Information Security Governance Risk & Controls Analyst - Rothesay None Bookmark Share Print 138 0 0

Listing Description

Rothesay is a UK insurance company purpose built to protect pensions. We are the largest specialist pension insurer in the UK, managing over £60bn of assets and securing pensions for over 830,000 people. We secure pensions for over 170 pension schemes and insurers including British Airways, Post Office, ASDA, National Grid and Aegon.


At Rothesay, we are striving to transform our industry. We believe deeply in creating real security for the future and our leadership in finding new and better ways to do that is the key to our success. To do that, we need the very brightest original thinkers to bring creativity as well as rigour. Rothesay is a rewarding place to work, where quality people can thrive and prosper. We pride ourselves on the connections our people build, many of whom have been with us for over ten years.


 


Job title:                Information Security Governance Risk & Controls Analyst


Contract:               Permanent


Information Security


The Information Security team works across the business to drive business resilience and information assurance across operational, development and business teams. They’re responsible for Rothesay ’s ability to maintain the confidentiality, integrity and availability of Rothesay’s systems and maintain the reputation of the organisation.


Under the leadership of the Chief Technology Officer, Rothesay is incrementally delivering a multi-year project, Project Quest, to redevelop and modernize the full technology stack, encompassing pricing and other analytics, risk management, market data and trade capture and reporting.


Project Quest is progressing well and we are in the early stages of migrating functionality onto cloud infrastructure, which provides an exciting opportunity for the information security team to become even more closely involved in the project, including defining and implementing cloud controls, designing and establishing secure connectivity, managing identities in a cloud first ecosystem, and designing best in class security operations.


 


The Role


We are looking for an experienced Information Security GRC Analyst to join this high performing team and help deliver exceptional value to the business. The successful candidate will be working with stakeholders at all levels across the business to drive effective security assurance and working closely with the Information Security Assurance Lead.  The successful applicant will be expected to integrate into a small team and hit the ground running, picking up technologies and supporting to drive the transformation of the organisation from a compliance led to a risk focused information security practice.


 


Responsibilities:



  • Work closely with the Information Security Assurance Lead to support in the development and maintenance of an effective technology and security governance framework, supported by robust policies, standards, controls and processes utilising industry standards, regulatory requirements and considering the current threat landscape.

  • Support Rothesay’s digital’s transformation by playing a pivotal role in developing, embedding and maintaining a technology control framework to operate securely and efficiently, ensuring continuous assurance and monitoring across the environment.

  • Operate as a technology risk champion in the day to day management of the Information Technology and Information Security Risk process with focus on identifying risks and driving risk reduction and process improvements

  • Provide risk-based, accurate, practical and sound SME guidance, opinion and support to operational and strategic change initiatives, BAU activity, projects and breach and incident remediation plans

  • Support the Information Security Assurance Lead in maintaining MI, Key Risk Indicators (KRIs) relating to the security control environment and feed information across various governance groups

  • Conduct investigation on key incidents as they arise and drive the completion of relevant mitigating steps aimed at containing and recovering from the incident in order to minimise impact to Rothesay.

  • Contribute to compliance efforts across ISO22301 and IS027001 and supporting ongoing annual recertification efforts across the firm.

  • Champion information security awareness activities and focus on building a cyber-aware culture at Rothesay by regularly driving awareness on relevant cyber security themes

  • Conduct third party information security risk management due diligence activities.

  • Contribute to driving improvements across Rothesay’s BCP framework and resilience initiatives

  • Maintain reliable, up-to-date information on security trends and government regulations, especially in the financial services industry





Skills and Experience:


Required:



  • At least 2 years’ experience in information assurance or similar role

  • Must have IT Infrastructure knowledge mainly around process and controls

  • Experience or exposure to Technology and Security Governance frameworks and standards such as COBIT, NIST, ITIL, COSO, and ISO27001 is required (not all framework knowledge required, but at least knowledge of more than one is required)

  • Strong understanding of technology controls and technology risks to identify and evaluate control effectiveness and identify any potential gaps between information technology and security risks and existing controls.

  • Good understanding of various technologies such as cloud infrastructure, endpoint protection, DLP, insider threat protection and mobile device protection

  • Good knowledge of Information Security practices relevant for cloud technologies

  • Ability to develop technology and security standards and guidelines based on best practices, regulatory requirements and industry standards

  • Ability to work as part of an extended IT team with shared strategy and vision

  • Ability to negotiate with business and suppliers on matters of security

  • Organised with a proven ability to prioritise workload, meet deadlines, and utilise time effectively

  •  


Preferred:



  • Experience in conducting third-party audits / assurance is beneficial

  • Experience with ISO27001


 


Inclusion


Rothesay actively promotes diversity and inclusivity. We know that our success depends on our people and that by nurturing a culture that values difference, we create a stronger, more dynamic business. We welcome applications from all qualified candidates, regardless of race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability or age. 


 


 


Inclusion


Rothesay actively promotes diversity and inclusivity. We know that our success depends on our people and that by nurturing a culture that values difference, we create a stronger, more dynamic business. We welcome applications from all qualified candidates, regardless of race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability or age.


Disclaimer This position description is intended to describe the duties most frequently performed by an individual in this position. It is not intended to be a complete list of assigned duties, but to describe a position level.  The role shall be performed within a professional office environment. Rothesay has health and safety polices that are available for all workers upon request.  There are no specific health risks associated with the role.

Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided

 

  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided

About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Useful Links

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765

requests@ninjajobs.org
www.ninjajobs.org
Chat with us!