Responsibilities:
In this mid-level role, you will be required to: Plan, execute and lead security audits across an organization. Inspect and evaluate financial and information systems, management procedures and security controls. Provide written and verbal reports of audit findings. The role holder will be working in a small operational team and will be responsible for working cross-functionally within all departments under the guidelines provided by the Head of Risk, Information Security and Compliance to ensure that all company operational activities are continually assessed to achieve information security and efficiency throughout the business and to ensure all activities remain compliant to company policy and to all relevant legislation.
Audit:
* Performing information security internal audits and on key external service providers to ensure that all processes are in line with best practice standards.
* Provide assistance and support on all internal and external audits (e.g. ISO27001, PCI DSS, GDPR) which relate to Risk, Information Security and Corporate Governance/Compliance.
* Provide Audit Management Programmes to ensure all follow up action plans and requests are completed to ensure appropriate mitigation plans are put in place.
* Conduct analysis of network and endpoint data to identify false positives.
* Perform technical security audits on the Company IT infrastructure to ensure sensitive data is stored and processed securely (e.g. firewall, server hardening, access control, anti-virus, patch management, vulnerability assessments, incident response etc.).
* To perform ongoing cyber risk posture reviews of the business as part of the overall Risk Management system.
* Follow and document from an audit perspective the tests of the BCP and the Disaster Recovery (DR) Plan.
* To analyse, document and highlight adherence to company Information Security policies.
Risk Assessment:
* In conjunction with the Head of Department, develop and maintain the Risk Register for the Company.
* Review and update the information security risk assessment with all key areas of the business.
* Help to promote an enterprise risk culture across all areas of the business.
* Provide information security risk support on core services and during new projects implementation.
* Perform vulnerability tests, interpret and identify the risks.
* Perform risk assessments of business unit practices against selected Information Security control standards and previous audit results to identify gaps.
Requirements:
* Bachelor Degree in Computer Science, information Security, or a related discipline.
* Some specific experience may be substituted for education at the discretion of the hiring manager.
* Minimum 4-5 years' experience in audit, risk and information security.
* Knowledge of ISO 27001, and PCI DSS essential.
* Experience in at least one of the following Certifications: CISA, CRISC or CISSP.
* Presentation and communications skill essential
* Ability to work in Team environment.
* Experience of working within a changing and high-performance environment.
* Ability to work with staff at all levels effectively.
Morgan McKinley is acting as an Employment Agency in relation to this vacancy.
Please note that any references to salary or pay rates in this advertisement and in the salary refinement section are indicative only and should only be used as a guide.
Email me jobs like this
