Information Security Assurance Analyst

11 Jan 2018
16 Feb 2018
Contract Type
Full Time

About Capita | Business Unit

We are Capita, the UK's leading provider of business process management and integrated professional support service solutions. Through bespoke, quality solutions, we've helped countless organisations unlock value and maximise their potential. With access to our range of unique and diverse opportunities, offering real career advancement and progression, we can unlock your potential too.

Role Information Security Assurance Analyst,

Based in Leeds

Salary 25-36,500K depending on experience

Role Detail

To work as part of a team to support the delivery of the Information Security Framework across the Private Sector Partnerships (PSP) division business units and to external clients. Working with Information Security Managers (ISMs) to support a robust programme of security assurance activity and ensuring that issues are identified, reported, addressed/escalated or accepted as appropriate. The role will involve travel to Capita and other external sites, sometimes with short notice periods.

Key accountabilities:

  • Support for ISMs and other key stakeholders - Establishing effective working relationships (e.g. IT, Group Security, Service Delivery) across PSP to enable completion of assurance activities, and providing support to assist ISMs and Account Managers in discharging their responsibilities in relation to information security.

  • Assurance activities in line with plan - Completion of proactive assurance activities including: annual policy/procedure reviews, policy embedding activities, security awareness activities, physical site reviews etc.

  • Security standards compliance/certification - Managing and maintaining compliance/certification with relevant security standards such as ISO 27001, PCI DSS and the UK DPA / GDPR. Conducting internal reviews and audits as necessary. Coordinating and managing scheduled audits by external auditors.

  • Policy and contractual compliance reviews - Scoping, completing and documenting reviews in a consistent, complete and timely manner in order to improve understanding of policy compliance across PSP and identify areas in need of improvement. Following completion of a review and issue of the report, tracking the identified actions to an acceptable conclusion.

  • Third party supplier information security due diligence assessments - Working with key stakeholders such as ISMs, Relationship Managers and Commercial/Procurement teams to assess third party information security arrangements to an agreed schedule.

  • Issue management - Supporting ISMs in the tracking and resolution of issues identified through assurance activity.

  • Information security dashboards - Ensuring that MI is delivered for PSP Division and business units in a timely and accurate fashion and raising any issues identified via the appropriate escalation channels.

  • Ad hoc data security tasks - As directed, including provision of information security advice and guidance etc.

  • Continuous improvement - Proactively recommending, developing and delivering opportunities to improve team processes for enhanced client delivery.

  • Team management cover - Deputise for and cover absence for Information Security Assurance Manager as appropriate and requested.

    Skills, knowledge and experience:

    Essential Experience/Skills

  • Qualified to degree level or equivalent experience including IT and information security.

  • Can come from a security administration or IT background with a basic understanding of Security Assurance or have a relevant IT degree with no experience.

  • Self-motivated individual with flexible approach to working.

  • Desire to build own information security knowledge.

  • Excellent interpersonal skills with the ability to explain technical problems to non-technical business stakeholders at all levels.

  • Strong written and oral communication skills.

    Desired Experience/Skills

  • Experience of working within a financial services/regulated or outsourced service provision environment.

  • Industry recognised information security or audit qualification.

  • Experience of working to an ISO27001/2 aligned framework.

  • Experience of working to a PCI DSS aligned framework.

  • Experience of working in a controls testing/assurance environment.

    What's in it for you?

    At Capita, training and development aren't optional extras: they're how we do our job. We will motivate you to perform at your peak, recognising your achievements and rewarding them appropriately. As well as a generous basic salary we also give you 23 day's holiday, pension scheme and access to voluntary benefit options including; child care vouchers, share plan schemes, life, holiday buy and many more designed to suit your own personal lifestyle. All of this, in a professional but fun environment.

Listen | Create | Deliver

Follow Capita on twitter @capitacareers
Follow Capita on facebook @careersatcapita

Capita Resourcing welcome applications from all suitably qualified people regardless of gender, race, disability, age or sexual orientation.

Capita Resourcing is a trading name of Capita Resourcing Ltd. Services offered are those of an Employment Agency and Employment Business. Applicants will be required to register with us.

If you are successful with your application, you will need complete Capita's vetting and screening checks. This will include, but not be limited to, Reference Checks, a Criminality Check, Financial Probity Check, Sanctions Check and Media Check.