Information Security Analyst
We're on a journey as a global business to build the technology of tomorrow and continue to lead from the front of our industry. We want to redefine and reshape our technology strategy in the face of a rapidly evolving digital world, looking at new ways to leverage AI and innovative technology. Our vision is to create a more integrated and product-led organisation, designing holistic global technology solutions that enable us to continually improve the way we deliver our services, both internally and externally.
The role reports to the Head of ISDP Governance and is responsible for supporting the development, review, implementation and maintenance of Enterprise ISDP policies, procedures and guidelines in line with the ISO 27001 standard. The role involves implementation of a security risk management framework, driving employee secure behaviours and liaising with third line of defence on internal and external assurance activities.
Key Responsibilities:
Policies and framework management:
- Implement and maintain information security policies, procedures, and guidelines aligned with ISO 27001 standards.
- Implement and maintain ISDP intranet for easy access to ISDP artefacts.
- Effective and consistent implementation of these policies and framework across the organisation.
- Support delivery of the ISO27001 certification roadmap.
Security culture:
- Develop, renew, implement and maintain annual training for employees, including new hires.
- Conduct regular targeted campaigns to promote a culture of security.
- Perform periodic simulated phishing exercises to assess employee awareness.
- Work with relevant business units to improve cybersecurity awareness.
Assurances:
- Support internal or external ISDP assurance activities.
- Support management of security management plan (SMP) of activities with strategic suppliers.
- Collaborate with internal and external stakeholders to coordinate assurance activities effectively.
Stakeholder Communication:
- Appropriately communicate security requirements to key internal and external stakeholders.
- Ensure alignment with business goals and risk management strategy.
Metrics and Reporting:
- Support development of a metrics framework to effectively measure employee behaviour and compliance with policies.
- Ensure the effectiveness of an awareness programme.
What you will need to succeed
- Experience with ISO27001 Readiness
- GDPR - NIST - DORA
- Cyber Essentials
- Strong knowledge of ISO27001, security awareness processes.
- Experience with security governance, internal audits, suppliers, project management, and delivery experience.
- Familiarity with vendor controls, service levels, KPIs for visibility, and checking implementation.
- Experience in implementing data classification schemes.
What you'll get in return
- Flexible working options are available.
- The opportunity to make a seismic impact and help enable business through the delivery of effective digital solutions.
- The opportunity to work in a business that values people at the heart of what they do and creates a supportive and inclusive environment to enable you to flourish.
- The reward and benefits associated with this role will be competitive for the market and experience of the successful candidate.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
