A bright, enthusiastic self-starter is required to come and work for a dynamic, boutique security consultancy operating in London, in an Information Security Compliance Analyst role.
We provide our clients (predominantly small / medium sized agencies) with realistic, actionable solutions to help them meet their information security and privacy related obligations and protect their information holdings. Our services include:
- Assistance with ISO 27001 certification and ISMS maintenance.
- Security reviews and gap analysis.
- Cyber Essential certification (we are an IAMSE accredited Certification Body).
- UK DPA / GDPR consulting and DPO As-A-Service.
- Cyber Security Management As-A-Service.
- Security awareness training.
- Other compliance related activities as required.
This is an exciting time for us and an excellent opportunity for the successful candidate to join the company and grow with us. We operate in a friendly yet committed work environment and are willing to assist in the development of relevant cyber security skills in our staff.
The role in a nutshell
We are looking for a full-time Information Security Compliance Analyst to help build the company and assist with various client facing consulting activities and internal service enhancements. There will be on-site as well as remote working opportunities. Your responsibilities will include:
- Operating and assessing the operational effectiveness of information security controls of a number of clients. Often this will be following procedures already set out in our clients' ISO 27001 certified Information Security Management System.
- Proactively developing ours and our clients' compliance controls, standards and procedures according to industry good practices.
- Analysing records and logs to spot anomalous, non-compliant and sometimes malicious behaviour.
- Maintaining risk registers and assisting in treating our clients' unacceptable security risks.
- Maintaining up-to-date knowledge of ISO standards, security threats, countermeasures, industry good practices, and assistive technologies.
- Taking ownership and monitoring progress of corrective actions against remediation plans.
- Monitoring and management of security systems to ensure incidents, real and potential, are quickly identified, responded to and resolved.
- Assisting our clients' with responding to their customer's due diligence/RFI requests.
- Assisting clients with Cyber Essentials certification queries.
- Monitoring our vulnerability management systems and liaising with clients and their IT MSPs about remediation activities.
- Helping to develop additional InfoShelter commercial services.
Required personal attributes
- An inquisitive, analytical mind.
- Excellent customer service skills.
- A thirst for knowledge and capacity to learn.
- Impeccable organisational skills.
- Ability to multi-task and work on projects concurrently and under tight deadlines.
- Flexible and adaptable approach to the working environment.
- Self-motivated with a determination to provide solutions.
- Calm but enthusiastic.
- Excellent communication skills with an ability to describe technical and security issues / solutions to technically and non-technically minded people.
- Excellent written language skills to be used both in technical and non-technical contexts.
- Ability to follow procedures as well as suggest improvement ideas.
- Super-powers are also very welcome.
Required skills and experience
- ISO 27001 maintenance / implementation experience.
- A good understanding of IT / computer systems / cloud / networks / Windows AD environments (previous work experience in IT a bonus).
- An interest in and knowledge of cyber security and / or data privacy.
Desired skills and experience
- Educated to degree level or equivalent (IT / Cyber Security related preferred).
- Relevant certification such as COMPTIA Security+, ISO Lead Auditor, CISM, CISSP.
- Knowledge and experience working within UK Data Protection Act 2018 and GDPR.
- Experience working in a similar role or working internally to manage/develop internal information security frameworks.
- Experience working in an IT department.
- Knowledge of the legal and statutory obligations for SMEs regarding data protection, information security, and environmental concerns.
This job was originally posted as www.cwjobs.co.uk/job/93760167