Security Analyst - 12-month Inside IR35 contract
Posted on Nov 4, 2022 by McCabe & Barton
Manchester, Lancashire, United Kingdom
23 Jan 0009
£35 - £35 Annual
- 12-month contracting opportunity at a Big 4 consultancy
- Hybrid working model
- Locations: London/Leeds/Manchester
- Competitive Inside IR35 day rate
- Deliver third-party risk and assurance transformation programme
- Engage and manage stakeholder groups to ensure the successful delivery of transformation objectives
- Build a sustainable process and measurement systems to ensure information security policies and client requirements are maintained
- Implement automation roadmap
- Preparing reports as required
- Lead the management of necessary remediation by effectively working cross-functionally with various business units/functions and capabilities.
- Assist in providing reporting on remediation progress and next steps, including regular review of compliance remediation activities.
- Contribute to the development of compliance reporting, including regular updates to senior management on third party risk and assurance
- Contribute to ad-hoc assignments/special projects.
- Evaluate the effectiveness of risk management, control and governance processes and suggest improvements.
- Review data for a variety of processes to identify trends, anomalies and transactions which require additional review
- Provide input to the annual internal audit and compliance programme as directed.
- Occasional travel may be required.
Knowledge, Experience and Skills Required:
- A minimum of 5 years experience in an information security third-party risk subject matter expert role
- Demonstrable work experience in delivering and maturing Information Security Third Party Risk and Assurance activity
- Strong knowledge and practical experience in delivering utilizing global frameworks including ISO 27001, ISO 27701, CIS, SOC 2 Type 1/2 Report, PCI-DSS, NIST Cybersecurity Framework, and ISF.
- Good understanding of privacy requirements (including GDPR, ISO 27701, etc.).
- Strong working knowledge of the IT security aspects of IT infrastructure (network and Servers) and services, including Cloud computing and application security.
- Excellent written and verbal communication skills, including report writing.
- Strong analytical and problem-solving skills.
- Experience in the implementation of automation and vendor assessment tools is required.
- Proven track record building strong relationships across multiple business functions
- Security certifications preferred (CISSP, CISA, CISM or equivalent).
- Ability to deal effectively with conflict