Technology Risk Assurance Analyst

Let’s be #BrilliantTogether

Area of Work:

As an Information Security Professional, you will play a crucial role in maintaining and enhancing the security posture of our organization. As part of the Information Security Office, you will work closely with technology functions to identify areas of greatest risk and supporting initiatives to keep the information security and technology risk profile within appetite. This will involve implementing and maintaining security risk assurance programs, conducting risk assessments, and ensuring compliance with relevant regulations and standards. You will engage with various stakeholders to drive informed security decisions, support incident management, and contribute to the continual improvement of our information security frameworks and processes. This will include internal and external audit functions responsible for managing compliance testing of control requirements.

Responsibilities:

• Support the implementation and maintenance of the information security risk assurance program, including control requirements consistent with ISO 27000-series based on the analysis of the threat landscape, applicable policies, standards, and regulations.

• Conduct risk assessments and support reporting on material risks and other information security-related topics to boards and committees.

• Provide required evidence in audits (internal audits, regulatory audits, self-assessments, or customer questionnaires).

• Conduct ongoing and yearly review tasks regarding risk management.

• Prepare and execute assessments/testing to ensure that control requirements are effectively implemented by the first line.

• Maintain and structure technical information security documentation of IT applications and infrastructure, considering IT suppliers of products and risk IT.

• Maintain an overview and understanding of information and physical security internal and external regulatory and international standard requirements.

• Support the maintenance, further development, and continual improvement of the group’s 2nd line information security risk management framework and processes.

• Provide challenge to the 1st line of defense functions and guide counterparts in implementing, supporting, and executing the information security risk management framework and processes.

Profile:

• University degree (master or diploma) in IT, Information Security, business administration, or a comparable education.

• At least five years of professional experience in IT and information security performing external audit/internal audit/second line assurance/implementation.

• Proven knowledge of common security frameworks and standards such as ISO 27001, SOC, SSAE and professional certifications (e.g., CISA, CISM, CISSP, CEH, or CIA).

• Strong analytical skills to understand, structure, and explain complex topics.

• Strong interpersonal skills, organizational talent, and the ability to work under pressure with a focus on clarity and integrity.

• Effective communication and report-writing skills.

• Proficiency in written and spoken English.

#LI-TG1 #STOXX

What you can expect from us

Our people are the moving force behind ISS STOXX. We are dedicated to hiring the best, most talented people in our industry and empowering them with the resources and support to enhance their career, health, financial and personal well-being. 

We are committed to fostering, cultivating, and preserving a culture of diversity and inclusion. We are invested in our people and are working every day to ensure a diverse, equitable, and inclusive workplace.

Let’s empower, collaborate, and inspire one another. 

Let’s be #BrilliantTogether.

About ISS STOXX

ISS STOXX GmbH is a leading provider of research and technology solutions for the financial market. Established in 1985, we offer top-notch benchmark and custom indices globally, helping clients identify investment opportunities and manage portfolio risks. Our services cover corporate governance, sustainability, cyber risk, and fund intelligence. Majority-owned by Deutsche Börse Group, ISS STOXX has over 3,400 professionals in 33 locations worldwide, serving around 6,400 clients, including institutional investors and companies focused on ESG, cyber, and governance risk. Clients trust our expertise to make informed decisions for their stakeholders' benefit. 

Visit our website: https://www.issgovernance.com

View additional open roles: https://www.issgovernance.com/join-the-iss-team/

Institutional Shareholder Services (“ISS”) is committed to fostering, cultivating, and preserving a culture of diversity and inclusion. It is our policy to prohibit discrimination or harassment against any applicant or employee on the basis of race, color, ethnicity, creed, religion, sex, age, height, weight, citizenship status, national origin, social origin, sexual orientation, gender identity or gender expression, pregnancy status, marital status, familial status, mental or physical disability, veteran status, military service or status, genetic information, or any other characteristic protected by law (referred to as “protected status”). All activities including, but not limited to, recruiting and hiring, recruitment advertising, promotions, performance appraisals, training, job assignments, compensation, demotions, transfers, terminations (including layoffs), benefits, and other terms, conditions, and privileges of employment, are and will be administered on a non-discriminatory basis, consistent with all applicable federal, state, and local requirements.