Address
Purpose of Job
The Analyst, IT Security, Compliance assists the IT Security Principal with IT Security Compliance objectives. This includes:
• ISO / IEC 27001 - Maintaining accredited certification
• Swift Customer Security Control Framework - evidence collection and collation for Annual Attestation
• Audit observations and actions – ensuring audit actions are addressed withing acceptable timeframes.
• Internal Control Framework – ensuring ICFs are appropriate and completed in a consistent manner.
Accountabilities & Responsibilities
- Help to maintain ISO / IEC 27001 accredited certification, this includes:
- Developing consistent and repeatable IT Security Standards, Policies, and Procedures, compliant with the international standard for Information Security Management Systems, ISO / IEC 27001: 2013.
- Contributing to Internal and external audit processes
- Assisting with risk assessments for the ISO27001 Risk Treatment Plan and Statement of Applicability
- Participating in Leadership Team updates
- Contribute to IT Security compliance with the Bank’s Internal Control Framework to ensure the accurate completion of testing schedules. This includes monitoring reports and alerts and submitting control evidence to IT Risk
- Contribute to IT Security with the Bank’s Swift Customer Control Framework and annual attestation requirements. This includes collecting and collating evidence for the IT Risk team.
- Work with IT Risk and Internal Audit to ensure audit observations and actions are consistently managed and closed within acceptable timeframes.
- Conduct regular vendor and third-party risk assessments. This includes review of Third Party Assurance Questionnaires and Security Management Plans
Knowledge, Skills, Experience & Qualifications
QUALIFICATIONS
- Educated to degree level and/or relevant and recognised professional level IT Security accreditation such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Security Plus
- ISO27001 Lead Implementer (beneficial).
KNOWEDGE / EXPERIENCE
- Knowledge and experience implementing of IT Security frameworks, policies, guidelines and standards, including the International Standard for Information Security Management, ISO/IEC 27001: 2013 and Cyber Essentials Plus.
- Experience of working with internal and external auditors and risk departments.
- In-depth knowledge of technical security solutions covering areas such as data leakage prevention, Security Information and Event Management, anti-malware, vulnerability management, threat assessment, encryption, Public Key Infrastructure, and cloud computing.
- Experience in IT Risk Management, including Third-Party Risk management
- Relevant experience in the Financial Services sector.
- Broad understanding of corporate IT infrastructures and technologies.
- Experience of successfully working under pressure to challenging deadlines.
- Ability to communicate effectively to a wide variety of audiences both within and outside of EBRD
- Ability to work both independently and as part of a team.
- Ability to operate sensitively and effectively in a multicultural environment.
- Good organisational and multi-tasking skills.
- Fluency in oral and written English is essential.
TECHNICAL SKILLS
- Experience of Security Information and Event Management and tools used to monitor compliance with Polices and Standards.
- Experience with IT Security tools, including: anti-malware, end point detection and response, proxy filtering, security baselining, data loss prevention, network access control, vulnerability management, and firewalls.
What is it like to work at the EBRD?
Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.
The EBRD environment provides you with:
- Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in;
- A working culture that embraces inclusion and celebrates diversity;
- An environment that places sustainability, equality and digital transformation at the heart of what we do.
Diversity is one of the Bank’s core values which are at the heart of everything it does. A diverse workforce with the right knowledge and skills enables connection with our clients, brings pioneering ideas, energy and innovation. The EBRD staff is characterised by its rich diversity of nationalities, cultures and opinions and we aim to sustain and build on this strength. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, sexual orientation or disabilities. As an inclusive employer, we promote flexible working and expecting our employee to attend the office 50% of their working time.
Please note, all our adverts close at 10.59pm GMT time.
