Information Security Analyst

We are looking for a highly skilled and motivated Information Security Analyst to join our team. In this role, you will play a crucial part in evaluating cybersecurity controls, conducting risk assessments, and collaborating with cross-functional teams. You will support our Information Security Manager in maintaining all aspects of Information security risk management, responding to security inquiries and incidents, and ensuring compliance with relevant regulatory requirements.

• Support the delivery of the Information Security Management System and drive continuous improvement in Information security.
• Evaluate and assess cybersecurity controls across the business and third-party vendors to ensure compliance with the NIST Cyber Security Framework (CSF).
• Conduct comprehensive risk assessments using the NIST CSF.
• Identify cyber threats, risks, and issues using risk management techniques.
• Develop and conduct third-party vendor security assurance activities.
• Collaborate with cross-functional teams to develop and implement risk management activities.
• Respond to security support tickets and provide Information security support and escalation.
• Create and collect metrics, validate security control performance, and identify emerging cyber risks.
• Collaborate with the Enterprise Risk Management (ERM) team to maintain, develop, and deliver cyber risk reporting and appetite statements.
• Maintain and develop Information Security policies and procedures relevant to the current cyber threat landscape.
• Maintain, develop, and test the Cyber Incident Response Plan.
• Monitor and manage compliance with relevant cybersecurity regulations.
• Manage actions and output from stakeholder engagements, including customers, regulators, and auditors.
• Stay current with emerging security trends, threat intelligence, industry standards, and security-enhancing technologies.

• Proven experience in an Information Security role.
• Experience working in a professional or financial services environment.
• Hands-on experience conducting cyber risk assessments and developing mitigation strategies.
• Experience with cybersecurity control assessments and maintaining risk reporting and appetite statements.
• Knowledge and experience with recognized security frameworks such as NIST CSF, ISO27001, etc.
• Experience managing and maintaining cybersecurity compliance with regulatory frameworks such as FCA, PRA, NYDFS.
• Experience developing a governance framework by maintaining policies and procedures.
• Ability to meet agreed deadlines and work independently or collaboratively.
• Strong interpersonal and communication skills, both written and verbal, with the ability to interact with technical and non-technical stakeholders.
• Strong analytical, problem-solving, organization, and planning skills.
• A proactive and enthusiastic approach.
• Knowledge of Microsoft systems (on-premise and Azure cloud), technologies, infrastructure, and systems management tools.
• Ability to respond positively to exceptional events in Information security.

This is a fantastic opportunity to contribute to a company committed to continuous improvement in Information security during a time of digital transformation and growth. If you are passionate about cybersecurity and meet the above criteria, we would love to hear from you.