Information Security/Risk Analyst

My client, an international FinTech, based in London, are looking for an Information Security Analyst to join their growing team.

About the Information Security Analyst role:

This position is to support the Technology & Information Risk Management team with the implementation and operationalizing of the firm’s Risk Management Framework. The successful candidate will leverage subject matter expertise to provide special review and credible challenge to manage the technology and information security risk profile across my client. The Information Security Analyst is a key member of the Technology & Information Risk Management team and is responsible to carry out processes designed by my client for the purpose of implementing an effective risk-based system to identify, measure, monitor, and control technology and information security risks.

Essential Function:

• Assist in the creation of key risk management reports to drive operational effectiveness and highlight trend analysis
• Participate in enterprise-wide risk assessments to track recommendations and prepare relevant materials
• Identify opportunities for information security control improvements to deliver increasing operational efficiencies
• Assist in projects driving the enhancement of risk frameworks and assist with implementation of best practices
• Provide independent review and credible challenge of the technology and information security risk profile and all associated framework components, e.g. risk and control self-assessments, control testing, incident management, metrics and indicators, risk appetite, finding management, and reporting
• Identify and assess technology and information security risks and incidents related to key systems supporting my client's services and the broader impact to the financial ecosystem
• Provide subject matter expertise to business units to drive ownership and progress of correction action plans
• Be a respected point of contact to stakeholders across the business and technology functions in providing operational risk coverage for technology and information security risk
• Maintain and oversee relevant policies, standards, and procedures related to my client's processes.

Experience:

• At least three years of experience related to operational risk management with focus on technology or information security
• Broad-based technology experience at substantial scale and complexity in a global, highly regulated, high-volume transaction environment. Experience must include time operating within transaction services environments characterized by the need for continuous availability and the highest levels of security
• Comfortable working in a complex matrixed organization, ideally in a global firm with a dynamic and rapidly changing environment.

Qualifications:

• B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent)
• Relevant certification is desirable, e.g., AWS CCP, CISSP, CISM, CISA, CRISC, CCNP, MCSE
• Working knowledge of Risk Management life cycles based on an established framework: NIST CSF, NIST SP 800-53, ISO 27001, SANS, CERT, ENISA, CSA, OACA, ISACA, FFIEC
• Proficiency in MS PowerPoint and Excel, experience in broader MS Office suite, including Project and Visio is a plus
• Experience in Archer GRC is a plus.　

If the above is of interest and you would like to find out more please apply to this advertisement or call me on 0207 509 8040 to find out more.