Information Security Compliance Analyst

What will you be doing

Were seeking a talented individual to join our team in Liverpool which is responsible for the execution of day-to-day information security risk management activities and the enhancement of the overall effectiveness and efficiency of the information security risk management capabilities across the Evelyn Partners Enterprise.

You will play a crucial role in ensuring our organisations compliance with information security standards and frameworks particularly Cyber Essentials ISO 27001 and NIST Cybersecurity Framework (CSF) v2.

As Information Security Compliance Analyst your responsibilities will include among others:

• Define develop and maintain security best practice by implementing technical standards policies and processes and providing expert advice to stakeholders to ensure regulatory and legal compliance.
• Drive continuous improvement of the security posture through internal and external cybersecurity collaboration actively contributing to industry and partner engagements.
• Prepare and present clear actionable security reports including risk metrics trends findings and ratings to inform decisionmaking by senior stakeholders.
• Lead information security risk management activities including risk assessments control reviews residual risk evaluation and recommending mitigating actions; maintain and manage the security risk register.
• Identify and assess emerging and existing information security risks using internal sources (e.g. audits penetration tests) and external intelligence (e.g. threat feeds industry advisories) ensuring risks to confidentiality integrity and availability are effectively managed.
• Support compliance and engagement initiatives by managing ISMS activities audits certifications (e.g. ISO 27001 Cyber Essentials NIST CSF) and working closely with internal teams and security partners to embed a strong riskaware security culture.

Qualifications :

To be successful in this role you should: 

• A minimum of 3 years experience in an Information Security based role dealing specifically with governance risk and compliance areas and undertaking information security in both a waterfall and an agile context.
• Prior experience writing Information Security related Policies Processes and Procedures.
• Experience managing internal and third-party vendor risk assessments and writing risk assessment reports.
• A record of accomplishment of effectively analysing security controls while understanding the risk of certain controls not being in place.
• The ability to effectively communicate security risks and impact to various business (often non-technical) stakeholders while working proactively pragmatically and collaboratively in a fast-paced working environment balancing multiple concurrent activities.
• Experience in using standards such as ISO 27001 (Implementation Compliance Certification and audit reviews) NIST CSF and Cyber Essentials.

Desired: 

• Degree or equivalent in Information Technology or Risk Management is preferred.
• Certification in Information Security domains is preferred especially around ISO27001.
• Certification in cloud architectures is advantageous especially Microsoft Azure

Additional Information :

As a colleague here at Evelyn Partners you will have access to benefits that include:

• Competitive salary
• Private medical insurance
• Life assurance
• Pension contribution
• Hybrid working model (role dependant)
• Generous holiday package
• Option to purchase additional holiday
• Shared parental leave

We are proud to value the differences that a diverse workforce brings representative of society and our clients. At Evelyn Partners we have a wide range of highly active employee resource groups and were delivering multiple diversity equity and inclusion initiatives across the organisation. It is our commitment to provide a workspace where all colleagues regardless of identity background or circumstance feel respected as individuals and feel that they can achieve their full potential and work in a safe supportive and inclusive environment.

We are happy to make any reasonable adjustments to accommodate for your needs throughout the application process. Please let your Recruiter know.

Remote Work :

No

Employment Type :

Full-time