Security Analyst - Assurance

Security Analyst – AssuranceEffectively manage the firm responsibilities to ensure we meet our obligations with regards to compliance of security assurance activities within the National Information Technology Security Office.Key accountabilitiesEnsure security obligations are well understood across ’s internal stakeholders and third parties, strategic partners and ensure those obligations are adhered to and monitored properlyPerform Third-Party Security Assessments (TPSA) and ensure Authority to Operate (ATO) status is actively maintained for all the approved Third-Party suppliers & service providers.Maintain control environments against technology assets by working with SMEs to ensure operating effectiveness.Assist with and make recommendations for improvements, including identification of automation opportunities within the existing processes.Provide monthly reporting to the security team leaders and ITS leadership team. This includes ongoing improvement to the reporting.Immediately report problems/failures that may impact the firm’s ability to meet our compliance obligations if not resolved.Maintain all security process documents related to security compliance, ensuring they are kept up to date and shared through the agreed mediums/platforms.Act as a conduit for communications regarding compliance obligations and responses, from key stakeholders including security, legal, risk, internal auditors, ITS, and other divisions.Experience/knowledgeMinimum 3 years of experience in Information Security, and Security Assurance.Familiar with security standards such as ISO 27001, NIST, OWASP, GDPR.Experience in conducting workshops with business owners to support risk assessments.Experience in conducting or supporting security and cloud risk assessments.Preferable security certification such as CISSP, CCSP, ISO 27001 Lead Implementer, CISA.