Senior Information Security Analyst
15-month FTC
London/Hybrid
To £100k plus bonus plus Benefits
ISO27000, NIST, Risk, IT Security
Senior Information Security Analyst is required for a 15-month maternity cover at prestigious financial services organisation. This role will join their Information Security Risk team within the Group Risk Function. This is a supervisory role managing a team of two Information Security Analysts.
Key Responsibilities:
- Adherence to the Information Security Standards by control owners
- Training and Awareness Programme
- Phishing Tests of staff, reporting and training
- Actionable Threat Intelligence including Domain Monitoring, Social Media and Deep and Dark Web monitoring
- Data Loss Prevention/Detection - monitoring staff’s use of email and web usage to detect any non-adherence of acceptable use
- Committee papers showing KPIs/KRIS and supporting documentation.
- Third Party Reviews of suppliers
- Managing annual risk assessment process and presenting results to senior management.
- Performing analysis and testing of controls within our internal environment.
- Managing the training and awareness program from employees globally including;
- Evaluating the trends in Human Risk, using available technology to understand the areas that require staff to be trained in
- Designing and releasing eLearning modules for all staff
- Participating in Cyber Security awareness month and organising educational activities.
- Writing global communications.
- Working with IT and the business to deliver key certifications and meeting ever changing regulations.
- Conducting timely Information Security assessments of third-party suppliers, recording results accurately and initiating appropriate responses.
- Participating in ad hoc projects to provide analysis on Information Security risks
- Manage the data incident process/es to investigate any potential breaches highlighted
- Organise Information Security Education and Awareness campaigns including phishing simulations and producing regular and ad-hoc group metrics
- Work with IT to optimise security controls and improve the firm's external cyber posture to reflect the continually changing threat environment
- Prepare and deliver Management Information relating to the Risk & Control programme
Key Requirements:
- Min. of 5 years of experience, with a combination of risk management, Information Security and IT roles
- Previous line management experience
- Knowledge, experience and understanding of ISO27000, NIST CSF and audit processes
- Excellent analytical skills, the ability to manage multiple projects under strict timelines
- Degree in business administration or a technology-related field, or equivalent work related experience
- Desirable Qualifications - ISACA CISA or CRISC
For a full consultation please email your CV to Arc IT Recruitment.