Information Security Compliance Analyst

Company Description

Evelyn Partners is the UK’s leading integrated wealth management and professional services group, with over 186 years of experience in helping generations of people and businesses to thrive. We offer an extensive range of financial and professional services to individuals, family trusts, professional intermediaries, charities and businesses.

We provide an award-winning service for our clients by employing the best people. Join us on our mission to place the power of good advice into more hands because we believe that everyone deserves access to good advice, regardless of where they’re at in their financial journey.

An exceptional track record of growth and innovation is driven by our core values of: Personal, offering advice based on a true understanding of what matters to our clients; Partnership, working with our clients in a joined-up, collaborative way; and Performance, demonstrating a breadth and depth of advice expertise to deliver first-class results.

Read more about us and available career opportunities here: Wealth, accountancy and business advisory services | Evelyn Partners and Careers | Evelyn Partners

Job Description

Job purpose

Evelyn Partners is looking for an Information Security Compliance Analyst with expertise in risk assessments, risk treatment advisory, third party assessments, Security Compliance and security assurance.

The candidate must have an ability to perform as a productive and pragmatic member of an Information Security team. The position will require the execution of day-to-day Information Security risk management activities and the enhancement of the overall effectiveness and efficiency of the Information Security risk management capabilities across Evelyn Partners. The successful candidate will also play a crucial role in ensuring our organisation's compliance with Information Security standards and frameworks, particularly Cyber Essentials, ISO 27001 and NIST Cybersecurity Framework (CSF) v2.

The successful candidate will need to work out of our Liverpool office at least two days per week.

Key Responsibilities

• Perform internal Information Security risk assessments and recommend mitigation actions / solutions.
• Collaborate with stakeholders and project teams to define security requirements based on scope, objectives, data, and technologies.
• Maintain risk registers and mange escalations, re-assessments, risk acceptance and risk exceptions.
• Evaluating and identifying new and current Information Security risks using both internal sources (audit findings, penetration test results etc.) as well as external sources (threat intelligence feeds, industry specific treat advisories)
• Continuously review security controls to assess changes in residual risk and the sufficiency of compensating controls.
• Review and manage security risk exception requests, ensuring timely reviews before expiry.
• Prepare reports with risk metrics, trends, findings, and ratings for key stakeholders.
• Assist in managing the ISMS, including audits, risk assessments, incident management, reporting, and security awareness.
• Maintain certifications, such as Cyber Essentials / ISO27001 / NIST CSF v2, against a backdrop of a growing firm and evolving regulations, technology and processes.
• Assist in developing control testing and assurance strategies, to ensure that organisation-wide security controls are meeting their objectives.
• Collaborate closely with internal and external stakeholders and SMEs.
• Identify best practices, develop technical standards, processes, and policies, and advise stakeholders on security.
• Develop and implement security policies, standards, and documentation ensuring compliance with legal regulations.
• Drive continuous improvement and contribute to internal and external cybersecurity collaboration.
• Serve as the security point of contact, guiding technology teams and business stakeholders.
• Engage with security allies to drive security initiatives and promote a risk-aware mindset.
• Remain current on industry standards for security in a technology environment.
• Ensure alignment with standards, recommend control improvements, and evaluate risks to confidentiality, integrity, and availability.
• Advise and guide business services on maintaining compliance with relevant legislation and security frameworks.

Qualifications

Key Skills and Experience

• Information Security experience is desirable.
• The ability to work proactively, pragmatically and collaboratively in a fast-paced working environment, balancing multiple concurrent activities.
• Experience managing internal and third-party vendor risk assessments and writing risk assessment reports.
• A record of accomplishment of effectively analysing security controls, while understanding the risk of certain controls not being in place.
• Experience working in an Information Security role dealing specifically with governance, risk and compliance areas is preferred.
• Prior experience writing Information Security related Policies, Processes and Procedure is desirable.
• The ability to effectively communicate security risks and impact to various business (often non-technical) stakeholders.
• Experience in using standards such as ISO 27001 (Implementation, Compliance, Certification, and audit reviews), NIST CSF, and Cyber Essentials is desirable.

Professional Qualifications and Education

• Degree or equivalent in Information Technology or Risk Management is preferred.
• Certification in cloud architectures is advantageous, especially Microsoft Azure
• Certification in Information Security domains is preferred, especially around ISO27001.

Additional Information

As a colleague here at Evelyn Partners, you will have access to benefits that include:

• Competitive salary
• Private medical insurance
• Life assurance
• Pension contribution
• Hybrid working model (role dependant)
• Generous holiday package
• Option to purchase additional holiday
• Shared parental leave

We are proud to value the differences that a diverse workforce brings, representative of society and our clients.  At Evelyn Partners we have a wide range of highly active employee resource groups and we’re delivering multiple diversity, equity and inclusion initiatives across the organisation.  It is our commitment to provide a workspace where all colleagues, regardless of identity, background, or circumstance, feel respected as individuals and feel that they can achieve their full potential and work in a safe, supportive, and inclusive environment. 

We are happy to make any reasonable adjustments to accommodate for your needs throughout the application process.  Please let your Recruiter know.