Information Security Analyst
Reporting to the Head of Information Security, the Information Security Analyst will be responsible for conducting risk assessments of internally and externally hosted systems and third-party vendors for a FTSE 100 Media organisation.
Day to day activities:
- Risk Management - Scoping and conducting risk assessments, identifying information security risks and risk treatment actions and escalating them through appropriate management channels) and managing appropriate treatment activity.
- Third Party Management - scoping and conducting third party assessments, identifying information security risks and risk treatment actions and escalating them through appropriate management channels) and managing appropriate treatment activity. Ensuring the implementation of third-party outsourcing security policies and reviewing information security contractual clauses.
What we are looking for:
- Demonstrable knowledge of current information security best practices, standards, risk methodologies and relevant legal, financial and regulatory requirements.
- Stakeholder management experience essential.
- General IT technical and cloud security knowledge.
- Experience working with formal risk assessment, controls and project management methodologies and GRC tools
- Knowledge of technical security issues and solutions
- Knowledge of cyber threats, penetration testing, and vulnerability assessments
- Understanding of cloud security controls
- Understanding of IT security control products/protocols
- Recognised industry qualifications such as CISSP, CISM, CISA, CRISC, ISO27001 Lead Auditor (this list is not exhaustive)