---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Sr. Security Analyst
Location: London, , United Kingdom
Type: Permanent F/T
Closing Date: 2007-10-12
Purpose:
The Information Security function reviews IT applications and infrastructure to
ensure adequate levels of security are employed, in line with an acceptable
level of business impact for the information they contain. There are several
risk analysts who are charged with conducting these reviews to the agreed
service levels. This role is for the most senior risk analyst who will be
expected both to conduct some of the more sophisticated reviews, as well as to
provide assistance and counsel to some of the other analysts.
Key Responsibilities:
Undertaking risk assessment of key IT systems and business processes,
identifying risks and recommending mitigation strategies to address these. This
will include assessing risks leading to reputational damage, financial loss,
regulatory non-compliance and legal exposure.
Identifying key IT systems and business processes requiring risk assessment
both in London and potentially in regional locations, and
notifying/coordinating risk assessments undertaken by colleagues in regional
locations.
Managing the risk assessment workload, prioritising based on business
criticality, technology employed and data sensitivity, and communicating the
associated timescales to IT and business managers.
Attending (and if necessary arranging) regular meetings with IT Project
managers and key managers. Obtain application and system development pipeline
information, and use to assist prioritisation of the risk assessment workload.
Being a point of contact for Information Security issues relating to the local
operational risk team.
Assisting development and support teams in providing pro-active guidance,
instruction and assistance in ensuring that new products meet or exceed the
bank or regulators controls requirements
Reviewing proposed global security policies and ensuring that there are no
legal or regulatory issues local to the UK that might impact on policy
proposals. As required, contributing to policy development.
Taking ownership of the periodic policy refresh and recertification process to
ensure that policy is kept up to date. This does not necessarily mean that the
holder of this role is required to perform significant policy development, but
rather that this role be aware of what policy development is required.
Feeding back into the policy development process reaction and issues arising
from risk assessments and capturing new developments within forthcoming policy
and risk assessments.
Passing on developments discovered through risk assessment in London to
colleagues in regional locations.
Managing the risk assessment resources, including online tools, policy links,
websites and links to policy.
Liasing with other control functions within the bank, such as Audit,
Compliance, Legal and HR, to coordinate a standardised approach consistent with
published policy.
Contributing, as required, to IT Security awareness within the bank, through
awareness campaigns and occasional delivery of the IT Security induction.
Reviewing and updating all existing training material, as required.
As required, providing ad-hoc consultancy when IT security is specifically
sought out for advice. This consultancy will normally relate to policy and risk
analysis related issues.
Assisting development and support teams by providing pro-active guidance,
instruction and assistance towards ensuring that new products meet or exceed
the bank or regulator’s controls requirements
Providing audit and operational risk reporting on a local and as required
global basis
Working with the infrastructure teams to ensure that policies, procedures and
audit findings are being actively managed
Identifying and assisting in the management of areas of legal risk to IT
Required Skills and Experience:
A Graduate with preferably at least three years experience of the Financial
Services industry.
Understanding of security administration and audit: controls and techniques
Understanding of risk analysis methodologies and techniques.
Knowledge of CRAMM, SPRINT, SARA (at least one)
Knowledge of BS7799, ISF Standard of Good Practice, COBIT, Sarbanes Oxley etc.
Awareness of various technologies including:
Networks and firewalls
Windows, Unix and Linux
Intrusion detection techniques
JAVA, C# and .NET applications
Internet security
Wireless and VoIP
Encryption and digital certificates
Knowledge of the latest physical and technical risks facing Investment Banks
and IT.
Awareness of hacking techniques and counter measures, e.g., types of DoS
attacks, buffer overflow attacks etc.
Experience of working with IT developers and IT users as well as business users
ideally within the banking sector.
Excellent oral and written presentation skills.
Experience in writing security administration documentation
Knowledge of regulatory procedures and processes is strongly preferred.
JOB REQUIREMENTS
---------------------------------------------------
Candidates must be eligable to work in the UK when applying
CONTACT
---------------------------------------------------
Information Security Solutions
Iain Sutherland
iain@InformationSecuritySolutions.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
