IT Security Risk and Compliance Analyst

Overview

Job Title: IT Security Risk & Compliance Analyst

Job Description Summary: The IT Security Risk & Compliance Analyst is responsible for managing daily security operations, supporting cross-regional initiatives, and ensuring compliance with internal and external security standards. The role involves collaboration with various teams, including Legal and Service Lines, and participation in vendor and client security assessments. The analyst also contributes to security awareness, governance, and continuous improvement of the organization's security posture.

• Manage day-to-day security initiatives, ensuring deadlines, timelines, and set processes are met throughout the year.
• Work with Regional Security Leads to ensure cross-region activities are followed through and completed.
• Collaborate with Service Line organizations and Legal in reviewing specialized training needs and requirements that are documented.
• Work with and manage security service desk L4 concerns; initiate and shepherd swift remediation action to resolve issues.
• Capture information risk metrics into a central repository, analyse the metrics and ensure they are meaningful and tell the true story of the GISO operations.
• Determine, measure, and agree on actions to ensure that the C&W GISO is looked up to as a world leader and innovative in its methods.
• Lead in security awareness activities and other initiatives as needed, such as managing security trainings and reporting results to management; participate in phishing campaigns.
• Perform vendor security assessments to ensure vendors meet internal information security requirements and help monitor them.
• Complete client security assessments and participate in client audits ensuring that internal information security requirements satisfy client needs.
• Participate in the implementation of new tools and seek opportunities to improve the maturity of the client and vendor security programs.
• Support the continuing embedding of the Information Security Risk Framework and processes.
• Ensure information security governance and processes align with the wider program of information security processes and that they operate effectively.

Education:

• Degree or equivalent work experience in computer science, information systems, or related field

Other professional qualifications:

• 2-3 years of experience in one or more domains of information security such as vendor risk management, security governance, security operations, etc.
• Experience and thorough understanding of IT risk and compliance standards and industry best practice frameworks such as ISO 27001/2, NIST CSF, NIST SP800-53, CCSK
• Ability to collaborate with business and IT partners in task management and project coordination.
• Large multi-national company experience preferred.

Foreign language skills:

• English (Fluent written and oral competency)

Required skills:

• Excellent planning and organizational skills to coordinate risk assessments, reporting, control, and assurance activities.
• Attention to detail and a track record of delivering high-quality reports of accurately presented data in a meaningful and appropriate way.
• Exceptional interpersonal skills to successfully communicate with stakeholders by phone, in documentation, via email, and in meetings and workshops.
• Strong communication and stakeholder engagement skills with the ability to influence and adapt the approach as required at all levels.
• Solid understanding of how an information security organization functions.
• Able to analyse large amounts of information to deliver succinct, clear messages.
• Able to manage own time effectively and show judgment on prioritizing tasks, working on activities concurrently when required, and demonstrate flexibility to changing requirements, often at short notice.
• Team player.
• Competent in Microsoft Excel, PowerPoint, and SharePoint.

Clause:

The tasks, responsibilities, and related administration obligations included in this job description are not described in full; they may be supplemented to reflect the general and job-specific professional habits. The holder of the job must perform lawful instructions of the line manager and occasionally also perform tasks that do not fall within the job.

INCO: Cushman & Wakefield