understanding of Cyber Assurance Framework and experience with working with Regulators and providing compliance updates

Skills that will help you in the role:

• Knowledge and experience on IT Auditing/Control testing, IT Information Security and IT generic computing controls
• Knowledge of technology risk and controls including relevant tools and techniques
• Knowledge of key areas in technology risk, including operations, change, security, resilience at both application and infrastructure layers
• The suitable candidate must be a highly motivated individual.
• A proven track record as a cyber security subject matter expertise in this or other organisations is a prerequisite requirement.
• The role will require a significant attention to detail and ability to work with both a strategic, Director level as well as working with subject matter experts on detailed design issues and application, integration and data modelling.
• The successful candidate will be required to be an excellent communicator and not averse to dealing with conflict management and decision making on a regular basis.
• Desirable experience in Vulnerability Assessment and Management, Cloud Security Architecture, Application Security, Security Operations Centre and Investigations, Incident Management and Security Engineering