Information Security Analyst - GRC
Who We're Looking For
We are looking for an Information Security Analyst to join our Security team. You will be responsible for providing advice and guidance to the business on minimising the impact of potential threats to the network or assets, working with project managers and solution architects and advising on security throughout the lifecycle of projects and liaising with potential or current suppliers to evaluate their information security levels.
What You'll Do
Access Control Management
- Assist with maintaining the effectiveness of RBAC
- Monitor and support the permissions escalation process
- Contribute to the production of MI for senior management
- Complete regular reviews of operation documentation to ensure currency
- Reconciliation of critical application access tickets. Where anomalies are found that cannot be satisfactorily explained they will be escalated to the Information Security Manager
- Identify and escalate risks identified around access management
Run the recertification process
- Run the quarterly for recertifications of key business systems.
- Maintain accurate reporting and documentation on the process
- Work with line mangers to ensure timely completion and escalate as appropriate.
Management of the movers / leavers process
- Assist with and monitor the revocation of leavers access on receipt of leaver data
- Review mover access to ensure compliance with policy
Work with Vendor management to manage the take on of new applications
- Work with vendor management to onboard new and changed applications into access control, RBAC management and access reconciliation including documentation.
- Assist in identification of toxic combinations
- Assist in audits
- Contribute to security incident management
- Help maintain the infosec intranet
The Knowledge, Experience And Qualifications You Need
- Ideally 2 years of information security experience related to identity and access management
- Experience with recertifications
- Working knowledge of common identity solutions.
The Knowledge, Experience And Qualifications That Will Help
- CISA, CISM, CRISC, CISSP or similar certification
- Financial services experience a plus