Our client is looking for a Security Risk Analyst to be responsible for obtaining and analysing data and information, in order to identify, assess, understand, scope, score and quantify risks, mainly in the information security domain, in order to help protect the company and its customers. The role is responsible for performing risk assessments and analysing risks in various areas of the business, with a view to determine the effectiveness of security, operational, process, people and other controls; it is expected to work collaboratively with other teams to recommend risk treatment measures that are adequate and applicable to the risk itself and to the business area affected. The Analyst will have the ability to analyse disparate pieces of information (technical and non-technical), from a variety of sources and in many formats, in order to quickly and accurately assess the risk and determine its magnitude or severity. The right candidate must be able to implement and operate within a risk management framework (e.g. FAIR), to perform data analysis (qualitative and quantitative), to operate tools, to perform data synthesis and to create reports, and to communicate confidently and appropriately to various audiences.
The role will involve:
Perform RA (Risk Assessments) and present the results, recommend actions to address risk and drive towards best practice
Perform the first (and, for the Senior Analyst, in depth) level of analysis for data acquired, produce actionable insight
Own and maintain the risk management framework and artefacts for the company (assets lists and categorisation, risk registers, RA templates, risk acceptance forms, etc)
Follow (and, for the Senior Analyst, also create and improve) processes and procedures to perform risk analysis and risk management activities
Introduce risk management principles in our existing policies, procedures and standards; ensure they are relevant to the company and its operations, that they are kept up to date and continuously improved
Follow up with the appropriate teams for risk treatment action implementation, verification and closure
Collaborate with Compliance and other teams on external (e.g. customer) and internal audits and reviews (for Senior, also conduct audits and reviews). Owns the area of certifications (e.g. ISO27001) in the InfoSec team.The right candidate will have the following experience/skills:
Experience in compliance, auditing, data protection, information security, risk management or related field
Expertise in taking policy statements and translating them into actual, implementable, risk and security controls that can be monitored, audited and constantly improved. Ability to judge their effectiveness and recommend improvements.
Ability to operate data mapping and risk assessment tools and processes that identify risks to business assets and operations
Provide insight into the key areas of risk for the business and provide suggestions on mitigation/treatment
Good understanding of common information risk and security management standards, frameworks, and laws / regulations: e.g. CIS Top20, ISO/IEC 27001, NIST 800-53, BSIMM, GDPR, FAIR, etc. This a great role working in a talent close knit team. Please apply with your Word CV for more details.
Please note that due to a high level of applications, we can only respond to applicants whose skills and qualifications are suitable for this position.
No terminology in this advert is intended to discriminate against any of the protected characteristics that fall under the Equality Act 2010.
Bowerford Associates Ltd is acting as an Employment Agency in relation to this vacancy
To apply for this job please visit itjobpro.co.uk.