Information Security Analyst

Information Security GRC Analyst required for a leading financial services firm. The role will be centred on developing and implementing their IT GRC Framework.

Overview:

• Implementation and continuous development of the IT GRC frameworks, encompassing the wider Group IT activities.
• Supporting IT risk management, focusing on technical IT risk assessments and documenting IT risks.
• Assisting with reviewing and documenting IT risks associated with IT exceptions.
• Supporting risk owners to define remediation plans and tracking remediation activities.
• Assessing compliance with IT control requirements defined in Policies and Standards.
• You will need to have strong stakeholder management skills and collaboration skills as you’ll be working closely with the Group IT team and our outsourced IT Infrastructure partner to coordinate efforts.

Responsibilities

Risk:

• Processing day-to-day operational and information security technical IT risks/IT exceptions within the IT Risk Register.
• Assisting the IT risk owner with assessing technical IT risks and documenting remediation plans.
• Establishing formal reporting of technical IT risk within Group IT and to 2nd line.
• Assisting with annual Group IT operational risk assessments.

Compliance:

• Supporting IT control compliance activities, eg annual review of IT controls, including assessing the maturity score.
• Assisting IT control owners with the ongoing self-assessment of IT controls to assist with 2nd line permanent control checks.
• Coordinating IT control attestations within Group IT and with third party service providers.

Governance:

• Assisting with the implementation of the IT risk and IT control management frameworks, and communication within Group IT.
• Conducting governance reviews based on agreed frequencies.
• Documenting IT risk and IT control management processes.
• Supporting formal GRC reporting activities.

Experience

• 3-5+ years of Information Security Governance, Risk and Compliance experience.
• Knowledge of information security risk management frameworks and compliance practices.
• Knowledge and familiarity with the DORA regulation is desirable.
• Exposure to and understanding of IT Infrastructure and Business Applications areas.
• Experience of working with Internal and External audit teams.
• Proven ability in working across multi-disciplinary and multi-cultural, diverse environments.
• Excellent written and oral communication skills, with strong interpersonal skills at all levels.
• Strong presentation skills (written and verbal).
• Industry recognised technical certifications such as ITIL, CISSP or similar would be desirable, but not essential.
• Fluency in French would be desirable, but not essential.