Information Security analyst ( Third Party Due Diligence )
Information Security Analyst (Third party Due Diligence)
My client, a financial services organisation based in Edinburgh are actively looking for an information security analyst, on a 6 month contract basis. This position will play a pivotal role in the organisations GDPR program. You will be conducting due diligence questionnaires across over 100 suppliers as well as creating actions based on the results of these.
You will provide support to the Enterprise Information Security team including:
- Co-ordinating the Sending, return and assessment of due diligence questionnaires as part of our supplier contract update process under the GDPR program.
- Working with suppliers so that they understand the questionnaires and return suitably detailed answers.
- Arrange follow questions or calls to help gain clarity of suppliers control environment.
- Collate the answers to the questionnaires from the suppliers
- Produce recommendations based on the output from the due diligence questionnaires in relation to the controls that suppliers have in place.
Skills & Knowledge
- A good knowledge of Information Security and controls that are required to provide effective protection to systems and data.
- Knowledge of risk assessment and risk management techniques and their application
- Certification such as CISSP, GIAC or CISA would be preferred.
- Good stakeholder management skills, with an ability to understand and communicate complex Information Security matters to a variety of audiences.
- Excellent time management and organisational skills.
- Ability to work under your own initiative with limited supervision to deadlines.
- Experience of working in Information Security or similar function with a focus on supplier management and performing due diligence exercises.
- Ideally experienced in Financial Services or another highly regulated environment.
- Experience of managing due diligence checks over significant numbers of suppliers.
If you are looking for an exciting new challenge, with an organisation who are wholly invested in security, then please get in touch.