Skip to main content

This job has expired

You will need to login before you can apply for a job.

Information Security Analyst

Employer
Pontoon
Location
London
Salary
400.00 - 400.00 GBP Daily
Closing date
28 Mar 2023

View more

Sector
IT
Job Role
Security Analyst
Job Type
Permanent

Information Security AnalystFinancial ServicesHybrid in London: 2 days per week onsite average6 monthsGBP400 per day

The Information Security Analyst role supports the Information Security Manager to enable business processes and innovative technology to deliver key business objectives in a secure manner which protects our reputation, organisational and customer data, in line with the risk appetite of the business The Information Security Analyst is responsible for enforcing the key components of the information security programme to ensure that technology products and services are secure by design and that all technology services can be delivered securely. The key disciplines within the role are:

  • Information Security: Supporting the Information Security Management System, optimising controls, policies and standards in key functional areas across the Scheme. Investigate and respond to any information security events/incidents.
  • Information Security Assurance activities: Delivering Information security assurance strategies, implementing continuous improvements, and delivering training programmes for each organisational department. Supporting Information Security audit activities.
  • Information Security Risk: Conduct risk analysis and contribute to the prioritisation of information security initiatives based on risk and business need.

My Priorities – what I will deliver

Draft information security policies, methods, and processes as necessary

Support internal audits and reviews of the Information Security Management System as part of the ISMS audit programme and management review

Generate reports on Information Security metrics, key risk indicators (KRI) and compliance for stakeholders

Support audits/assessments interface for various internal and external stakeholder requirements (i.e., ISO27001 certification, GDPR compliance assessment, audits, and regulatory reviews).

Maintain Continuous Security Improvement Plan (CSIP)

Support the ISMS, including compliance with annual reviews to ensure its continuing suitability, adequacy, and effectiveness. This annual review includes assessing opportunities for improvement and the need for changes to the ISMS

Investigate any information security incidents and implement any corrective actions

Analyses incident reports, identify root causes and planned improvement actions and prepare summary reports for management, identifying any relevant trends, ISMS performance and any further recommendations for action

Support the delivery of 3rd Party Due Diligence assessments for new & existing relationships

Conduct annual information risk assessments on information assets, supported by asset and risk owners as appropriate, and identify significant threat changes and exposure of information and information processing facilities to threats

Act as SME for Information security exercising and incident management.

Display and promote working and personal behaviours that accord with the Scheme's. Values acting as a professional role model for all staff.

Deputies for Information Security Manager as required.

My knowledge – what I need to know

Security knowledge – Any IT security certifications in one of ISO 27001, CCSP, or equivalent would be highly advantageous

Demonstrated knowledge and understanding of information risks and threats

Understanding of information security constraints and best practice.

Experience or knowledge of working with information security frameworks and standards such as ISO27001

Experience or knowledge of conducting information security risk assessments following industry standards

Awareness of data protection legislation and its application in a practical way

Experienced producing quality documentation, including management information, security dashboards, reports, policies, standards, and guidelines

Experience

Understanding of Incident Management

Experience with writing and socialising policies, standards and procedures

Understanding of information security concepts such as security architecture and design, Information security standards and information security risk assessment.

Understanding of business continuity and compliance and audit frameworks

Candidates will ideally show evidence of the above in their CV in order to be considered.Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert