Our client, an established City based Bank, requires an Information Security Risk Analyst to join their growing team. The role is to ensure that projects and initiatives do not incur excessive risk and the information security risk from new technology and services is appropriately managed. They will be responsible for organising and conducting reviews on the information security framework to ensure compliance with ISO27001 and other relevant management standards, as well as identifying and escalating risks, incidents and issues as appropriate.
This role is heavily based around stakeholder management so communication skills are key. Candidates must be able to understand the full project delivery lifecycle as well as being able to work on multiple projects simultaneously. You should be able to analyse and audit solutions as well as present information and advice to senior business partners. The successful analyst will promote information security awareness throughout the company, whilst also providing suggestions and guidance to the business with regards to the execution of information security policies and procedures. Analysing information security policies and procedures, identify risks, incidents and issues in a timely manner.
Skills and experience required:
- Previous experience working within an Information Security, IT or Internal Audit function.
- CISM, CISSP or CISA certified (or aspiring to achieve).
- Prior experience within the financial industry is essential.
- Proven track record conducting reviews, audits, risk assessments or writing reports to a high standard, with strict deadlines.
- Good understanding of security policies, procedures and technologies, including ISO 27001
- Excellent stakeholder management
- Provide recommendations to manage information security risk which will include aligning the project to Policies & Standards
- Understand security policies from a control perspective and knowledge of remediation and gap analysis
- Strong analytical and documentation skills