Information Security Analyst

Purpose of the role:
The Information security analyst, a dedicated and skilled professional, collaborates with teams to design and implement security systems that protect the computer network. With a keen eye for detail, they ensure that the security systems are effective in safeguarding against cyber-attacks. As an information analyst for security, they strive to set and maintain the highest security standard possible. Whenever security threats or violations occur, the analyst conducts a thorough analysis to determine the best course of action. In addition to their analytical skills, they also have technical expertise and can install firewalls and data encryption programs to create a protective layer around sensitive information.

**This position will be accountable for**:

- Evaluation of compliance with programs and processes to mitigate cybersecurity risk and ensure protection of company and allied assets and information
- Implementing and maintaining governance, risk and compliance (GRC) processes
- Performing security and compliance assessments on new and existing systems, processes, technology
- Attending disaster recovery and business continuity planning sessions to understand integration with information security governance, risk and compliance elements
- Performing analysis and documentation of assigned business and technical processes
- Continuously learn about potential improvements to the security framework, methodology, standards, and system of internal controls
- Gather and evaluate information, including to support Auditors, Regulators, and compliance partners
- Perform tests, to evaluate the design and effectiveness of key controls as is necessary for compliance
- Identification of control deficiencies in the design and operating effectiveness of information security controls
- Participating in the establishment and implementation of information security audit and assurance planning and scheduling
- Conducting formal information security risk analyses, reviews, tests, audits and/or self-assessments
- Working with relevant stakeholders to close out on audit findings and identified risks
- Participating in IT controls and compliance testing activities and/or audits
- Performing technical configuration of industry leading GRC tools through skills acquired on-the-job and specialist course offerings
- Ensure cyber security policies and procedures are communicated to all personnel and that compliance is enforced
- Supporting operation and administration of systems for information security and IT
- Reporting on information security risks as and when required

**Knowledge, skills and attributes**:

- Sound knowledge of information security risk management frameworks and compliance practices
- Knowledge of securing network technologies, client, and server operating systems
- Knowledge of security standards and guidelines based on best practices and industry standards
- Interpersonal, communication, and presentation skills, including formal report writing skills
- Understanding of common security standards and regulations, as well as cybersecurity frameworks (e.g., ISO2700x, NIST, CoBiT, BCM, ITIL, GDPR, ITAR, SOX, etc.)
- Ability to manage and prioritize tasks and activities
- Ability to quickly learn and work with technologies related to governance, risk, and compliance
- Proficiency with Microsoft Office (e.g., Outlook, Word, Excel, PowerPoint, etc.)
- Able to consistently deliver quality work products
- A team-focused mentality with the proven ability to work effectively with diverse stakeholders
- Ability to work under pressure while maintaining a professional image and approach

**Education and training**:

- Bachelor’s degree in Computer Science, Information Technology or related and/or equivalent
- Information security related training or certifications such as CISSP, CISM, CISA or CRISC

**Experience**:

- At least 5-6 years’ experience in a similar position (IT security, risk management or GRC), progressing through other career levels
- Experience of dealing with relevant stakeholders, managing expectations in the pursuit of improved information security
- Working experience as a business analyst or a keen interest in business operations
- Experience with common industry guidelines (such as CIS)