Information Security Policy Analyst
£650 a day inside
Insurance exp needed
This role will support the maintenance of the IS Policy and Standards and operate the Policy Exceptions process and will therefore include activities such as:
IS Policy & Standards
- Operating the annual review process for the ISMS and the IS Policy & Standards in accordance with the operating procedures
- Identifying and managing potential changes to the IS Policy and Standards outside of the annual review
- Managing the communication of the IS Policy & Standards to stakeholders
- Ensuring appropriate change management and configuration control of the IS Policies & Standards.
Policy Exception Management:
- Ensure the clarity and accuracy of the information in the exception request.
- Understand the elements involved within the exception requests and their importance - data sensitivity assessment, control implementation and maintenance plan, assessing the legal, compliance, reputation, and operational risks associated with the exception.
- Liaise with subject matter experts and stakeholders of the request domain.
- Determine inherent risk and control effectiveness.
- Determine residual risk and ensuring risk acceptance by appropriate management team member.
- Provide decisions on exceptions on basic risk assessment and associating timelines with every exception.
- Document and track exceptions and ensure timely revocation of exceptions on their expiry.
- Review existing exceptions and confirm they are still required.
- Knowledge and understanding of Information Security Frameworks and standards (FFIEC, NIST, ISO etc)
- Knowledge and understanding of Regulatory Risk and Compliance policies and programs
- Ability to work as part of a team or solo
- Excellent Communication skills, especially written English
- Strong Stakeholder management
- The ability to foster and grow relationships
- Experience of working in a live operational environment with an understanding of the impact of policy adherence is desirable.
- Educated to degree level or equivalent
- Hold professional qualifications in a related subject for example, CRISC, CISSP, CISM, CISA
- 2 years + experience in an information security role
- Experience of working within a Global Financial organisation
- Resourcefulness and organizational agility
- Global team player with good interpersonal and influencing skills
- Conflict Management Resolution (Options Analysis)
- Customer Focus & Integrity and Trust
- Personal Learning & development
Lorien Plc is acting as an Employment Business in relation to this vacancy.
your application has been submitted