Our client is a well-known Insurance business are currently looking to recruit an individual to undertake the role of Information Security Analyst to support the UK Data Protection Officer (DPO) in the role of Data Protection Manager to lead on information security initiatives. This is a home based role with travel to the company’s office in Merseyside as required.
The role is a Governance, Risk and Compliance (GRC) role within the second line of defence, working in collaboration with the IT Security teams to develop and improve the Information Security framework in place.
Key responsibilities include:
- Working with the business to align, maintain and develop its Information Security framework to recognised information security standards such as Cyber Essentials, ISO27001, PCI-DSS.
- Assisting with the development of policies, procedures and related practical guidance including delivery of information security training and awareness to employees.
- Reviewing and assessing the information security control framework through compliance audits, producing reports that highlight good practice, information security risks and improvement recommendations.
- Assisting with information security incident management, from triage to resolution, including the development of incident reporting capability.
- Working with business change projects to ensure information security risks are considered, including the assessment of third party supplier security frameworks and controls. Provide practical solutions to business change projects that are aligned to industry standard practice.
- Support and participate in working groups to steer information security and provide ongoing support across the organisation.
- Providing considered and practical advice to the business on information security matters.
- Ensure documentation and records are kept up to date including identifying trends and analysis.
- Keep up to date with the latest changes in industry standards, emerging threats, news and guidance.
What we’re looking for:
- Proven experience in an information security role with a good understanding of information security risk management and principles.
- A good level of technical security knowledge and understanding. Experience of working with PCI-DSS standard is desirable.
- Working towards or having an industry recognised qualification in information security such as CISM, CISSP.
- Proven experience of implementing and maintaining recognised information security standards such as ISO27001 and Cyber Essentials.
Please note, should you not receive feedback 28 days, unfortunately your application has been unsuccessful. However, we may be in touch with similar relevant opportunities.