IT Security Analyst
Posted on Nov 4, 2022 by Comtecs Ltd
IT Security Officer/IT Security Analyst/IT Risk Analyst/InfoSec Analyst - Security Audits, Risk Assessments, Risk Management Framework Implementation, Security Strategy, InfoSec Reporting. Governance, Risk, Compliance, Archer, CISM, CISSP, CySA+, CASP+ etc; Security Standards. Guildford, Surrey/Remote Hybrid (2 days per week onsite). Permanent. c.£55k- £65k + Benefits
Global Insurance Company seeks an IT Security Officer/IT Security Analyst to join a team of InfoSec Analysts within a highly regulated financial services environment and take a lead role in the implementation and ongoing development of the InfoSec security framework and associated governance frameworks.
You will define and implement information security policies, procedures, and guidelines across the organisation utilising a best practice framework and oversee the identification and management of information security risks across the entire business.
It will be the responsibility of the IT Security Officer/IT Security Analyst to ensure that residual risks are identified, documented and managed through the information security risk management framework. You will ensure risk acceptances and mitigation plans are in place as appropriate, proactive management of risk governance and be responsible for refining and improving InfoSec reporting at a business and divisional level. Finally you will identify and implement continuous improvement activities for risk management processes across the wider Information Security function.
Process improvement will form a major part of this role and you will advise both the information security function as well as the overall business on potential for improvements and best practice. Governance, risk and compliance will be managed utilising tools such as Archer, or equivalent and you may look to introduce new tools over time.
We are searching for an IT Security Officer/IT Security Analyst/IT Risk Analyst/InfoSec Analyst who can bring both procedural security knowledge, experience along with technical understanding of technical environments and the application of security procedures within best practice. You will be an information security professional who holds certifications ranging from CySA+, CASP+, CCSP, SSCP, CISM, CISSP, CCSK and may have some exposure to frameworks such as COBIT, ISO27001 or have worked to FCA standards or indeed to BaFin standards within financial services.
You will be familiar with defining, implementing, and refining approaches to Information Security undertaking risk assessments and reporting results and guidance to technical teams and business stakeholders alike and working closely with senior level business stakeholders to disseminate a security focussed approach and undertake regular security status reporting activity. Additionally, you will have gained experience with Governance, risk and compliance will be managed utilising tools such as Archer, or equivalent and be able to use these to identify and implement continuous improvement activities for risk management processes across the wider Information Security function.
Excellent opportunity to work with one of the world's largest Insurance companies employing cutting edge technologies dispersed across a global enterprise. Excellent opportunity for career growth and personal development. This is a Hybrid role requiring 2 days per week onsite based at Guildford.