Regulated Business are looking for an Information Security Risk & Compliance Analyst for an initial 3 month contract to run the Information Security processes and risk management methodology. This will report to the Head of Security GRC and be part of a company wide IT Transformation. This role will also look at Enterprise Risk Management and will need the consultant to have worked within operational risk as well.

Please note this role is inside IR35 and requires going to the office 1 day a week in Watford.

THE ROLE

The Information Security Risk & Compliance Analyst will be delivering:

• Run the Information Security Risk Management processes, according to the firm s risk management methodology,


• Maintain and update risk registers, risk acceptances and Enterprise Risk Management reporting


• Conduct regular monthly and quarterly key controls testing and reporting


• Plan and conduct tests of security controls to mitigate and monitor risks and validate the effectiveness of security controls


• Support the conduct of internal and external audits


• Help support the wider Information Security team on initiatives and activities, as needed.

YOU

The Information Security Risk & Compliance Analyst will have prior experience of:

• Worked in an Information Security Risk & Compliance focused role in a Regulated Environment


• Have experience of Operational Risk and Entreprise Risk Management


• A good understanding of risk management best practices including risk treatment, risk acceptance and risk metrics.


• Good understanding of Information Security Controls


• Strong stakeholder management experience


• Have knowledge of ISO27001 and PCI-DSS

For more information please reach out to Lauren Stutz at La Fosse lauren.stutz@lafosse.com