iO Associates are currently looking for a senior IT Security & Service Assurance Analyst for a reputable organisation. The successful candidate will be responsible for developing, managing and maintaining the IT risk assurance control framework which includes IT policies, controls, guidance and best practices aimed to reduce operational risk for the IT department.
Role: IT Security & Service Assurance Analyst
Salary: £45,000 + 5K Car Allowance + Benefits
Location: West Midlands
* Development and maintenance of the Service Assurance Framework which includes the implementation of the governance, risk and compliance framework for IT, liaising with Operational Risk, Compliance, Internal Audit and Heads of IT for DMS and V12.
* Develop a programme of key control testing and assessment to provide assurance on the adequacy and effectiveness of the IT control environment. Through the assessment process determine whether controls have been designed adequately and are operating effectively.
* Review and refine IT controls to ensure that they are appropriate to mitigate underlying resilience and residual risk
* 3rd party Supplier due diligence
* Review IT audit recommendations and agreed management actions prior to final issue to ensure that these are accurate, valid, practical and as proportionate as possible.
* Tracking of performance against audit actions to ensure that actions are implemented within the agreed dates, and that the audit actions are closed.
* Validate the IT risk appetite and tolerance with senior management and key stakeholders to ensure alignment.
* Test adherence to security policies and operational procedures by the use of a sampling approach and recording the outcomes.
* Interface with third party providers that support the IT security function
* Experience of IT security monitoring tools.
* Review and analyse security related incidents/logs/ information and either implement remedial actions or make recommendations for change or escalate.
This position is responsible for assessing and facilitating IT risk-related activities such as IT audits, compliance testing, investigations and control attestations. The position requires an ability to interpret technical standards and regulations and compare those to actual IT control practices, as well as partnering with Operational Risk to enhance the existing control environment as business conditions change.
* Minimum of 3 years IT operational, risk and security experience.
* Strong understanding of IT related industry best practices/standards such as ITIL, COBIT, ISO, NIST
* Demonstrable practical knowledge and experience of risk control frameworks and there deployment and control within an IT environment.
* Demonstrable experience of maintaining a risk register, of 1st Line risk and control assessments, including experience of 1 to 1 review sessions with 1st line departmental management.
* Presenting risk analysis and reports to management
* Hold a recognised Technology/Information Audit/Risk qualification, preferably holds one or more of the following or equivalent certifications: CISSP, CISM, CISA,CRISC, CGEIT