Information Security Specialist

Information Security Risk Management Specialist required for a global financial services firm. You will be conducting agile risk assessments on various projects, offering expert guidance, and coordinating with key stakeholders and internal teams.

Duties:

• Reviewing submissions of the Information Security Criticality Assessment (ISCA) questionnaire.
• Analysing security requirements and project criticality based on standard project activities and data classification from DP pre-screening.
• Collaborating with assigned architects to ensure that security requirements are integrated into the High-Level Design (HLD), and coordinating reviews with Enterprise Architecture, Solutions Architecture, Cyber Security, and Cyber Assurance teams.
• Evaluating security requirements and reviewing evidence provided by the scrum master to ensure all criteria are met, including:
  • Providing feedback on the ISCA questionnaire and HLD.
  • Presenting at ISCA Project Technical Reviews.
  • Attending and securing HLD sign-off from Technical Design Authority and Solutions Design Authority (SDA).
  • Acquiring Business Partner Risk Evaluation Platform (BPREP) scorecards for third-party SaaS solutions from the Security Contracts team.
  • Obtaining Identity & Access Management (IAM) assessment approvals from the IAM Team.
  • Securing compliance reports on Minimum Technical Security Baseline from QualysGuard.
  • Obtaining Cloud Permit approvals from Enterprise Architecture.
  • Conducting code reviews and analysis for in-house solutions.
  • Generating self-service vulnerability assessment compliance reports for assets in scope.
  • Coordinating with Cyber Assurance on solution penetration testing and securing necessary sign-offs.
  • Registering external-facing solutions with the Digital Hub from Cyber Assurance.
  • Preparing the ASRM Security Assessment closure report.
• Conducting a final review of all open security requirements and their statuses before providing stage gate approval (Production Go/No-go decision), ensuring adherence to firm ASRM processes.
• Storing all documentation in the IS project’s shared area.
• Updating the project register daily to maintain project status and revising the ASRM Security Assessment template to record activities. Submitting the ASRM form for final sign-off to complete risk assessments.
• Managing project RAG (Red, Amber, Green) status to ensure that amber and red trends are promptly communicated to management and the scrum master.
• Collaborating with the scrum master to support the development of risk acceptance strategies, as needed.
• Attending various meetings, including those with the scrum master, delivery squads, stakeholders, ISCA technical review, architectural design authorities, and pen testing reviews. You will challenge non-compliant design decisions, escalate issues when they arise, and propose solutions to address them.

The ideal candidate will possess an industry-recognized certification such as CISSP, CISM, or CRISC and have extensive experience in Agile project-based Information Security. A proven track record of successful delivery in a similar role is essential. Experience in the financial services sector is highly advantageous.

We seek individuals from a diverse talent pool and encourage applicants from underrepresented groups to apply to our vacancies. Our commitment to fair recruitment processes means that we welcome applicants from all backgrounds, regardless of their lived experience or personal characteristics. We also invite applicants who meet most of the listed requirements, even if not all, to apply. If you require any adjustments to the application process, please let us know.

Barclay Simpson acts as an Employment Agency for permanent positions and an Employment Business for temporary/contract engagements.