Login
Register
facebook
07989475537
Menu
About Us
Industry Sectors
The Team
Jobs
Events
Privacy Statement
Login
Register
Job Search
Any Type
Permanent
Contract
Any Discipline
Business Continuity
Business Risk/Compliance
IT Audit
IT/Information/Cyber Security
Information/Business Risk
Developers/DevSecOps
Any Location
Berkshire
Bristol
Buckinghamshire
Cambridgeshire
Cheshire
Cornwall
Cumbria
Derbyshire
Devon
Dorset
Durham
East Sussex
East Yorkshire
Essex
Gloucestershire
Hampshire
Hertfordshire
Kent
Lancashire
Leicestershire
London
Lincolnshire
Manchester
Middlesex
Newcastle upon Tyne
Norfolk
Northamptonshire
Nottinghamshire
Oxfordshire
Shropshire
Somerset
Staffordshire
Suffolk
Surrey
West Sussex
Warwickshire
Bedfordshire
West Midlands
West Yorkshire
Wiltshire
Worcestershire
Scotland
Wales
Denmark
Qatar
New Item
Anywhere in the UK
Home
M25
Information Risk Specialist
-
City of London
IT/Information/Cyber Security
Ref:
151
Date Posted:
Monday 13 Mar 2023
Share
Company: Financial Services
Location: Hybrid - City of London
Reports to Information Risk Manager
Salary: £80,000
Benefits: Generous
No. Required: 1
Start Date: ASAP
The Role
As the Information Security Risk Specialist, you shall support the Information Risk Manager which has responsibility for all Governance Risk and Compliance activities in the designing of appropriate policies and organisational controls. You will ensure that the control environment supports the mission of enterprise software vendor, operator of the Corda Network and Managed Services provider.
You'll be used to working in environments with mature security controls, but have the insight to bring a risk-based approach to a fast-moving company with a start-up culture. This is an opportunity to help "write the book" on building security assurance and good security practices for enterprise blockchain.
Responsibilities
Support the Information Risk Manager in the delivery of security governance, risk and compliance activities globally.
Drive the different types of security risk assessments across different business lines and manage risks via the risk register.
Ensure assurance activities are appropriately implemented across different business lines, and as required, you will be required to test the effectiveness of those controls.
Conduct security assessments and due diligence activities of critical 3rd party suppliers/vendors. This shall include liaising with key stakeholders such as IT, Legal and Business Resources.
Support customer due diligence activities, contract reviews and customer security review activities as necessary.
Support the Information Risk Manager and the wider Security team in the development, operation and maintenance of the security control environment (ISMS) including information security policies, standards and guidelines.
Identify emerging security requirements from our clients and ensure that capabilities to meet those are baked-in to our products and services.
Have a firm understanding of implementing mature security controls/practices across the organisation and engaging with stakeholders across the business.
Qualifications
You'll have 3/5 years of experience in a direct information security role specialising in governance, risk and compliance activities.
We believe that we work better as a team, and hope you share that belief. You'll be working in a diverse group of people with a variety of skills and backgrounds, a high level of emotional intelligence will be assumed.
You'll need excellent communication skills, both verbal and written. You should be confident in explaining security terms and principles to an audience who may not be familiar with the underlying concepts.
You will assist in defining the ISMS and controls assurance environment creating the appropriate documentation/evidence to support external assessments.
Working knowledge of ISO 27000 or NIST Cyber Security Framework would be great, but experience with other recognised standards will be acceptable.
You should have worked in an organisation certified to ISO 27001 or gained SOC2 certification. You will have been part of this journey and understand the controls needed to achieve different certifications.
A firm understanding of the security practices which should be adopted for different legal and regulatory requirements such as PCI-DSS, GDPR, or different regulatory bodies.
Have responsibility for conducting security assurance/assessment activities and able to demonstrate process improvements to enhance the maturity of security controls.
You will have a solid appreciation of the variety of technical controls including endpoint security, identity and access management, network security controls (firewalls, VPN), intrusion detection and security event management/log analysis tools.
You won't be expected to be hands-on with these tools, but you'll certainly need to be aware of how they fit within the control environment which you will help to design and operate.
An MSc in Information Security or a CISSP, CISM, CISA. Appropriate career experience is just as important though. Be prepared to tell us all about that experience.