30th January 2023
Information Security Control Specialist
Information Security
London
Up to £115,000
Information Security Control Specialist
Location: City of London (Hybrid)
Salary: up to £115,000
Reporting to: Head of Security Risk Management
Job purpose
The Information Security Control Specialist role is an opportunity to actively manage security risk within a systemically important Financial Market Infrastructure. Evolving the security posture across the enterprise. Finding a balance between risks, order, control, innovation, and high quality performance to maximise their delivery, ensuring effective protection and mitigation of security risks.
The candidate should be talented at forming business relationships with key stakeholders and vendors to remove barriers and enable collaboration and effective delivery. They should be astute in tracking delivery of security against KRIs, proactively identifying opportunities to address emerging risks. They will be required to participate in many aspects of audit and assessment activities, including risk assessments, planning, testing, control evaluation, documentation, report drafting and follow-up/verification of issue closure.
Essential Functions:
- Serve as the Security POC for regulatory compliance inquiries for internal/external stakeholders.
- Serve as the Security POC for regulatory compliance documentation and testing.
- Organize and collect evidence of regulatory compliance.
- Support and monitor the preliminary assessment of control requirements in connection with new or updated regulatory requirements.
- Perform application risk assessments as necessary and enhance risk management frameworks in appropriate coverage areas.
- Support all aspects of the Security Risk Management (SRM) team as needed.
Knowledge, skills and abilities:
Knowledge
- Knowledge of security methodologies, policies, standards and best practices.
- Knowledgeable of best practices in information technology governance and regulatory landscape.
- Proficiency with administrative tasks including training, reporting and compliance.
- In-depth knowledge of security frameworks (eg, ISO 27000, NIST, FFIEC, etc).
- Advanced knowledge of information technology systems, infrastructure and operations.
- Advanced working knowledge of information systems and operations systems for supported business groups.
Skills
- Strong in the use of Microsoft Office software.
- Strong ability to analyze data using Excel for reporting and data mining purposes.
- Ability to interact with staff at all levels.
- Excellent writing and speaking skills.
- Must be able to manage the investigations function with minimal supervision.
- Advance experience with data visualization concepts and tools.
- Ability to work directly with senior level management.
Consultant -
Telephone:
Share This Position