Job Description
* ISO 27001, NIST
* 3rd party risk assessments
* Information Security technology & controls
Information Security GRC Analyst - LiverpoolHybrid (2-3 days onsite) Our Financial Services client has an exciting vacancy within their Information Security Team for an experienced and a highly motivated Information Security GRC Analyst. This is a brand new opportunity at a time of exciting growth within the organisation. This role offers the chance to work in a growing & collaborative team as well as a chance for excellent progression & to develop both GRC and technical security skills within a supportive environment.Responsibilities - Work with all parties across the business to identify and assess risk and ensure mitigations are tracked to completion. - Support the development and maintenance of information security policies, standards and procedures in line with regulatory frameworks and industry standards. - Support third party risk management processes. - Work with Security Operations and IT teams to provide oversight of vulnerability assessments and remediation activities. - Manage security architecture reviews for new systems and services. - Evaluate security controls and recommending improvements. - Support the implementation of security tools and technologies. - Provide oversight of the security incident management process. - Provide security metrics for interested parties at all levels. - Support the security awareness programme to promote a culture of security within all levels of the Group. - Provide support for internal and external security audits .Skills and Experience - 2 - 3 years' experience in information security roles. - Experience with risk assessment methodologies. - Excellent analytical and problem-solving skills with attention to detail. - Strong communication skills with the ability to explain complex security concepts to non - technical stakeholders. - Knowledge of information security frameworks such as ISO 27001 or NIST. - Eligibility to work in the UK.Desirable Skills and Experience - Experience with regulatory compliance in the financial services sector. - Relevant security certifications. - Understanding of security technologies and controls. - Understanding of application security concepts and secure development practices