Information Security Analyst

Job Description

Job Title - Information Security Analyst

Job Market - IT Risk & Governance


Information Security Analyst - About the role

The role works alongside all levels and departments across the business, supporting, guiding and consulting to help manage IT risk and audit management

It is a non-technical role; however the individual will need to be capable of understanding technical conversations, and have the confidence to speak up about things they do not understand.

As a member of the IT Governance team the Analyst will be responsible for helping to embed a culture of Information Security within the day-to-day operations of the department, ensuring the Confidentiality, Integrity and Availability of the services provided to the enterprise.

Information Security Analyst - Key duties

Contribute to security-related initiatives such as Internal and External Information Security Audits and Vendor Management processes.

Perform information security assurance reviews of the core business and group activities, as well as third parties.

Provide guidance and assist business stakeholders with Informational Security enterprise.

Contribute to the future Information Security & IT Governance strategy.

Assist to drive and mature the implementation of ISO27001 ISMS and its ongoing maintenance and related activities such as internal audits and evidence exercises.

Provide support to the Information Security Forum. Produce monthly packs and participate in the delivery the meetings.

Recommend and implement changes in security policies and practices in accordance with legislation.

Assist with team development and communicate enterprise-wide information security related metrics and reporting to all levels, to include risks assessments, information security policy/standards approvals and exceptions, supplier security assessments.

Produce management dashboards and regularly report into the Information Security Manager to ensure timely and accurate delivery of the aforementioned duties are undertaken to achieve successful operational performances.

Deputise for the Information Security Manager at internal and external meetings.

In the absence of the Information Security Manager, work as part of a team collective to make decisions relating to Information Security in order to respond to a variety of demands.

Keep abreast of industry trends, emerging controls, and legal and regulatory changes; particularly FCA, Lloyd's, PCIDSS, GDPR and participate in industry forums to ensure compliance with Information security trends and standards.

Provide Data Governance support to the Data Governance Council by holding meetings with business stakeholders to ensure data quality standards are being met, and then produce quarterly packs and deliver the meetings.

Embody and exemplify the ERS values in all aspects of day to day activity.

Undertake all other duties as reasonably required and directed.

Information Security Analyst - Key requirements

Previous experience working in an IT risk or governance role is advantageous, however my client may also consider an application from a candidate who has knowledge of information security practices and industry standards gained from another role.

Strong Experience with PCI DSS, ISO27001.

Strong GDPR compliance knowledge.

Ideally holds certification in one of the industry standards - CISMP, CISA, CISM.

Ability to produce management information and reports to an agreed schedule or upon request.

Proven presentation and communication skills with multiple levels of an organisation, including interaction with senior level business partners within the company.

Strong influencing and relationship management skills - capability to build and maintain Customer/Supplier relationships.