Information Security Risk Analyst
Posted a month ago
- South East London
- Any
- External
- Expires In 2 months
Information Security Risk Analyst
Location:
Hybrid - London
Package:
Negotiable + Benefits
The Information Security Risk Analyst III at Brown & Brown is responsible for analysing information security controls both within our organisation and with third-party entities. This analysis aims to identify and assess associated information security risks, and effectively communicate these findings to the business stakeholders. This role requires a thorough understanding of information security principles and practices, as well as the ability to evaluate complex systems and processes. The Information Security Risk Analyst III plays a crucial role in safeguarding our organisation's information assets and maintaining a strong security posture.
The day to day:
research and analysis to handle inbound cybersecurity inquiries from company’s third parties.
research and analysis related to vetting new or potentially new third parties.
recommendations for communicating identified security risks of new or potentially new third parties.
track, monitor, and investigate potential information security incidents reported by company’s third parties.
and analyse third party risk including documentation.
guidance in identifying, evaluating, and developing processes and procedures that are effective; meet information security standards and requirements, and follow information security policies and regulations.
reporting and analysis to monitor and communicate information security risk activities
best practices and recommend how to improve current practices and monitoring.
complex inquiries from business partners and third parties (e.g., RFPs, Information Security questionnaires, Contract reviews, etc.).
small to medium Information Security Risk Management project initiatives.
and maintain dashboards, reports, metrics, and trending data related to information security.
a strong understanding of information security fundamentals
working with ticketing systems (ex. Remedy, Service Now)
to assess information security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
to identify cybersecurity and privacy issues that stem from connections with internal and external
About you:
Degree (Cyber security or related field), relative Information Security certification, and extensive related experience.
Information Systems Security Professional (CISSP), or related certification.
and understanding of controls related to COBIT, HITRUST, SOX, PCI, HIPAA, and other regulations.
to review Service and Organization Controls (SOC) reports to confirm expected business and partner controls are implemented.
of risk management processes (e.g., methods for assessing and mitigating risk).
of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
of cybersecurity and privacy principles.
of organisation's enterprise information security architecture.
of Security Assessment and Authorization process.
of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
The rewards:
negotiable basic salary and all the normal benefits you’d expect (Holiday, company pension etc.)
collaborative, open and honest environment that is designed to deliver the best outcomes to our clients and staff
flexible working methodology to enable you to be where you need to be, if you don’t need to be in an office then don’t, if you want to be in an office your welcome to use one.
environment built around supporting and developing our staff with funding available for relevant professional qualifications.
Location:
Hybrid - London
Package:
Negotiable + Benefits
The Information Security Risk Analyst III at Brown & Brown is responsible for analysing information security controls both within our organisation and with third-party entities. This analysis aims to identify and assess associated information security risks, and effectively communicate these findings to the business stakeholders. This role requires a thorough understanding of information security principles and practices, as well as the ability to evaluate complex systems and processes. The Information Security Risk Analyst III plays a crucial role in safeguarding our organisation's information assets and maintaining a strong security posture.
The day to day:
research and analysis to handle inbound cybersecurity inquiries from company’s third parties.
research and analysis related to vetting new or potentially new third parties.
recommendations for communicating identified security risks of new or potentially new third parties.
track, monitor, and investigate potential information security incidents reported by company’s third parties.
and analyse third party risk including documentation.
guidance in identifying, evaluating, and developing processes and procedures that are effective; meet information security standards and requirements, and follow information security policies and regulations.
reporting and analysis to monitor and communicate information security risk activities
best practices and recommend how to improve current practices and monitoring.
complex inquiries from business partners and third parties (e.g., RFPs, Information Security questionnaires, Contract reviews, etc.).
small to medium Information Security Risk Management project initiatives.
and maintain dashboards, reports, metrics, and trending data related to information security.
a strong understanding of information security fundamentals
working with ticketing systems (ex. Remedy, Service Now)
to assess information security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
to identify cybersecurity and privacy issues that stem from connections with internal and external
About you:
Degree (Cyber security or related field), relative Information Security certification, and extensive related experience.
Information Systems Security Professional (CISSP), or related certification.
and understanding of controls related to COBIT, HITRUST, SOX, PCI, HIPAA, and other regulations.
to review Service and Organization Controls (SOC) reports to confirm expected business and partner controls are implemented.
of risk management processes (e.g., methods for assessing and mitigating risk).
of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
of cybersecurity and privacy principles.
of organisation's enterprise information security architecture.
of Security Assessment and Authorization process.
of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
The rewards:
negotiable basic salary and all the normal benefits you’d expect (Holiday, company pension etc.)
collaborative, open and honest environment that is designed to deliver the best outcomes to our clients and staff
flexible working methodology to enable you to be where you need to be, if you don’t need to be in an office then don’t, if you want to be in an office your welcome to use one.
environment built around supporting and developing our staff with funding available for relevant professional qualifications.
.webp "Apply4U | Sign Up")
.webp "Apply4U | Contact Us")
.webp "Apply4U | Sign up")
