About the Role
Information Security GRC Analyst - Liverpool
Hybrid (2-3 days onsite)
Our Financial Services client has an exciting vacancy within their Information Security Team for an experienced and a highly motivated Information Security Analyst. This is a brand new opportunity at a time of exciting growth within the organisation.
This role offers the chance to work in a growing & collaborative team as well as a chance for excellent progression & to develop both GRC and technical security skills within a supportive environment.
Responsibilities
- Work with all parties across the business to identify and assess risk and ensure mitigations are tracked to completion .
- Support the development and maintenance of information security policies, standards and procedures in line with regulatory frameworks and industry standards.
- Support third party risk management processes .
- Work with Security Operations and IT teams to provide oversight of vulnerability assessments and remediation activities .
- Manage security architecture reviews for new systems and services .
- Evaluate security controls and recommending improvements .
- Support the implementation of security tools and technologies .
- Provide oversight of the security incident management process.
- Provide security metrics for interested parties at all levels .
- Support the security awareness programme to promote a culture of security within all levels of the Group .
- Provide support for internal and external security audits .
Skills and Experience
- 2 - 3 years' experience in information security roles .
- Experience with risk assessment methodologies .
- Excellent analytical and problem-solving skills with attention to detail.
- Strong communication skills with the ability to explain complex security concepts to non - technical stakeholders .
- Knowledge of information security frameworks such as ISO 27001 or NIST .
- Eligibility to work in the UK.
Desirable Skills and Experience
- Experience with regulatory compliance in the financial services sector .
- Relevant security certifications .
- Understanding of security technologies and controls .
- Understanding of application security concepts and secure development practices