Information Security assurance Analyst

Merje Limited
London (Greater)
07 Nov 2017
15 Nov 2017
Contract Type
Full Time

My client is a leading Asset Manager based in London with an open position within their Information Risk team. The Information Risk team forms a 2nd Line of Defence function, with primary responsibility to operate the Information Security Management System (ISMS) and oversee of information security across the firm.

The purpose of the role is assure the integrity of the ISMS and information risk response to regulation. This comprises:

  • Management, operation and development of the control assurance programme.
  • Management of ISMS assurance audit and resolution of issues arising from them
  • Maintenance and development of the controls database as an audit response resource within the firm
  • Management and development of GDPR and other information governance and regulatory compliance resources
  • Tracking and closure of internal audit and other issues

Key Requirements:

  • Clear understanding of the ISO27001 standard and compliance audit management rather than just experience of Annex A controls.
  • Experience with other information security frameworks such as NIST Cybersecurity and AICPA SOC2 would be valuable.
  • An understanding of the objective and operation of information security controls in order to assess their design and effectiveness.
  • Effective communication and organisational skills are required.
  • An understanding of the investment management business and regulators would be beneficial but is not essential.
  • The ability to work independently, and as part of a wider team, with minimal supervision. The role requires an analytical thinker with good written and spoken communication skills and a meticulous approach to compliance.

This job was originally posted as