Security Governance and Assurance Analyst

Location: Reading

Salary: £500- £550

This specialist banking firm is looking for Security Governance and Assurance Analyst to promote sound security and risk processes. As an Information Security champion, you will be the point of escalation for controls and governance matters.

The Governance and Assurance Analyst will help deliver and adopt several components of the organisation’s Information Security Management System (ISMS).

In this role, you will work with a close-knit team of security and GRC specialists. This is a Governance Risk and Compliance focused position in which you will be a point of contact for the Business in policy, assurance, and processes.

Advising the Business on risk management strategies in line with the risk appetite is an integral part of this role. You will also promote regulatory requirements through education and training exercises where necessary.

As well as providing help and guidance to a small team of permanent staff, you will foster strong relationships across the Business, including Technology, HR, DPO, and champion the adoption of the ISMS, ensuring its purpose and value is understood.

Risk assessments will be undertaken and shared with relevant owners allowing them to make informed risk-based

Responsibilities 

  • Perform and document risk assessments allowing the Business to make informed risk-based decisions.
  • Reviewing Security policies and standards.
  • Maintaining and, where necessary making a case for improving security policies and standards
  • Project Engagement. Assist in oversight of the testing and gathering evidence of requirements issued to projects promoting security by design
  • Controls Assurance activities, including:
  • Reporting of control effectiveness: KRI’s and a security risk dashboard with meaningful and actionable metrics.
  • Assist in the production of clear and concise reporting and presentations for senior management
  • Reviewing due diligence reports from organisations providing services to the organisation
  • Security Incident Management. Assist in the development and implementation of an effective Incident Management process and operational resilience activities

Criteria and qualifications

  • Experience of working in a banking or financial services organisation
  • Strong knowledge of UK and/or global banking regulations
  • Experience of Risk or Security frameworks such as: ISO27001, ISF Standards of Good Practice for Information Security, NIST control framework, CIS Controls, MITRE ATT&CK framework
  • Any or combination of Security qualifications such as: CISM, CISA, CRISC, CISSP