IT Security Risk and Compliance Analyst

Job Title

IT Security Risk and Compliance Analyst

Job Description Summary

Job Summary
The IT Security Risk & Compliance Analyst is responsible for managing daily security operations, supporting cross-regional initiatives, and ensuring compliance with internal and external security standards. The role involves collaboration with various teams, including Legal and Service Lines, and participation in vendor and client security assessments. The analyst also contributes to security awareness, governance, and continuous improvement of the organization's security posture.

Job Description

Job title: IT Security Risk & Compliance Analyst

Organizational unit: Technology and Data Solutions

Primary purpose of the job:

• Manage day-to-day Business as usual security initiatives, ensuring deadlines, timelines, and set processes are managed and met throughout the year.
• Work with Regional Security Leads to ensure that cross-region activities are followed through and completed
• Collaborate with Service Line organizations and Legal in reviewing specialized training needs and requirements that are documented.
• Work with and manage security service desk L4 concerns.  Initiate and shepherd swift remediation action to resolve issues.
• Capture information risk metrics into a central repository, analyse the metrics and ensure they are meaningful and tell the true story of the GISO operations.
• Determine, measure, and agree on actions to ensure that the C&W GISO is looked up to as a world leader and innovative in its methods
• Lead in various security awareness activities and other initiatives as needed such as managing the security trainings and report the results to the management, participating in phishing campaigns.
• Perform vendor security assessments to ensure vendors meet internal information security requirements and help monitor them.
• Completes client security assessments and participates in client audits ensuring that internal information security requirements satisfy client needs.
• Take part of the implementation of new tools as well as seeking for new opportunities to improve the maturity of the client and vendor security programs.
• Support the continuing embedding of the Information Security Risk Framework and processes.
• Ensure information security governance and processes align with the wider program of information security processes and that they operate effectively.

Qualifications (education) required for filling the position

• Degree or equivalent work experience in computer science, information systems, or related field

Other professional qualifications required for filling the position:

• 2-3 years of experience in one or more domains of information security such as vendor risk management, security governance, security operations, etc.
• Experience and thorough understanding of IT risk and compliance standards and industry best practice frameworks such as ISO 27001 / 2, NIST CSF, NIST SP800-53, CCSK
• Ability to collaborate with business and IT partners in task management and project coordination.
• Large multi-national company experience preferred. 

Foreign language skills required for filling the position:

• English (Fluent written and oral competency)

Required skills for filling the position:

• Excellent planning and organizational skills to coordinate risk assessments, reporting, control, and assurance activities.
• Attention to detail and a track record of delivering high-quality reports of accurately presented data in a meaningful and appropriate way.
• Exceptional interpersonal skills to successfully communicate with stakeholders by phone, in documentation, via email, and in meetings and workshops.
• Strong communication and stakeholder engagement skills with the ability to influence and adapt the approach as required at all levels.
• Solid understanding of how an information security organization function.
• Able to analyse large amounts of information to deliver succinct, clear messages.
• Able to manage own time effectively and show judgment on prioritizing tasks, working on activities concurrently when required, and demonstrate flexibility to changing requirements, often at short notice.
• Team player.
• Competent in Microsoft Excel, PowerPoint, and SharePoint.

Clause:

The tasks, responsibilities, and related administration obligations included in this job description are not described in full, they may be supplemented to reflect the general and job-specific professional habits.

The holder of the job must perform lawful instructions of the line manager and occasionally also perform tasks that do not fall within the job.

INCO: “Cushman & Wakefield”