London, United Kingdom
Harrington Starr are currently partnering with a leading Financial Services company based in the City.
Our client is looking for a strong Information Security Analyst to join their Risk Management Team.
The Information Security Analyst will be a key member of this team and will have the following responsibilities:
- Support the delivery of the Information Security Program.
- Identify, track and manage Information Security and Cyber Risks and ensure these risks are captured within the enterprise risk program and reported to the CRO.
- Work collaboratively with the IT department to ensure that systems are configured, deployed, and maintained in accordance with Information Security policies and standards.
- Participate in technical research and solution evaluation to enable continuing innovation for security and cyber risk management
- Manage, monitor and report on vulnerability identification and remediation status and penetration testing status to highlight and track risk
- Conduct 3rd party supplier assessments in line with vendor risk management framework.
- The role will additionally assist with project management and IT governance process adoption and support the development and management of on?going Information Security training programs.
- Information Security Program Management
- Management of day?to?day security operations of the firm, including security monitoring, incident response, threat intelligence, and vulnerability management
- Support the development of security policies and standards across the firm, along with programs, processes, and technology to ensure compliance with them. This to be in close cooperation with the global standards of the firm.
- Information Security and Cyber Risk Identification and Management
- Ensuring the firm’s compliance with regulatory and legal obligations related to information security (e.g., NIST Cybersecurity Framework)
- Coordinate and perform security audits and vulnerability assessments to assess internal security procedures and compliance requirements and track / manage identified risks
- Perform testing to evaluate new products for network and system security controls
- Respond to, and where appropriate, resolve or escalate reported security incidents
- Information Security Controls Management
- Work with relevant internal IT Application, Infrastructure, Network and Support teams to ensure that security controls are implemented at all significant and relevant phases of all IT processes
- Develop and maintain documentation for security systems and procedures and processes
- Develop and deliver security awareness training for new and existing employees of the firm