Information Security Specialist

Information Security Risk Management Specialist required for a global financial services firm. You will be conducting agile risk assessments on various projects, offering expert guidance, and coordinating with key stakeholders and internal teams.

Duties:

• Reviewing submissions of the Information Security Criticality Assessment (ISCA) questionnaire.
• Analysing security requirements and project criticality based on standard project activities and data classification from DP pre-screening.
• Collaborating with assigned architects to ensure that security requirements are integrated into the High-Level Design (HLD), and coordinating reviews with Enterprise Architecture, Solutions Architecture, Cyber Security, and Cyber Assurance teams.
• Evaluating security requirements and reviewing evidence provided by the scrum master to ensure all criteria are met, including:
  • Providing feedback on the ISCA questionnaire and HLD.
  • Presenting at ISCA Project Technical Reviews.
  • Attending and securing HLD sign-off from Technical Design Authority and Solutions Design Authority (SDA).
  • Acquiring Business Partner Risk Evaluation Platform (BPREP) scorecards for third-party SaaS solutions from the Security Contracts team.
  • Obtaining Identity & Access Management (IAM) assessment approvals from the IAM Team.
  • Securing compliance reports on Minimum Technical Security Baseline from QualysGuard.
  • Obtaining Cloud Permit approvals from Enterprise Architecture.
  • Conducting code reviews and analysis for in-house solutions.
  • Generating self-service vulnerability assessment compliance reports for assets in scope.
  • Coordinating with Cyber Assurance on solution penetration testing and securing necessary sign-offs.
  • Registering external-facing solutions with the Digital Hub from Cyber Assurance.
  • Preparing the ASRM Security Assessment closure report.
• Conducting a final review of all open security requirements and their statuses before providing stage gate approval (Production Go/No-go decision), ensuring adherence to firm ASRM processes.
• Storing all documentation in the IS project’s shared area.
• Updating the project register daily to maintain project status and revising the ASRM Security Assessment template to record activities. Submitting the ASRM form for final sign-off to complete risk assessments.
• Managing project RAG (Red, Amber, Green) status to ensure that amber and red trends are promptly communicated to management and the scrum master.
• Collaborating with the scrum master to support the development of risk acceptance strategies, as needed.
• Attending various meetings, including those with the scrum master, delivery squads, stakeholders, ISCA technical review, architectural design authorities, and pen testing reviews. You will challenge non-compliant design decisions, escalate issues when they arise, and propose solutions to address them.

The ideal candidate will possess an industry-recognized certification such as CISSP, CISM, or CRISC and have extensive experience in Agile project-based Information Security. A proven track record of successful delivery in a similar role is essential. Experience in the financial services sector is highly advantageous.