Information Security Risk Analyst 

Information Security Risk Analyst 

Stanton House have partnered with one of the world’s largest independent financial advisory groups. This Group provide strategy, M&A and financing advice, alongside investment and wealth management solutions, who are recruiting an Information Security Risk Analyst, to join their growing team, this role is permanent, on a full-time basis to be based in London. 

This Financial Advisory Group have been at the heart of the world's financial markets for over 200 years - this means that we have in-depth market intelligence, bringing us closer to current issues than any other global financial institution. This client has over 3000 employees spread across in 50 offices, globally. They have a strong track record of outstanding execution in three business lines: Advisory, Private Wealth and Asset Management, and Merchant Banking. 

Overview of Role

Joining the 2nd Line Information Security Risk team and reporting to the Regional Information Security Officer, the Information Security Risk Analyst will assist in the development and implementation of the cyber risk and control programme.  The primary focus of this role will be to perform control maturity assessments of both internal and 3rd party service provider controls within the context of the Group risk management framework.  This individual will manage relationships with external 3rd party suppliers and internal 1st line functions to build relevant management information relating to cyber risk and control maturity.

This role will also be involved in the wider cyber risk governance activities of the team as required. These activities may include:

• Information Security Awareness

• Cyber advice & assurance to the business and IT 

• Security benchmarking and R&D

Responsibilities

The primary responsibilities of the role are to:

• Perform 2nd level review of internal 1st level controls as defined in the Internal Control Framework and agree, and track improvement plans with the relevant stakeholders

• Ensure information security requirements are addressed when the organisation engages new service providers and provide oversight over service providers’ ongoing compliance with regulatory and internal policies and standards

• Work with IT to optimise security controls to reflect the continually changing threat environment 

• Ensure Information Security policy exceptions are managed using a risk-based approach

• Develop and maintain a record of policy exceptions and associated risk acceptance documentation

• Prepare and deliver Management Information relating to the Risk & Control programme

This role will also be involved in the following activities

• Promote information security awareness within the firm

• Perform security reviews of internal and emerging technologies

• Provide expertise and advice on information security matters

• Ensure information security technologies and related procedures are accepted and integrated with business processes 

• Stay abreast on information security trends and best practices including technologies 

Experience, Skills and Competencies Required

• Minimum of 4 years of experience, with a combination of risk management, information security and IT roles. 

• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences. 

• Stakeholder management with experience in building internal and external relationships

• Ability to act calmly and competently in high-pressure, high-stress situations. 

• Knowledge, experience and understanding of ISO27000, NIST CSF and audit processes. 

• Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines. 

• Project management skills: scheduling and resource management. 

• Degree in business administration or a technology-related field, or equivalent work-related experience 

• Desirable Qualifications - ISACA CISA or CRISC