Looking for a Security governance audit and compliance role with a company that has a motivating and supportive culture? IntaPeople is working with a Swansea-based tech company to expand the Cyber Security team with a Senior Security Analyst. Ideally, you will have experience in embedding a culture of information security within the daily operation of a business.
About you
- We’re looking for organised individuals with a background in governance and regulatory compliance within the insurance sector. Experience with audits and ISO27001 is preferred
- You’ll have a strong understanding of IT Risk Management, having lived in the governance world doing reviews of contracts and security due diligence.
- An understanding of business continuity or operational resilience would be beneficial.
- You’ll be a self-starter, proactive, inquisitive and driven.
About the role:
- The main focus of the role is to support the management of activities within the team, ensuring that deliverables are met.
- Work as part of a small team to support the Information Security Manager in the development and maturation of the Information Security function working within the Technology Services department, sitting alongside specialist Governance, IT Security & technical staff.
- You will contribute to Regulatory Compliance, IT Audit Governance, IT Risks and provide key subject matter resource for the Technology GDPR deliverables.
- As a member of the IT Governance team, you will be responsible for helping to embed a culture of Information Security within the day-to-day operations of the department, ensuring the Confidentiality, Integrity and Availability of the services provided to the enterprise.
What does this role look like day to day?
- Leading and performing information security assurance reviews for the core business and group activities, as well as third parties.
- Leading all internal IT audits.
- Lead the IT aspects of the annual Group audit and manage the IT Risk Management program, in line with corporate governance requirements.
- Producing high-quality reporting tailored to the target audience.
- Provide support to the Information Security Forum. Produce monthly packs and participate in the delivery of the meetings.
- Produce management dashboards and regularly report to the Information Security Manager to ensure timely and accurate delivery of the aforementioned duties are undertaken to achieve successful operational performances.
- Deputise for the Information Security Manager at internal and external meetings.
- In the absence of the Information Security Manager, lead the team to make decisions relating to Information Security in order to respond to a variety of demands.
- Contribute to security-related initiatives such as Internal and External Information Security Audits and Vendor Management processes.
- Provide guidance and assist business stakeholders with Informational Security enterprise.
- Contribute to the future Information Security & IT Governance strategy.
- Assist to drive and mature the implementation of ISO27001 ISMS and its ongoing maintenance and related activities such as internal audits and evidence exercises.
- Recommend and implement changes in security policies and practices in accordance with legislation.
- Assist with team development and communicate enterprise-wide information security-related metrics and reporting to all levels, including risk assessments, information security policy/standards approvals and exceptions, and supplier security assessments.
- Keep abreast of industry trends, emerging controls, and legal and regulatory changes; particularly FCA, Lloyds, PCIDSS, GDPR and participate in industry forums to ensure compliance with Information security trends and standards.
The experience required
- Knowledge of information security practices and procedures with minimum 3 years experience in an Information Security / IT Governance role.
- Strong Experience with PCI DSS, ISO27001.
- Strong GDPR compliance knowledge.
- Ideally holds certification in one of the industry standards – CISMP, CISA, CISM, GDPR Practitioner, Certified ISMS Risk Manager.
- Ability to produce management information and reports to an agreed schedule or upon request.
- Proven presentation and communication skills with multiple levels of an organization, including interaction with senior-level business partners within the company.
- Strong influencing and relationship management skills – the capability to build and maintain Customer/Supplier relationships.
- Proven ability to manage multiple high-priority tasks / competing priorities and flexibility to adjust to changing requirements, schedules and priorities.
- Self-driven and resourceful to achieve goals independently as well as work well in groups.
- Leadership and/or Mentoring experience
About the benefits:
- 25 days holiday, plus 8 public holidays
- Company pension scheme
- Annual pay reviews
- 12% Bonus
- Free on-site parking
- Development opportunities and additional training
What next?
‘Apply Now’ to be considered or contact Kim for a confidential chat on k.gibbons@intapeople.com