Information Security Analyst 2022/8 - City of London

IT/Information/Cyber Security
Ref: 14 Date Posted: Monday 16 Jul 2018
LinkedIn ShareShare
More
The role sits in a dynamic Investment Company, focused on delivering multi-manager investment propositions. Our consistent investment process enables us to
design multi-manager solutions as well as act as a centre of investment excellence.
 
The role of Information Security Analyst will work closely with the Chief Information Security Officer to ensure the business is secured and compliant with all relevant requirements.
 

What you will be doing:

 
The Information Security Analyst will support the Chief Information Security Officer to ensure the business is secured and compliant with all relevant requirements, by:
• Managing operational security activities to ensure an efficient response to the increasing cyber security threat
• Providing support to internal stakeholders on security topics to ensure risk mitigation
• Contributing to the information security strategy definition and implementation projects
 
Information Security Operations activities:
• Take ownership of the information security incident and alert management, including:
    o Defining, reviewing and executing processes and procedures to qualify and manage security incident response including the production of security dashboards
• Take responsibility for the control and assurance activities to ensure security goals are met and risks are monitored, this includes:
    o Defining an annual security controls plan and associated procedures
    o Executing security controls and handle related anomalies with the involved stakeholders 
Security advisory and support to the business
• Provide technical specialist advice and expertise to internal stakeholders
• Provide proactive input to project management teams to ensure security aspects are being considered
• Conduct information risk assessments for existing solutions and for new projects
• Define and escalate 3rd party management to minimise security risk
• Contribute to the information security strategy definition
• Provide support to define, implement and own the information security and IT risk policies, frameworks, standards, improvement plans and best practice for the wider business
• Contribute to the formalisation of the security documentation to define and produce related KPIs to manage these activities and contribute to related governance
• Manage the IT Risk and Security function across the business
 

What we can offer you

 
As you’d expect from a global leader, our reward package is a world-beater – here’s a small selection of our current benefits.
• Competitive salary and the opportunity for personal development
• 28 days holiday (with the option to buy up to 5 additional days, or sell up to 3 days)
• Discretionary annual bonus scheme linked to the performance of the Organisation
• Private medical insurance
• Pension scheme with competitive employer contributions as well as your own
• Interest free season ticket loan scheme
• Opportunity to join the Organisations Share Plan Scheme
• Discount on the Organisations Financial products
• Numerous other flexible benefits and product discounts on offer
 

Who are we looking for?

 
You will:
 
• Have CISM / CISSP or an equivalent professional security qualification
• Be able to show a considerable amount of experience (min 5 years) within information security risk within a large commercial organisation
• Demonstrate a significant IT background and technical knowledge of the main security topics encountered in the context of business application projects (IAM, encryption, development security, etc.) and related solutions to meet them
• Have an understanding of system life cycles, integration and their impact on information security
• Have the ability to work autonomously appropriately direct the work of the team as necessary
• Be able to achieve consensus on the 'best' approach in the circumstances with stakeholders and the ability to negotiate at management level
• Demonstrate the ability to effectively operate and manage 3rd party constraints and auditors
• Have the ability to present information concisely and to clearly identify key issues at management level
• Demonstrate experience of the financial service industry (in particularly to understand the FCA legislative impacts on security) preferred