Analyst, IT Security, Compliance
London, GB
Purpose of Job
The Analyst, IT Security, Compliance assists the IT Security Principal with IT Security Compliance objectives. This includes:
• ISO / IEC 27001 - Maintaining accredited certification
• Swift Customer Security Control Framework - evidence collection and collation for Annual Attestation
• Audit observations and actions – ensuring audit actions are addressed withing acceptable timeframes.
• Internal Control Framework – ensuring ICFs are appropriate and completed in a consistent manner.
Accountabilities & Responsibilities
- Help to maintain ISO / IEC 27001 accredited certification, this includes:
- Developing consistent and repeatable IT Security Standards, Policies, and Procedures, compliant with the international standard for Information Security Management Systems, ISO / IEC 27001: 2013.
- Contributing to Internal and external audit processes
- Assisting with risk assessments for the ISO27001 Risk Treatment Plan and Statement of Applicability
- Participating in Leadership Team updates
- Contribute to IT Security compliance with the Bank’s Internal Control Framework to ensure the accurate completion of testing schedules. This includes monitoring reports and alerts and submitting control evidence to IT Risk
- Contribute to IT Security with the Bank’s Swift Customer Control Framework and annual attestation requirements. This includes collecting and collating evidence for the IT Risk team.
- Work with IT Risk and Internal Audit to ensure audit observations and actions are consistently managed and closed within acceptable timeframes.
- Conduct regular vendor and third-party risk assessments. This includes review of Third Party Assurance Questionnaires and Security Management Plans
Knowledge, Skills, Experience & Qualifications
QUALIFICATIONS
- Educated to degree level and/or relevant and recognised professional level IT Security accreditation such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Security Plus
- ISO27001 Lead Implementer (beneficial).
KNOWEDGE / EXPERIENCE
- Knowledge and experience implementing of IT Security frameworks, policies, guidelines and standards, including the International Standard for Information Security Management, ISO/IEC 27001: 2013 and Cyber Essentials Plus.
- Experience of working with internal and external auditors and risk departments.
- In-depth knowledge of technical security solutions covering areas such as data leakage prevention, Security Information and Event Management, anti-malware, vulnerability management, threat assessment, encryption, Public Key Infrastructure, and cloud computing.
- Experience in IT Risk Management, including Third-Party Risk management
- Relevant experience in the Financial Services sector.
- Broad understanding of corporate IT infrastructures and technologies.
- Experience of successfully working under pressure to challenging deadlines.
- Ability to communicate effectively to a wide variety of audiences both within and outside of EBRD
- Ability to work both independently and as part of a team.
- Ability to operate sensitively and effectively in a multicultural environment.
- Good organisational and multi-tasking skills.
- Fluency in oral and written English is essential.
TECHNICAL SKILLS
- Experience of Security Information and Event Management and tools used to monitor compliance with Polices and Standards.
- Experience with IT Security tools, including: anti-malware, end point detection and response, proxy filtering, security baselining, data loss prevention, network access control, vulnerability management, and firewalls.
What is it like to work at the EBRD?
Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.
The EBRD environment provides you with:
- Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in;
- A working culture that embraces inclusion and celebrates diversity;
- An environment that places sustainability, equality and digital transformation at the heart of what we do.
Diversity is one of the Bank’s core values which are at the heart of everything it does. A diverse workforce with the right knowledge and skills enables connection with our clients, brings pioneering ideas, energy and innovation. The EBRD staff is characterised by its rich diversity of nationalities, cultures and opinions and we aim to sustain and build on this strength. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, sexual orientation or disabilities. As an inclusive employer, we promote flexible working and expecting our employee to attend the office 50% of their working time.
Please note, all our adverts close at 10.59pm GMT time.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile CISM CISSP Cloud Compliance Encryption Firewalls ISO 27001 Malware Monitoring Risk assessment Risk management Vulnerability management
Perks/benefits: Flex hours
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs