Robert Half has partnered on an exclusive basis with a growing professional outsourcing organisation in the Greater Bristol area to recruit and Information Security Compliance Analyst on a permanent basis.
Role Responsibilities;
Policy Development and implementation:
1. Develop and maintain information security policies, procedures, team documents and controls aligned with industry standards and regulations.
2. Conduct regular policy reviews to ensure adherence to agreed-upon policies
3. Provide guidance and support across the Group on information security matter
4. Support delivery of the Information Security Awareness For Everyone (SAFE) programme
Risk Management:
5. Scope and conduct internal reviews to evaluate the effectiveness of information security controls, creating detailed compliance reports and remediation plans.
6. Coordinate with internal and external auditors to prepare for, and respond to, information security assessments.
7. Ensure Group IT and Security risk registers are managed effectively.
8. Collaborate with business stakeholders to agree, implement, and manage security controls for key business systems and processes.
Third Party Management:
9. Using agreed frameworks, assess and monitor the security of third parties
10. Ensure that regular, scheduled security assessments are undertaken
Incident Preparation:
11. Collaborate with internal incident response teams to develop and implement preventive measures, based on incident findings.
Compliance Monitoring and Reporting:
12. Maintain accurate and up-to-date documentation related to compliance effort
13. Generate status reports for management and regulatory bodies
Continuous Improvement:
14. Support the continuous improvement and expansion of our Information Security Management System (ISMS).
15. Remain up to date with industry best practice, new technologies and emerging threats.
Skills/experience
16. Proven experience in performing IT / Cyber security control reviews
17. Minimum of 4 years' experience in IT, information security or programme management positions, with a preference for those involving Governance, Risk, and Compliance (GRC) programmes.
18. Broad ranging analyst skills acquired while working on diverse IT and / or business projects
19. Solution management experience including requirements analysis, solution proposition, delivery tracking and benefits analysis.
20. Experience working with Information security frameworks and compliance standards (e.g. ISO27001, Cyber Essentials Plus, NIST, SOC2 and PCI-DSS).
Desirable
21. Knowledge of a range of technical security controls and their operation
22. Understanding of / experience of PCI-DSS controls and implementation
23. Good understanding of the Data Protection Act / General Data Protection Regulation
24. Strong interest in Information security and technology, and motivated to learn new technologies.
25. A bachelor's degree in information security or industry recognised security certifications (e.g. CISSP, CISM, CISA, CRISC, ISO27001 lead implementor, ISO27001 auditor).
Salary/Logistics
26. £55,000 - £60,000 basic salary + additional benefits
27. Hybrid working (2-3 days a week on site)
Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to equal opportunity and diversity. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training.