Senior Information Security Analyst
My client, a leading financial services company based in Surrey are actively looking for a Senior Security Analyst/ Security Consultant to join their team. This role will be to start in early September and will be a contract until the end of the year (potential to extend beyond that.) Within this role it will be essential that you have had experience working with ISO27002 controls as this will be the main focus for this position, as the company looks to improve their security posture across key controls within this business area. You will also play a pivotal role in development of an assurance framework for these key areas.
- Strong understanding of the ISO27001/2 information security standards, with a wealth of experience implementing an ISO27001 ISMS
- Extensive experience implementing security controls in accordance with the ISO27001:2013 Annex A controls
- Strong analytical skills to analyse security requirements and relate them to appropriate security controls
- IT/Information Security assurance experience gained by working on projects
- Experience in IT security audits and their requirements
- Experienced in defining high quality information security policies and security related processes
- Knowledge of cloud security (Microsoft Azure, AWS).
- Knowledge of current technological trends and developments in the area of information security
- Expert in process design analysis & designing secure solutions
- Experience of acting as an interface between the business and IT departments to implement change
- Knowledge of software development & security, expertise in Secure Development Life Cycle
- Broad knowledge of general and security technology and standards, such as server security, firewalls, networks, TCP/IP, encryption
- Project Management basic knowledge, familiar with use of Project Management software tools (Microsoft Project will be a plus)
- Knowledge of ISO 9000, ISO 20000 (ITIL) would be a plus
Education, Professional Qualifications and Experience
- Recognised IS qualification (e.g. CISSP, ISO27001 Lead Auditor or Lead Implementer, CISA, CISM,) is required
- A solid background in designing and providing Information Security solutions within a highly regulated environment.