IT Security Risk Analyst


Premium Job From Bowerford Associates

Recruiter

Bowerford Associates

Listed on

21st October 2020

Location

Reading

Salary/Rate

£60000 - £61000

Type

Permanent

Start Date

30/11/2020

This job has now expired please search on the home page to find live IT Jobs.

Our client is looking for a Security Risk Analyst to be responsible for obtaining and analysing data and information, in order to identify, assess, understand, scope, score and quantify risks, mainly in the information security domain, in order to help protect the company and its customers. The role is responsible for performing risk assessments and analysing risks in various areas of the business, with a view to determine the effectiveness of security, operational, process, people and other controls; it is expected to work collaboratively with other teams to recommend risk treatment measures that are adequate and applicable to the risk itself and to the business area affected. The Analyst will have the ability to analyse disparate pieces of information (technical and non-technical), from a variety of sources and in many formats, in order to quickly and accurately assess the risk and determine its magnitude or severity. The right candidate must be able to implement and operate within a risk management framework (e.g. FAIR), to perform data analysis (qualitative and quantitative), to operate tools, to perform data synthesis and to create reports, and to communicate confidently and appropriately to various audiences.The role will involve:Perform RA (Risk Assessments) and present the results, recommend actions to address risk and drive towards best practicePerform the first (and, for the Senior Analyst, in depth) level of analysis for data acquired, produce actionable insightOwn and maintain the risk management framework and artefacts for the company (assets lists and categorisation, risk registers, RA templates, risk acceptance forms, etc)Follow (and, for the Senior Analyst, also create and improve) processes and procedures to perform risk analysis and risk management activitiesIntroduce risk management principles in our existing policies, procedures and standards; ensure they are relevant to the company and its operations, that they are kept up to date and continuously improvedFollow up with the appropriate teams for risk treatment action implementation, verification and closureCollaborate with Compliance and other teams on external (e.g. customer) and internal audits and reviews (for Senior, also conduct audits and reviews). Owns the area of certifications (e.g. ISO27001) in the InfoSec team.The right candidate will have the following experience/skills:Experience in compliance, auditing, data protection, information security, risk management or related fieldExpertise in taking policy statements and translating them into actual, implementable, risk and security controls that can be monitored, audited and constantly improved. Ability to judge their effectiveness and recommend improvements.Ability to operate data mapping and risk assessment tools and processes that identify risks to business assets and operationsProvide insight into the key areas of risk for the business and provide suggestions on mitigation/treatmentGood understanding of common information risk and security management standards, frameworks, and laws / regulations: e.g. CIS Top20, ISO/IEC 27001, NIST 800-53, BSIMM, GDPR, FAIR, etc. This a great role working in a talent close knit team. Please apply with your Word CV for more details.Please note that due to a high level of applications, we can only respond to applicants whose skills and qualifications are suitable for this position.

No terminology in this advert is intended to discriminate against any of the protected characteristics that fall under the Equality Act 2010.Bowerford Associates Ltd is acting as an Employment Agency in relation to this vacancy.

You are currently using an outdated browser.

Please consider using a modern browser such as one listed below: