Information Security Risk Specialist

As the Information Security Risk Specialist, you shall support the Security Risk Manager who has responsibility for all Governance, Risk and Compliance activities across R3, as well as the designing of appropriate policies and organisational controls within R3. You will ensure that the control environment supports R3's mission of trusted enterprise software vendor, operator of the Corda Network and Managed Services provider. You'll be used to working in environments with mature security controls, but have the insight to bring a risk-based approach to a fast-moving company with a start-up culture. This is an opportunity to help "write the book" on building sound security assurance and good security practices for enterprise blockchain. If this sounds like you, read on...

Responsibilities

• Support the Security Risk Manager in the delivery of security governance, risk and compliance activities globally. 
• Drive the different types of security risk assessments (people, process, technology) across different business lines and manage risks via the risk register.
• Ensure assurance activities are appropriately implemented across different business lines, be able to test the effectiveness of those controls along with providing advice and guidance for improvements.
• Conduct security assessments and due diligence activities of critical 3rd party suppliers/vendors.  This shall include liaising with key stakeholders such as IT, Legal and Business Resources.
• Support the Security Risk Manager and the wider Security team in the development, operation and maintenance of R3's security control environment (ISMS) including information security policies, procedures and guidelines and exemption management.
• Implement appropriate governance activities across R3 including providing metrics/reporting to stakeholders to demonstrate maturity of the security program.
• Prepare for an external assessment of R3's security control environment such as SOC 2 and ISO 27001 (R3 is undergoing a SOC 2 assessment within a year and in the process of completing Cyber Essentials/Cyber Essentials Plus certification).

Qualifications

• You'll have 5 years of experience in a direct information security role specialising in governance, risk and compliance activities.
• You will have created documentation such as policies, procedures and guidelines to support a comprehensive ISMS and control environment.
• You will have conducted controls testing and assurance activities and be able to demonstrate the benefits of implementing mature security control.
• Working knowledge of ISO 27001 or NIST Cyber Security Framework would be great, but experience with other recognised standards will be acceptable.
• A good appreciation of technical controls e.g. endpoint security, identity and access management, network security controls (firewalls, VPN), intrusion detection and cloud governance. You won't be expected to be hands-on, but you should be aware of how they fit within the control environment.
• Worked in an organisation with mature security controls or ISO/SOC2 certification.  You will have a good understanding of the controls needed to achieve different security certifications.
• A good understanding of the security practices which should be adopted for different legal and regulatory requirements such as PCI-DSS, GDPR, or different regulatory bodies.
• Financial services experience would be ideal, but experience in organisations with a mature security environment would be preferable too.
• An MSc in Information Security or a CISSP, CISM, CISA.  Appropriate career experience is just as important though. Be prepared to tell us all about that experience.

How We’re Handling Covid-19We are extremely grateful to continue to grow as a company during these unprecedented times. Our #1 priority is the health, safety, and wellbeing of our current and future R3’ers. We want to share with you what we’re doing and what you can expect throughout our interview and on-boarding processes.Since March, most R3’ers have been working remotely, although we have opened some key office locations global, with limited capacity for those that cannot work from home or need to come into the office.As you go through the virtual interview process with us, please don’t worry if children or pets make a guest appearance. We understand these things happen- it’s real life after all! If we are fortunate enough to welcome you to the team, we’ll get a laptop couriered to you and get you set up virtually on your first day.  We also provide you with a “Work From Home” allowance to enable you to purchase some equipment to be more comfortable and productive.We Have And Will Continue To Take Steps To Ease Some Of The Burden For Our R3’ersWe understand that Work From Home (WFH) life can be challenging in many ways, so some of the additional support measures we have in place include;New Starter WFH allowance (as mentioned above) to get you setup to work productively at homeAdditional access to wellbeing resources (as well as the support provided as part of your Vitality Private Medical) including a year’s free subscription to the Headspace app and modules on our Lessonly training platform from MindGym (including Goal getting, Stress Busters and Virtual Work)We also have additional health and wellbeing resources available on our wiki pages when you join.