Looking for a Security governance audit and compliance role with a company that has a motivating and supportive culture? IntaPeople is working with a Swansea-based tech company to expand the Cyber Security team with a Senior Security Analyst. Ideally, you will have experience in embedding a culture of information security within the daily operation of a business.

About you

• We’re looking for organised individuals with a background in governance and regulatory compliance within the insurance sector. Experience with audits and ISO27001 is preferred
• You’ll have a strong understanding of IT Risk Management, having lived in the governance world doing reviews of contracts and security due diligence.
• An understanding of business continuity or operational resilience would be beneficial.
• You’ll be a self-starter, proactive, inquisitive and driven.

About the role:

• The main focus of the role is to support the management of activities within the team, ensuring that deliverables are met.
• Work as part of a small team to support the Information Security Manager in the development and maturation of the Information Security function working within the Technology Services department, sitting alongside specialist Governance, IT Security & technical staff.
• You will contribute to Regulatory Compliance, IT Audit Governance, IT Risks and provide key subject matter resource for the Technology GDPR deliverables.
• As a member of the IT Governance team, you will be responsible for helping to embed a culture of Information Security within the day-to-day operations of the department, ensuring the Confidentiality, Integrity and Availability of the services provided to the enterprise.

What does this role look like day to day?

• Leading and performing information security assurance reviews for the core business and group activities, as well as third parties.
• Leading all internal IT audits.
• Lead the IT aspects of the annual Group audit and manage the IT Risk Management program, in line with corporate governance requirements.
• Producing high-quality reporting tailored to the target audience.
• Provide support to the Information Security Forum. Produce monthly packs and participate in the delivery of the meetings.
• Produce management dashboards and regularly report to the Information Security Manager to ensure timely and accurate delivery of the aforementioned duties are undertaken to achieve successful operational performances.
• Deputise for the Information Security Manager at internal and external meetings.
• In the absence of the Information Security Manager, lead the team to make decisions relating to Information Security in order to respond to a variety of demands.
• Contribute to security-related initiatives such as Internal and External Information Security Audits and Vendor Management processes.
• Provide guidance and assist business stakeholders with Informational Security enterprise.
• Contribute to the future Information Security & IT Governance strategy.
• Assist to drive and mature the implementation of ISO27001 ISMS and its ongoing maintenance and related activities such as internal audits and evidence exercises.
• Recommend and implement changes in security policies and practices in accordance with legislation.
• Assist with team development and communicate enterprise-wide information security-related metrics and reporting to all levels, including risk assessments, information security policy/standards approvals and exceptions, and supplier security assessments.
• Keep abreast of industry trends, emerging controls, and legal and regulatory changes; particularly FCA, Lloyds, PCIDSS, GDPR and participate in industry forums to ensure compliance with Information security trends and standards.

The experience required

• Knowledge of information security practices and procedures with minimum 3 years experience in an Information Security / IT Governance role.
• Strong Experience with PCI DSS, ISO27001.
• Strong GDPR compliance knowledge.
• Ideally holds certification in one of the industry standards – CISMP, CISA, CISM, GDPR Practitioner, Certified ISMS Risk Manager.
• Ability to produce management information and reports to an agreed schedule or upon request.
• Proven presentation and communication skills with multiple levels of an organization, including interaction with senior-level business partners within the company.
• Strong influencing and relationship management skills – the capability to build and maintain Customer/Supplier relationships.
• Proven ability to manage multiple high-priority tasks / competing priorities and flexibility to adjust to changing requirements, schedules and priorities.
• Self-driven and resourceful to achieve goals independently as well as work well in groups.
• Leadership and/or Mentoring experience

About the benefits:

• 25 days holiday, plus 8 public holidays
• Company pension scheme
• Annual pay reviews
• 12% Bonus
• Development opportunities and additional training

What next?

‘Apply Now’ to be considered or contact Kim for a confidential chat on k.gibbons@intapeople.com