---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Sr. Security Analyst
Location: London, , United Kingdom
Type: Permanent F/T
Closing Date: 2007-09-30
IT Security Risk Management Compliance Analyst is a new position that has
arisen due to changes in the Security Review processes introduced by ITSRM.
The IT Security Risk Management run-the-bank (RTB) function is responsible for
ensuring that the business lines are aware of and equipped to perform their
obligations in respect of their application and system security, particularly
in the arena of application access control. To this end, ITSRM has introduced
an online system for allowing business owners to confirm their staff’s
access to the organisation’s critical applications and infrastructure.
This process requires the business areas to comply with various processes, such
as user review, process adherence, documentation appropriateness, and so on.
The ITSRM Compliance Analyst will be responsible for defining the mechanisms
for ensuring that the business areas are complying with their responsibilities
under the wider ITSRM processes, for actioning these reviews to identify
non-compliance, and ensuring that appropriate follow up actions are taken where
necessary.
In particular, the compliance review actions will include:
- Ensuring that all Business Security Contacts have completed their Security
Procedure Documentation
- Reviewing the Security Procedure documentation for applications to ensure
they are accurate and meet security policy requirements
- Re-reviewing the security documentation to ensure it remains accurate and
timely.
- Ensuring that Business Security contacts are aware of their responsibilities
in respect of the ITSRM processes
- Assisting BSCs in communicating these requirements to their application
support teams as appropriate.
- Manage and review any requests for exception from the standard procedures,
analysing any associated risk and making a recommendation on the acceptability
of the exception.
- Review and propose amendments to the current exception management process.
- Setting up a periodic process for actively assessing individual application
owners compliance to the approved management processes.
Candidates for the role of ITSRM compliance analyst will possess the following
skills:
- Excellent knowledge and appliance of user access security principles and
technologies
- broad experience in traditional technologies: UNIX and Wintel operating
systems, networking, databases
- experience of ISO 1-7799
- Proven client and vendor relation management skills, experience in the
security aspects of outsourcing and vendor management
- Excellent communication skills, both oral and written. Able to converse at
all levels of seniority.
- Ability to build and manage relationships across organisational boundaries
- A Team Player, demonstrably worked as part of a team, actively contributing
ideas.
- Proven ability in the Risk Assessment and Risk Management function, able to
differentiate between Risk Management & Risk Control
- Adaptable, flexible, self motivated, energises and motives others, results
oriented
JOB REQUIREMENTS
---------------------------------------------------
Candidates must be eligable to work in the UK when applying
CONTACT
---------------------------------------------------
Information Security Solutions
Iain Sutherland
iain@InformationSecuritySolutions.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
