Information Security Governance Analyst
- Employer
- KPMG
- Location
- Aberdeen, Birmingham & Other locations
- Salary
- Competitive
- Closing date
- 16 Aug 2022
View more
- Sector
- Consultancy
- Job Role
- Risk Analyst
- Job Type
- Permanent
You need to sign in or create an account to save a job.
Job description
ROLE TITLE AND CONTEXT
Title: Information Security (IS) Governance Analyst
Business unit: Enterprise-Wide Technology
Department: Information Assurance, Information Security
REPORTING RELATIONSHIPS
Reports to: Information Security (IS) Governance Lead (Grade B)
Direct reports: None
JOB PURPOSE
The Information Security Governance Analyst will be part of the 2nd line of defence and will be responsible for supporting the Information Security Governance Lead to deliver strategic objectives.
KEY STAKEHOLDERS
KEY RESPONSIBILITIES
KNOWLEDGE, EXPERIENCE AND SKILLS
ROLE TITLE AND CONTEXT
Title: Information Security (IS) Governance Analyst
Business unit: Enterprise-Wide Technology
Department: Information Assurance, Information Security
REPORTING RELATIONSHIPS
Reports to: Information Security (IS) Governance Lead (Grade B)
Direct reports: None
JOB PURPOSE
The Information Security Governance Analyst will be part of the 2nd line of defence and will be responsible for supporting the Information Security Governance Lead to deliver strategic objectives.
KEY STAKEHOLDERS
- Director of Information Assurance
- Information Security Risk and Compliance Teams
- Information Security Operations Teams
- Information Security Architecture and Advisory
- Capability Business Units stakeholders
- KPMG's Enterprise and Capability Risk /Governance functions
- Awareness and Education Team
KEY RESPONSIBILITIES
- Maintain information security policies, processes, standards and procedures.
- Conduct reviews and evaluate policies, standards, processes and procedures as directed.
- Maintain the Information Security Common Control Framework, connecting with Risk and Compliance teams to implement changes.
- Provide advice, guidance, and support to the firm on information security policies, standards and controls.
- Provide support for internal and external audits; ISO27001, PCI-DSS, Cyber Essentials and Cyber Essentials+, SOC2 and other security compliance programmes.
- Analyse data to provide insights on the governance, risk and compliance maturity and effectiveness.
- Provide capability line reporting on key risk and controls including key performance indicators and metrics.
- Provide reporting on remediation progress and next steps. including regular review of compliance remediation activities.
- Demonstrate and maintain expertise in information security governance, threats and vulnerabilities, legal and regulatory changes.
KNOWLEDGE, EXPERIENCE AND SKILLS
- A minimum of 3 years' experience in an information security governance role, with 2+ years' experience in an analytical role.
- Demonstrable work experience in developing and maintaining Information Security policies and controls frameworks.
- Good knowledge and practical experience utilising global frameworks including I SO 27001, ISO 27701, CIS, SOC 2 Type 1/2 Report, PCI-DSS, NIST Cybersecurity framework and ISF.
- Good understanding of privacy requirements (including GDPR, ISO 27701, etc.).
- Good working knowledge of the IT security aspects of IT infrastructure (network and servers) and services, including Cloud computing and application security.
- Excellent written and verbal communication skills, including report writing.
- Strong analytical and problem-solving skills.
- Security certifications preferred (CISSP, CISM or equivalent).
- Experience of working with automated continuous controls monitoring tools would be beneficial.
You need to sign in or create an account to save a job.
Get job alerts
Create a job alert and receive personalised job recommendations straight to your inbox.
Create alert