Our client is currently looking for a candidate with experience within the area of Cyber Security to join their ever-expanding team! The successful candidate will have demonstrable experience within information security and the ability to understand IS principles across the multiple domains. (i.e. Security Architecture, Network Security, Cryptography, Telecommunications, Operations Security etc.) Moreover, particular experience in the domain of cloud computing environments and knowledge of IaaS, PaaS and IaaS solutions would be ideal.
• Perform risk assessment on suppliers and identify risk domains.
• Conduct remote/onsite security assessments.
• Review policy and procedures relating to information security and data privacy.
• Ensure that potential issues are raised promptly and discussed with management to identify options to mitigate risk.
• Identify, document, and communicate control gaps/deficiencies to internal and external stakeholders
• Identify process efficiencies/enhancements to keep assessment programs in line with industry best practices.
• Maintain open communication channels with senior stakeholders through regular governance sessions, escalating appropriately as and when required.
• Own the quality of all client outputs and ensure all client and internal document repositories are accurate and up to date
Technology Risk and Controls Analyst
• Experience in professional roles involving information security, data privacy and/or controls testing.
• Knowledge of information risk and compliance principles. Broad understanding of security technology and related risk and compliance issues
• Cyber Security related certifications including ISO27001 Lead Auditor, CISA, CISM, COBIT, CISSP, CIPM
• Strong understanding of information security controls & ISMS standards such as ISO 27001/2, COBIT and NIST
• Experience with SOC2 compliance standards
Experience in the following areas of Cyber Security is essential
• Knowledge of cloud computing environments.
• Knowledge of characteristics of SaaS, PaaS, and IaaS solutions.
• Information Security assessment processes, including audit, vulnerability scanning, and security policy and standards review.
• Creating or managing IT security policies and standards.
• Understanding of Information Security fundamentals across multiple domains