Product Features
Blog
Contact Us
Sign In
IPS Group
,
London, Greater London
Information Security GRC Analysts
|
|
Job Type: Full-time |
|---|---|
|
|
Salary: £50,000 per annum |
Overview
InfoSec GRC Analyst - Insurance - Perm Our client; one of the world's largest Insurance groups are seeking a InfoSec GRC Analyst on a permanent basis to join them, reporting to the Head of Information Security. They're looking for someone to support the Head of Information Security, by ensuring the effective day to day management of tasks and processes related to information security governance, risk and compliance. Key Responsibilities: Develop and manage the information security risk register, evaluate security and privacy risks, risk remediation plans, balancing business drivers, best practices and external drivers Develop and manage the internal controls framework, linking information security risks to controls, defining metrics and capturing measurements Support the Data Protection team, managing technical controls and maintain a clear mapping to data protection risks Assist in the design of security controls and provide input to projects from the early stages of idea development Assist in the creation and maintenance of information security standards and technical specifications in collaboration with the Information Security Architect Produce insightful and high-quality management information for reporting into the Information Security Group and the Operations Committee Design audits of security capabilities, systems and processes to ensure compliance with operational standards and specifications, with a focus on automation and the reduction of manual gathering of metrics (e.g. patching levels, email security, encryption, data backup, remote access) Manage audit activities and be the main point of contact for internal and external audits Manage third party assurance activities of suppliers and affiliates Mange compliance control self-assessments and questionnaires from regulators, head office and customers Manage day-to-day operational security requests, such as information security approvals and policy exception management Oversee penetration testing services and track remediation activity Ensure that reported security incidents are logged, investigated, managed and escalated where appropriate Provide periodic security awareness training and education to the business Key requirements: Experienced within information security Experience developing and maintaining written security controls, compliance monitoring, and defining treatment strategies Experience in performing risk assessment and GITC audits Experience with compliance frameworks (ISO2001, NIST, SOX) and with advanced Microsoft Excel functions Good understanding of operating systems, virtualisation, containerisation and security sub-systems (e.g. firewalls, IDS/IPS, DLP) Good understanding of public cloud services (e.g. AWS, Azure) Experience with working within formal project management parameters Experience with creating and managing information security awareness programs Experience with scripting languages (e.g. PowerShell, SQL) desirable Ability to convey complex information simply and to work to tight schedules and operate under pressure Experience within a demanding consultancy environment desirable Desirable certifications: CISSP/CISA/CRISC/CISM/CIPP To be aware of and comply with the relevant rules and regulations in relation to financial crime & conduct If this role is of interest, please apply today for immediate consideration.