Information Security Compliance Analyst

Join or sign in to find your next job

Join to apply for the Information Security Compliance Analyst role at GLORY

Join to apply for the Information Security Compliance Analyst role at GLORY

Get AI-powered advice on this job and more exclusive features.

Department: Legal - Information Security

Department: Legal - Information Security

Location: UK/Basingstoke

Description

In this newly created position, you will be responsible for planning, preparing and undertaking a wide range of Information Security activities. You will work closely with internal and external audit teams and other stakeholders to ensure the effectiveness and compliance of the organization's information security measures. You will also work closely with the procurement team, business units, and third-party vendors to ensure that all third-party risks are identified, assessed, and managed effectively.

Strong knowledge of Information Security governance frameworks is essential for this position.

You will be required to use your knowledge and experience to test, document, evaluate, remediate, and improve controls related to Information Security for effectiveness and operational efficiency. You will need to be able to audit all areas of the business where it is needed and take the lead when required. Within this role you will be responsible for supporting customer audits and responding to customer queries on Information Security and Information Systems and the associated functional processes and controls.

You will also support third-party auditors to co-ordinate external audit activities to maintain and ensure compliance with industry standards. This will include managing the closure of any actions or findings raised. This new role offers an opportunity to be part of newly established functions to ensure we can evidence the measures put in place to protect our business and that of our customers.

You must be a highly effective communicator and a supportive team player, taking a consultative approach whilst maintaining the integrity and independence of the General Affairs department. You will combine an ability to navigate organisational politics and manage stakeholders, with a talent for operational delivery and a strong sense of accountability for results.

Main Responsibilities

• Review existing documentation of IT controls, business processes, policies, procedures, and management reports for effectiveness and sustainability
• Review, document, evaluate, and test manual and automated controls throughout the IT environment
• Develop and implement audit testing methodologies
• Design audit programs to ensure ongoing evaluation and validation of IT control effectiveness
• Lead and conduct Information Security internal and external audits working to industry standards such as CIS, SOX and ISO
  27001
• Assessment and evaluation of suppliers’ capabilities against applicable requirements, including GGS policies, standards and procedures
• Lead and conduct Information Security risk assessments of suppliers and vendors
• Working across internal stakeholders to collaborate and ensure that controls adhere to defined policies, process and procedures
• Work with procurement and business units to ensure that suppliers and vendors comply with cyber security policies and standards.
• Lead the completion of customer RFP, RFI due-diligence responses. working across multiple functions, including Sales, Product Development, Information Security and Information Systems to collate applicable information
• Interpret audit results and make conclusions on the adequacy and reliability of controls; prepare and present reports as necessary
• Prioritize audit findings based on severity of risk and non-compliance

Skills, Knowledge & Expertise

• Must have experience of working in an audit function
• Knowledge of Information Security frameworks such as NIST, CIS, SOX, Cyber Essentials, ISO
  27001, PCI-DSS and SOC
• Contribute to an effective Information Security culture in support of audit objectives
• Establish and maintain relationships across stakeholders, functional teams and external audit teams on relevant standards and frameworks
• A good understanding of Information Security controls
• Ability to appropriately identify…