Information Security Assurance and Compliance Specialist

McGregor Boyall

Posted on Sep 11, 2024 by McGregor Boyall
Glasgow, Lanarkshire, United Kingdom
IT
Immediate Start
£60k - £65k Annual
Full-Time

Information Security Assurance and Compliance Specialist, GRC, ISO 27000, Auditing

This is a key role for one of the leading professional services firms that are seeking an Information Security Assurance and Compliance Specialist to join this developing and growing client.

The role:

The mission of the Information Security and Risk team is to establish a risk-managed environment that enables the company to adequately and reasonably protect the confidentiality, integrity, and availability of information used by the business and on behalf of clients.

Key Responsibilities
Review proposed Client engagement contracts and SLAs and complete client due diligence questionnaires, audit requests, and competitive bids, working to Client-orientated deadlines.

Maintain a repository of standard information security responses and design effectiveness evidence for external audits, client assessments, client RFPs, etc

Maintain and uphold the firm's certifications and Information Security Management System in line with the standard, facilitate such internal and external audit exercises, plus ensure timely remediation for any identified non-conformance as is necessary to keep compliance with the ISO27001 certification.

Assess and recommend information security, governance, risk management, and compliance services and working practices that reflect emerging Client expectations and best meet, develop, and improve the firm's current and future information security environment. Assist the Information Security, IT, and other departments with the identification and measurement of security risks and help identify appropriate controls. Carry out periodic assurance of controls to ascertain design effectiveness and maturity.

Assist members of the team to carry out other workloads relating to the operation of the Information Security department during periods of higher demand or where additional resources are required.

Facilitate continual improvement by investigating and utilizing the latest technologies, such as Artificial Intelligence/Machine Learning and other process methodologies, to help transform the delivery of the services with a focus on greater efficiency and accuracy.

Identify emerging Client implications and requirements for consideration into the information security frameworks, strategy, roadmap, policies and into IT initiatives roadmap.

Stay abreast of technical, industry, regulatory, and company changes and/or trends as they relate to cyber security, the legal industry, information management, InfoSec, technological standards/trends, and IT efficiencies.

Facilitate/establish and report on monthly metrics and Key Performance/Risk Indicators relating to Client due diligence work.

Provide education and insight to members of IT and other relevant areas, relating to the requirements and expectations of Clients.

Build and maintain relationships with the team and relevant members of the Risk and Client Operations departments, share best practices, and ensure that due diligence activities are coordinated and executed efficiently.

Essential Skills and Experience

Proven experience of working in an Information Security and IT Risk Management role within a fast-paced environment.

Operational knowledge of one or more international information security standards, risk management, and control frameworks/practices, eg, ISF SOGP, ISO27001/2, ISO31000, IRAM2, NIST 800-53, and cybersecurity framework. COBIT, CPS-234 etc.

Two days required onsite each week

Information Security Assurance and Compliance Specialist, GRC, ISO 27000, Auditing

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.


Reference: 2821834309

https://jobs.careeraddict.com/post/95082998

This Job Vacancy has Expired!

McGregor Boyall

Information Security Assurance and Compliance Specialist

McGregor Boyall

Posted on Sep 11, 2024 by McGregor Boyall

Glasgow, Lanarkshire, United Kingdom
IT
Immediate Start
£60k - £65k Annual
Full-Time

Information Security Assurance and Compliance Specialist, GRC, ISO 27000, Auditing

This is a key role for one of the leading professional services firms that are seeking an Information Security Assurance and Compliance Specialist to join this developing and growing client.

The role:

The mission of the Information Security and Risk team is to establish a risk-managed environment that enables the company to adequately and reasonably protect the confidentiality, integrity, and availability of information used by the business and on behalf of clients.

Key Responsibilities
Review proposed Client engagement contracts and SLAs and complete client due diligence questionnaires, audit requests, and competitive bids, working to Client-orientated deadlines.

Maintain a repository of standard information security responses and design effectiveness evidence for external audits, client assessments, client RFPs, etc

Maintain and uphold the firm's certifications and Information Security Management System in line with the standard, facilitate such internal and external audit exercises, plus ensure timely remediation for any identified non-conformance as is necessary to keep compliance with the ISO27001 certification.

Assess and recommend information security, governance, risk management, and compliance services and working practices that reflect emerging Client expectations and best meet, develop, and improve the firm's current and future information security environment. Assist the Information Security, IT, and other departments with the identification and measurement of security risks and help identify appropriate controls. Carry out periodic assurance of controls to ascertain design effectiveness and maturity.

Assist members of the team to carry out other workloads relating to the operation of the Information Security department during periods of higher demand or where additional resources are required.

Facilitate continual improvement by investigating and utilizing the latest technologies, such as Artificial Intelligence/Machine Learning and other process methodologies, to help transform the delivery of the services with a focus on greater efficiency and accuracy.

Identify emerging Client implications and requirements for consideration into the information security frameworks, strategy, roadmap, policies and into IT initiatives roadmap.

Stay abreast of technical, industry, regulatory, and company changes and/or trends as they relate to cyber security, the legal industry, information management, InfoSec, technological standards/trends, and IT efficiencies.

Facilitate/establish and report on monthly metrics and Key Performance/Risk Indicators relating to Client due diligence work.

Provide education and insight to members of IT and other relevant areas, relating to the requirements and expectations of Clients.

Build and maintain relationships with the team and relevant members of the Risk and Client Operations departments, share best practices, and ensure that due diligence activities are coordinated and executed efficiently.

Essential Skills and Experience

Proven experience of working in an Information Security and IT Risk Management role within a fast-paced environment.

Operational knowledge of one or more international information security standards, risk management, and control frameworks/practices, eg, ISF SOGP, ISO27001/2, ISO31000, IRAM2, NIST 800-53, and cybersecurity framework. COBIT, CPS-234 etc.

Two days required onsite each week

Information Security Assurance and Compliance Specialist, GRC, ISO 27000, Auditing

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

Reference: 2821834309

CareerAddict

Alert me to jobs like this:

Amplify your job search:

CV/résumé help

Increase interview chances with our downloads and specialist services.

CV Help

Expert career advice

Increase interview chances with our downloads and specialist services.

Visit Blog

Job compatibility

Increase interview chances with our downloads and specialist services.

Start Test

Similar Jobs

Network Engineer

Glasgow, Lanarkshire, United Kingdom

Reconciliations Analyst

Glasgow, Lanarkshire, United Kingdom

IT Systems Administrator

Glasgow, Lanarkshire, United Kingdom

Workforce Planning Manager

Glasgow, Lanarkshire, United Kingdom