('binary' encoding is not supported, stored as-is)
---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Information Assurance Analyst
Location: Information Risk Analyst, , United Kingdom
Type: Permanent F/T
Closing Date: 2008-06-29
Information Risk Analyst
Reference No. 308
Company Financial
Location London
Salary £50,000 - £60,000 depending on experience
Package Banking Benefits Package
Start Date ASAP
No. Required 1
The Role
Background to the appointment
The role is part of the Technology Risk Management (TRM) organisation, comprising of 5 teams:
Risk Management
Access Control
Information Security
SDLS/PQA
Chief Administrators Office
This role will be part of the Risk Management organisation and has responsibility for:
Network Security Assessments
Application Security Assessments
Service Provider Management (SPM)
Application Catalogue
The Information Risk Analyst role will be based in the City of London offices. The UK team have Primary responsibility for Application Security Assessments and Network Security Assessments in the EMEA region. They also support the US teams who are responsible for Service Provider Management and the Application Catalogue.
The position reports to the Head of the International Assessments
The role of the Information Risk Analyst is described as follows:
To ensure the integrity and reliability of corporate data and systems, through appropriate technology risk assessment. This includes involvement in business and IT projects to ensure that appropriate controls are built in from the earliest stages.
In addition to these areas, the team is also engaged in general Information Security Consulting to the EMEA businesses. We also act as an interface between the Service Provider Management and Application Catalogue Assessment teams and the EMEA businesses.
Range of Activities (Proportionally more than 5% of Time)
Application Security Risk Assessment (approx. 50%)
Completes Application Security Risk assessments for new and changed applications in accordance with the Application Security Risk Assessment Processes, Policies and procedures.
Works with the Business and Technology teams to identify security issues and agree corresponding actions to accept or mitigate the risks.
Tracks issues and agreed actions to completion. Escalating issues to the head of International Assessments where necessary.
Network Security Assessments (approx. 15%)
Assessing any significant network changes – such as new offices connecting to the corporate network. Working with the technology teams and Information Security Teams to ensure that risks are appropriately managed.
Includes review of firewall change requests as and when they arise. Identifying any security issues and working with the network team, project team and/or the line of business to agree changes.
Annual Firewall Rule Review (approx. 10%)
Completing holistic firewall rule reviews to identify misconfigurations, unapproved changes, high risk rules etc and to ensure compliance with company policy. This is currently a structured but manual process. This process will be automated in 2008 and we will be consulting on that project.
Service Provider Security Reviews (approx. 10%)
Working with the business to assess the security of critical third parties that we place reliance on. Particularly where those third parties are processing personal or transactional data. Working as subject matter experts
Legal Entity Security Reviews (approx. 10%)
Completing security assessments to ensure that they comply with company policy and best practices. Identifying any issues, agreeing actions and tracking those actions through to conclusion.
Application Penetration Testing (approx. 10%)
Working with our approved supplier and business contacts to organise and complete annual application penetration testing of key applications. Tracking of issues through to an appropriate conclusion.
Experience
This is a ‘hands off’ role – the successful candidate will have no responsibility for actually carrying out security changes such as adding users, changing firewall rules etc. IT and others carry out changes under the supervision and instruction of TRM where relevant. However, a certain level of knowledge is required when working with technicians to know what is required, possible and achievable in technical areas.
A successful candidate must have…
• Strong experience in an Information Security or IT Audit role.
• A professional qualification, relevant to Information Security
• A thorough understanding of Risk Assessment approaches and methodologies.
• A good understanding of normal network infrastructure such as firewalls, switches, routers, LANs, etc., particularly how to secure and control such technologies.
• Experience of formal document creation, such as the creation of policies and standards, report writing or procedures.
• Experience of carrying out risk reviews, technology audits or other similar work.
• Thorough understanding of the ISO 2700X series of standards and guidelines
• Strong MS Office skills
Some or all of the following will be of advantage…
• Checkpoint Firewall-1
• CISCO PIX
• Juniper NetScreen
• URL Filtering Products (such as SurfControl)
• Project Portfolio Manager
Knowledge or practical experience of the following solutions or comparable offerings
• Tufin Operations Management
• Archer Technologies Risk Management Solutions
Other professional qualifications/memberships, relevant to Information Security (Institute of Information Security professionals, CISSP, CISA or QICA).
Competencies
Organisational Skills
Able to co-operate and work well with others adopting an approachable style. We work closely with a large and diverse set of suppliers and customers.
Must be rigorous and thorough – especially when logging and tracking issues through to conclusion
Candidate must be able to manage their own workload and run several tasks concurrently so as to meet realistic targets and priorities set in conjunction with management.
This is especially important because we work in an environment where priorities can change quickly and with little prior warning.
Motivation
Demonstrate a high level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business.
Works well under pressure
Demonstrates a calm professional approach, with a good understanding of time constraints and the need to escalate/inform departmental management as appropriate.
Flexibility and Adaptability
Adapts personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done.
It is critical that this person adapts to changes in the organisation and job responsibilities and displays a positive attitude.
Customer Focus
Must be able to see the customer perspective, i.e. from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits.
Communication Skills
Able to express clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate.
Documentation must be professional, well structured and presented and require the minimum management review and revision. This is especially important.
Good at listening and analysing a situation or the information provided.
Teamwork
Works well with others or individually. Supports the development of the team as a whole, places team before personal interests.
Interpersonal Skills
Shows respect for others and recognises their concerns and interests.
JOB REQUIREMENTS
---------------------------------------------------
Please note that in order to apply for any vacancy in the UK, you will need either a valid EC Passport or valid Work Permit enabling you to work in the UK.
CONTACT
---------------------------------------------------
Information Security Solutions
Iain Sutherland
iain_at_InformationSecuritySolutions.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
Received on May 30 2008
Intro
