- ISO 27001, NIST
- 3rd party risk assessments
- Information Security technology & controls
Information Security GRC Analyst - Liverpool Hybrid (2-3 days onsite) Our Financial Services client has an exciting vacancy within their Information Security Team for an experienced and a highly motivated Information Security GRC Analyst. This is a brand new opportunity at a time of exciting growth within the organisation. This role offers the chance to work in a growing & collaborative team as well as a chance for excellent progression & to develop both GRC and technical security skills within a supportive environment.
Responsibilities - Work with all parties across the business to identify and assess risk and ensure mitigations are tracked to completion . - Support the development and maintenance of information security policies, standards and procedures in line with regulatory frameworks and industry standards. - Support third party risk management processes . - Work with Security Operations and IT teams to provide oversight of vulnerability assessments and remediation activities . - Manage security architecture reviews for new systems and services . - Evaluate security controls and recommending improvements . - Support the implementation of security tools and technologies . - Provide oversight of the security incident management process. - Provide security metrics for interested parties at all levels . - Support the security awareness programme to promote a culture of security within all levels of the Group . - Provide support for internal and external security audits .
Skills and Experience - 2 - 3 years' experience in information security roles . - Experience with risk assessment methodologies . - Excellent analytical and problem-solving skills with attention to detail. - Strong communication skills with the ability to explain complex security concepts to non - technical stakeholders . - Knowledge of information security frameworks such as ISO 27001 or NIST . - Eligibility to work in the UK.
Desirable Skills and Experience - Experience with regulatory compliance in the financial services sector . - Relevant security certifications . - Understanding of security technologies and controls . - Understanding of application security concepts and secure development practices