Works with fellow team members and other departments to address customer assurance requests, preparing responses to customer inquiries.
Work with senior managers across the business to drive the information security agenda and ensure that it meets complex compliance requirements.
Works closely with Senior Analysts supporting compliance, regulatory, vendor and cyber-maturity assessments and reporting.
Provides direct support for control activities such as access reviews, data mapping and vendor assessment.
Works toward, establishes, and maintains a firm knowledge of data security practices and relevant regulatory requirements.
Assist with the development of control frameworks to meet business and regulatory requirements
Participates in project reviews, working with business representatives, technical staff, suppliers, and project team members to evaluate information security requirements, and to help mitigate potential exposures.
Provides support for contract review and negotiation of information security and privacy requirements.
Monitors and promotes compliance with information security policies and standards.
Recommends changes to policies, standards and procedures.
Consult with IT colleagues to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
Supports UK DPO in providing technical expertise in relation to UK GDPR, Data Protection Act 2018 and PECR 2003.
Requirements
Ideally at least one industry certification (e.g. CISA, CISM, CRISC, CISSP, ISAAP)
5 years of combined Information Security and Technical Administration Experience.
Proven experience in an information security role including experience of developing Information Security policies and plans.
Working knowledge of General Data Protection Regulation (GDPR).
Experience with information security internal & external audits and contract compliance.
Good understanding of system technology security testing (vulnerability scanning and penetration testing).
Excellent understanding of information security concepts, protocols, industry best practices and strategies.
Knowledge of information security & control frameworks e.g., NIST, ISO 27001/27002 a plus.
Familiarity with regulatory and compliance mandates e.g., PCI, CCPA, GDPR a plus
Proficient with Microsoft Office suite of products.
Sound analytical judgement, self-motivated, attention to detail, ability to manage deliverables against firm timelines, and commitment to producing results.