We are looking for a senior information security analyst to join our Shoreditch office. In this role you will be responsible for maintaining information security policies, architecture, technical standards, technical controls, security solutions, guidelines, procedures, and other elements necessary to maintain AllSaints security posture.
ABOUT THE TEAM
In this role you will report to the head of information security and will form part of our technology team.
WHAT WILL I BE DOING?
- Maintain and improve compliance with security standards and information security policies
- Manage external audits with accreditation bodies and customer compliance teams
- Conduct regular information security risk assessments and determine appropriate mitigation strategies, working with different internal teams to implement risk treatments for initiatives/projects
- Coordinate penetration testing for applications and infrastructure projects
- Manage vendor and supplier security compliance review processes
- Support the development of information security policies, processes and procedures in line with company standards and best practice
- Support the Cyber Security Incident Response plan in major incidents
- Manage security architecture reviews for new projects/initiatives
- Provide support to ensure company staff follow established Information Security Policies and Governance Procedures
- Maintain and track all information security related documentation to ensure they remain relevant, appropriate and up to date
- Lead the security awareness programme promoting applicable security principles, policies and procedures
- Collate metrics to produce monthly management reports
- Identify and address security gaps discovered through ongoing monitoring of all information security controls and implement enhancements to security controls
- Develop security, risk and compliance reports
- Lead the annual PCI attestation and coordinate meetings with internal and external stakeholders and gather evidence
- Participate in the yearly review of policies and procedures to support information security, risk and security compliance activities
- Participate in annual cyber insurance renewal process with risk team
- Perform or coordinate internal security assessments, vulnerability scans, and assess organisation cybersecurity maturity, complying with frameworks and regulations such a NIST (800-53 cybersecurity), ISO, ITIL, PCI, GDPR, CCPA and other data privacy and security standards regulations