Information Security Assurance Analyst Operations

Overview:

Our client is looking for an Information Security Assurance Analyst Operations. The aim of this role is the effective operation, reporting and evidencing of their technology and information security control environment and the overall Information Security Management System (ISMS).

• Based in Reigate
• £38,000 - £43,000
• Hybrid
• Eligibility for annual bonus, up to 15%
• 27 days holiday per annum, plus bank holidays
• Company pension scheme
• Death in service benefit
• Employee Assistance Programme

Job specification:

• Maintaining and improving our ISMS -
• Updating ISMS policies, procedures, standards, and guidance -
• Coordinate and provide necessary support in planning and completing internal ISMS reviews.
• Supplier onboarding and annual supplier security assessments -
• Maintaining and developing our security awareness and education programmes -
• Analysis of information security alerts and incidents -
• Report on incidents, risks, threats and vulnerabilities -
• Scheduling internal and external penetration and vulnerability tests and managing remediation planning
• Assist in evaluation of cyber security tools

• Manage online ISMS system.

• Assist the ISM to deliver Information Security projects
• Participate in technology and information security related audits, providing support regarding the collation and supply of evidence to requests.
• Ensuring information security controls are evaluated and effective - Identifying ISMS nonconformities - Respond to audit recommendations.

• Establish a good working relationship with all internal and external key stakeholders, and third-party vendors.

• Create reports on information security projects and activities -
• Report on information and cyber security incidents -
• Create ISMS reports based on key metrics - Articulate associated risks in both technical and non-technical terminology.
• Support the on-going review process to continually improve and refine the ISMS
• Support the ISM in performing targeted information security risk assessments.
• Identify risks, incidents, and breaches, in accordance with company policies and department procedures.

Person specification:

• Appropriate level of education or professional risk/compliance/Information Security related qualifications
• Experience within technology risk management and/or audit function would be beneficial
• Experience of working in a regulated environment / awareness of requirements such as GDPR
• Experience in the maintenance of a certified IS027001 Information Security Management System and related controls (ISO27002)
• Understanding of technology and information security risk management frameworks
• Excellent verbal and communication skills
• Excellent team player who can establish strong working relationships