Information Security Analyst – Cyber Control Risk Assessment

Description de la mission

Information Security Analyst – Cyber control & risk assessment sought by leading insurance company based in London.
*Outside IR35 – Based in London (3 days a week onsite)*
Reporting to the Information Security Manager, the post holder will be responsible for conducting comprehensive cyber control and risk assessments across the business and its third party vendors using the NIST Cyber Security Framework (CSF).
The post holder will work together with the Information Security team in delivering against agreed deadlines whilst maintaining all aspects of information security risk management.
Responsibilities
Support the Information Security Manager in delivering the Information Security
Management System and to drive continuous improvement for information security.
Evaluate and assess cyber security controls across the business and its third party vendors to ensure compliance with the NIST CSF.
Conduct comprehensive risk assessments using the NIST CSF.
Collaborate with cross-functional teams to develop and implement risk management activities.
Use risk management techniques to identify cyber threats, risks and issues in a timely manner.
Support the creation and collection of metrics, validation of security control performance and the identification of emerging cyber risks.
Manage actions and output generated by stakeholder engagements; for example customers, regulators, internal and external auditors.
Maintain currency with emerging security trends, threat intelligence, industry standards and good practice, and security enhancing technologies.
Essential Skills, Knowledge & Experience
Sound knowledge of and experience in an Information Security role.
Experience working in a professional services environment.
Hands-on experience conducting cyber risk assessments and developing cyber risk mitigation strategies.
Hands-on experience conducting cyber security control assessments.
Hands-on knowledge and experience working with recognised security frameworks such as, NIST CSF, ISO27001 etc.
Strong interpersonal and communication skills (written and verbal), with the ability to interact with technical and non-technical stakeholders at all levels.
Knowledge of Microsoft systems (on-premise and Azure cloud), technologies, infrastructure, awareness of systems management and operational support tools would be beneficial.
Acknowledges and responds positively to exceptional events in information security to meet the objectives of the business.
Please apply within for further details or call on 07393149627
Alex Reeder
Harvey Nash Finance & Banking