Information Security Analyst
Reference No: 2028/15
Location: City of London
Reports to: Head of Information Security
Benefits: Very generous
No. Required: 1
Start Date: ASAP
Assist the global information/cyber security and privacy function in the delivery of the company’s information/cyber security and privacy programmes.
Responsibilities of this role will include, but are not limited to:
• Assist in the operations of the information/cyber security and privacy function ensuring its smooth and effective functioning, that standards, objectives and accountabilities are clearly defined and communicated, that control systems are in place and all aligned to global strategy.
• Act as a source of technical expertise, providing advice and guidance on information/cyber security and privacy.
• Building strong relationships with internal clients, demonstrating an understanding of their business and how information security and privacy can add value to it.
• Collaborate on group wide issues including implementation and further development of information/cyber security, privacy and policies, guidelines and processes.
• As required, provide training to employees, marketing partners, or other third parties, ensuring proper information handling in accordance with policies and procedures.
• Perform information/cyber security risk analysis on initiatives. Ensure that the group’s information/cyber security risks are consistently analysed and reported to local management.
• Assist the IT department in the development and monitoring of relevant security plans and internal control systems throughout the organisation's network, and act as a liaison to IT.
• As normal in an IT operational environment, projects and problems may demand evening and weekend working. This will be scheduled in advance as far as possible.
• Adopt the Organisations culture of Professionalism, Integrity, Effectiveness and Dynamic attitude that contribute to an internal environment of teamwork and promote a positive brand image to our external customers.
• Comply with procedures, policies and regulations relevant to your role. Undertake relevant training on policies and procedures as delivered by your line manager, the Talent Management development or assurance teams (compliance, risk, and internal audit) either directly, via e-learning or the learning management system.
• Comply with any specific responsibilities necessary for your role as outlined by your line manager, the Talent Management development or assurance teams (compliance, risk, internal audit) and ensure you keep up to date with developments in these areas.
• Ensure that you uphold the principle of Treating Customers Fairly.
• Carry out additional responsibilities as individually notified, either through your objectives or through the learning management system. These may include, among others, European Strategy Team, US Management team or membership of any committees.
All IT, Compliance, Data Management, Risk Management, Commercial Management, Talent Management, General Management and Underwriting and Claims Operation Staff, Information Security Committee, Suppliers
Education and Qualifications
• Degree level education, or equivalent work experience
Skills and Abilities
• Excellent communications skills.
• The ability to prioritise work and deliver results in a pressurised environment
• The ability to develop and manage stakeholder relationships
• The ability to work collaboratively
• An understanding of the various data management regulatory requirements.
• The ability to communicate technical concepts to a broad range of staff and management.
Knowledge and Experience
• Proven experience in information/cyber security
• Knowledge of common information security management frameworks, such as International Standards Organization (ISO) 17799/27001, National Institute of Standards and Technology NIST, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (CobiT) frameworks.
• Knowledge of the process of performing risk, business impact, control and vulnerability assessments, and defining mitigation strategies.
• Knowledge of common cyber-attacks, and ways to protect organisations and individuals from the unauthorised exploitation of systems, networks and technologies.
• Have awareness of mainstream operating systems (for example, Microsoft Windows) and a wide range of security technologies, such as network security appliances, identity and access management systems, anti-malware (malicious software) solutions, automated policy compliance and desktop security tools.
• Experience in financial services/insurance is desirable, but not required.
• International experience is desirable, but not required.