Information Security Risk Analyst

The Role:

Information Security Risk Analyst is required by financial services organisation. This role will join the 2nd Line Information Security Risk team within the Group Risk Function. The key function of this role will be to investigate potential data incidents or breaches identified by Data Loss Prevention technologies or using other threat hunting techniques, working closely with IT, HR and internal stakeholders as well as perform control maturity assessments and monitor 3rd party service providers within the context of their risk management framework. This individual will manage relationships with external 3rd party suppliers and internal 1st line functions to build relevant management information relating to cyber risk and control maturity.

You will also be involved in the wider cyber risk governance activities of the team as required including Information Security awareness, cyber advice & assurance and security benchmarking and R&D.

Key Responsibilities:

Key Responsibilities:

• Manage the data incident process/es to investigate any potential breaches highlighted by DLP technologies
• Develop and mature threat hunting techniques to detect potential data breaches
• Assess new suppliers to ensure they can meet our ongoing compliance with regulatory and internal policies and standards
• Ensure information security requirements are addressed when the organisation engages new service providers by reviewing and determining the right information security contract clauses are included in 3rd party contracts
• Work with internal stakeholders to ensure the right controls in place when designing any new solution hosted with a 3rd party
• Monitor the Cyber Posture of our key suppliers and work with internal stakeholders to address any issues
• Identify and implement improvements in the overall information security due diligence process
• Work with IT to optimise security controls and improve the firm’s external cyber posture to reflect the continually changing threat environment
• Prepare and deliver Management Information relating to the Risk & Control programme

Key Requirements:

Key Requirements:

• Min. of 2 years of experience, with a combination of risk management, information security and IT roles.
• Knowledge, experience and understanding of ISO27000, NIST CSF and audit processes.
• Excellent analytical skills, the ability to manage multiple projects under strict timelines.
• Degree in business administration or a technology-related field, or equivalent work related experience
• Desirable Qualifications – ISACA CISA or CRISC