Join our growing Information security and Compliance team, we are looking for a Risk Analyst.
WHO ARE WE?
Our success over the last 25 years and our ongoing growth can be attributed to our people and our strong culture. Culture and engagement really are part of our DNA here at Creditsafe and we take pride in making Creditsafe a great place to work. It’s important to us that people can be themselves, feel a sense of professional and personal growth and feel part of a global community. We offer a varied range of benefits that support a good work-life balance, including a hybrid approach to work, which enables you the flexibility needed to thrive.
THE TEAM
Creditsafe’s Information Security and Compliance team are motivated by protecting company reputation, safeguarding existing revenue, and supporting the generation of future revenue. We realise that security can often be misunderstood so our approach is enabling new and existing customers to interact with our products and services, and we pride ourselves on balancing a positive security culture with a robust control environment. Our responsibilities include setting security policies, educating users on good security practices, managing security risks, and auditing our security posture. We interact with various teams, both internally and externally, and we aim to be as helpful and supportive as possible. Outside of security we’re passionate about a combination of sport, music, coffee, dogs, and memes.
JOB PROFILE
Your primary role will be to support the Information Security Risk Manager (ISRM) in strengthening Creditsafe’s ability to manage information security risks across our global operations. This will include working with risk owners and information asset owners to support them in the implementation of mitigating actions to reduce information security risk to an acceptable level. Key elements of the role include supporting the ISRM in educating stakeholders across all Creditsafe entities and creating awareness of information security risks and the subsequent controls which are underpinned by the Risk Management and Information Asset Management Frameworks. You will be working closely with the ISRM in aligning all Creditsafe entities with the ISO27001 standard to support future certification, as well maintaining certification.
KEY DUTIES AND RESPONSIBILITIES
- Support the information security risk management process
- Ensure risk actions are monitored and tracked using the action tracker
- Support the ISRM in the implementation of ISO2701, the Risk Management Framework and Information Asset Management Framework across all entities
- Update the Risk Register and Information Asset Register with any changes and/or updates
- Support the expansion of any new certification programmes across the business
- Work with the business and technical functions to align policy to practice and vice versa
- Set up regular risk and information asset workshops to support stakeholders in mitigating outstanding risks and issues
- Work with Information Asset Owners to support them in ensuring their assets are aligned to the appropriate policy and frameworks.
- Monitoring and performing ongoing assessment of risks, policy non-compliance and control gap remediation
- Support the ISRM in the implementation of any new risk management methodologies across other areas of the business
- Supporting the assessment of controls and processes against Creditsafe’s information security standards (e.g. ISO27001) whilst measuring effectiveness, and reviewing documentation of information security controls in relation to information security risk and asset management
- Delivering assessments of information security risks to confidentiality, integrity, and availability in accordance with business impact, risk appetite and organisational policies.
- Support the information security within the Creditsafe supply chain focussing on supplier due diligence and process improvement.
The above responsibilities are not exhaustive, and you may be requested to perform additional duties / take on additional responsibilities deemed as reasonable by your line manager
SKILLS AND QUALIFICATIONS
- Practical knowledge of information security risk management and control assurance methodologies and frameworks
- Thorough understanding of information security concepts, protocols, industry best practices, strategies, frameworks, and regulations (e.g., IS027001, NIST, PCI-DSS)
- Pragmatic approach to problem solving and issue resolution
- Excellent written and verbal communication skills (presentations and documentation)
- Effective stakeholder relationship building and management skills
- An understanding of IT principles and an ability to communicate technical concepts effectively to a varied audience
- Ability to use proactivity and initiative to be accountable for your own workload
- Ability to assess problematic situations to identify causes, gather and process relevant information, generate possible solutions, and make recommendations and / or resolve the issue
- A willingness to share knowledge and mentor other team members while improving communication among employees
Desirable
- Information Security Certification (CISMP, CISM, CRISC, CISSP etc)
- Technical Certification (e.g., AWS Fundamentals, AWS Cloud Practitioner, Azure Fundamentals, Microsoft Security Operations Analyst, Microsoft Security Engineer)
- Experience of full M365 E5 Security and Compliance suite
- Degree in Computing Science, Cyber Security, related subject, or relevant commercial experience
- Previous experience in a large, financial services organisation
BENEFITS
- 25 Days Annual Leave (plus bank holidays).
- Healthcare & Company Pension.
- Cycle to work and Wellbeing Programme.
- Global Company gatherings and events.
- E-learning and excellent career progression opportunities.
- Plus more that can be found on the benefits section on the Careers page, https://careers.creditsafe.com/gb/