Cyber Security Risk - CISSP/CRISC (Reading/remote)

Cyber Security Risk Analyst (CRISC/CISSP)

GBP45-62K - Reading - Fleible working, hybrid working model (remote/on site)

Our client is seeking an experienced Cyber Security Risk Analyst with strong experience in control assessment and management.

The Position:

• You will be responsible for monitoring the baseline security controls throughout the organisation
• Reporting on exceptions as well as assisting in identifying control enhancements and ensuring implemented controls are providing risk mitigation within the wider business and security.
• Responsible for ensuring the Information Security Management System (ISMS) documents are kept up to date, reviewed and new documentation created as required, you'll also provide support on driving cyber risk awareness across the organisation and increasing the baseline security controls in line with the risk.
• Design, coordinate, oversee and execute regular and adhoc security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified control failures.
• Assist in designing security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
• Provide support and guidance for legal and regulatory compliance and audit remediation
• Consult with business units to support the development, planning and implementation of security controls for network, distributed and cloud security systems
• Report to management concerning control failures, vulnerabilities and other security exposures, including misuse of information assets and noncompliance

Your Background:

As a Cyber Risk and Information Security professional, you'll have advanced education in computer science, information systems or other related field alongside a good level of work experience in control assessment and management. You'll ideally have professional security management certification, such as a Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP) or similar supporting credentials.

- Knowledge and understanding of information controls concepts and principles, as a means of relating business needs to security controls

- In-depth knowledge of control assessment methods and technologies.

- Proficiency in performing control, business impact and vulnerability assessments.