Information Security Risk Analyst (3055)

About GBG

GBG offers a range of solutions that help organisations quickly validate and verify the identity and location of their customers. Our market-leading technology, data and expertise help our customers improve digital access, deliver a seamless experience and establish trust, so that they can transact quickly, safely and securely with their customers online. We have over 1,000 team members across 15 countries and work with over 20,000 customers in over 70 countries. Some of the world's best-known businesses rely on GBG to provide digital services and keep the economy moving.

The role

GBG’s Information Security team are accountable for GBG’s overall security posture, including all aspects of the Information Security Management System, including, security architecture, framework and standards compliance, security training, supply chain risk management, operational security and information security risk management.

You will be responsible for implementing GBG’s Information Security Management System in accordance with relevant best practice frameworks and ensuring compliance with corporate policy across the group. As part of these activities, you will be a security champion, helping to embed security as a natural part of the fabric of the business globally. You will also be responsible for the management and maintenance of GBG’s information security certifications and supporting ongoing internal and external audit activities.

What you will do

To help you be successful, we're looking for

• Support in the development, maintenance, and delivery of GBG’s ISMS and policies, procedures and standards.Deliver and monitor information security training and awareness activities.
• Support all internal audit activities and ensure corrective action plans are developed and implemented, in collaboration with Information Security Risk Analysts.
• Support ongoing certification audit activities (ISO 27001, PCI DSS, CyberEssentials).
• Liaise with external certification bodies and auditors to ensure all audits are properly planned, resourced, and executed with minimal disruption to the business.
• Respond to Requests for Information (RFI) from GBG’s customers and external stakeholders
• Support 3rd party due diligence and risk assessment of GBG’s suppliers and partners
• Ensure the implementation of GBG’s continuous improvement process.

Skills

• A background in technology and information security is essential
• Experience of implementation of security policy, process and procedure within a technology focussed organisation is essential
• Experience of common information security management frameworks and standards, such as ISO2700X, COBIT, PCI-DSS, CPS 234 and National Institute of Standards and Technology (NIST).
• Experience of the certification process and audit participation (ISO 27001, SOC 2, PCI DSS)
• A working knowledge of relevant data protection legislation (DPA, GDPR).
• Strong analytical skills to analyse security requirements and relate them to appropriate security controls.
• Strong ICT skills including familiarity with Microsoft Office365 product suite.
• Excellent document writing skills and the ability to present and articulate complex data in a clear and intuitive way, are essential.

What’s in it for you?

We have a vision to have the best and most engaged team members in the industry. People matter at GBG, they make us who we are. Every team member across all our locations makes a difference, everyone has something to contribute. Maybe you too could make a difference.

As part of our commitment to our team and flexible working approach, we have created a Work When and Where You Want Policy to give our team members choice and empowerment, and to support a balance in work and home life. Please ask your Talent Attraction Specialist for more information on this and our Family Friendly policy if you want to find out more!

Next steps

If you’re interested, please apply! We’re looking to hire the best and most engaged people into our business and we’ll make an offer once we’ve found that person.

As an equal opportunity employer, we are committed to providing fair opportunities for everyone regardless of age, gender, race, religion, sexual orientation, parental status or disability. Everybody is welcome and our inclusion and diversity programme, be/yourself, is designed to ensure that you can thrive. Please inform your GBG Talent Attraction Specialist if you require any reasonable adjustments to the interview process.