Open mobile menu
Home Vacancies Information Security GRC Senior Analyst

Information Security GRC Senior Analyst

Job Description

Responsibilities (how we will measure success)

To provide second line support for all aspects of the Group’s Information Security strategy and arrangements encompassing cultural, physical and technology elements throughout the business, with the primary focus being on the security programme’s governance and oversight.

Working as part of the Group Risk and Compliance department, the second line Information Security team interact regularly with the first line IT Security team, providing oversight, challenge and validation of operational controls and procedures. The role holder will work closely with business and technology teams to help articulate and progress the Information Security governance programme, identify risks and threats, and evaluate and help implement controls and improvements.

Tasks (what does the role do on a day-to-day basis)

  • Support the management of Information Security governance for the organization, ensuring adherence to Group policies and standards.
  • Work as part of the Group Risk and Compliance team to ensure key Information Security risks and issues are identified, addressed and resolved in a timely manner.
  • Assist in management of the Group’s Information Security Management System including maintenance of the ISO 27001 certification.
  • Engage with the first line IT Security Operations team and assist the Group CISO in providing oversight and challenge to that function.
  • Participate in the security training and awareness programme including ownership of the compliance process, assessment of the threat landscape to inform the development of training content and publication of materials through corporate channels.
  • Participate in periodic security testing activities (e.g. penetration testing, DR exercises) and prioritise and manage response activities.
  • Assist with the audit and client management aspects of the Information Security team, including client due diligence questionnaires; help design more effective procedures in this space.
  • Help improve and support relevant security metrics; analyse data, identify trends and drive improvements to the control environment.
  • Assist in general Information Security related issues as required, including potential interaction with the Security Operations team, Technology teams and business stakeholders.

Qualifications

Key competencies for position and level (see Group Competency model)

  • 3+ years of Information Security experience.
  • Recent experience of working in a similar capacity, preferably in a financial services organisation.
  • Experience of working within a structured security framework, such as ISO 27001.
  • Excellent interpersonal skills, comfortable working at all levels within an organisation and in a wide variety of situations.
  • An ability to translate security requirements and standards into easily understood business concepts and vice versa.
  • Relevant industry certification (e.g. CISSP, CISM, ISO 27001 LA, etc.) desirable.

Key behaviours we expect to see

In addition to demonstrating our Group Values (Authentic, Bold, and Collaborative), the role holder will be expected to demonstrate the following:

  • A people and client-focussed mindset.
  • Self-motivating and able to work under own initiative.
  • Hard-working, reliable, and supportive.
  • Possesses a willingness to help develop the role and team in a rapidly changing environment.

Required Experience

Education / professional qualifications

  • 3+ years of Information Security experience.
  • Relevant industry certification (e.g. CISSP, CISM, ISO 27001 LA, etc.) desirable.

Background experience

  • Recent experience of working in a similar capacity, preferably in a financial services organisation.

Technical

  • Excellent knowledge of methodologies, processes and tools associated with supporting this function effectively.

Computer / program knowledge

  • Experience configuring and managing security operations toolsets.
  • Comfort working with Risk Management platforms.
  • Expertise in standard Microsoft Office products.

Company, product and market knowledge

  • Excellent knowledge of the Information Security industry, preferably as it is applied in global financial services organisations.

Management and leadership

  • Must possess the ability to positively influence others without having direct management responsibility.

Languages

  • Fluent in English.

Company description

IQ-EQ is a leading Investor Services group which combines global expertise with an unwavering focus on client service delivery. We support fund managers, global companies, family offices and private clients operating worldwide.

Apply now
< Back to search results

Why work at IQ-EQ?

We power people and possibilities

Our benefits & culture

Recruitment experience

Everything you need to know

Our selection process