Digital Security - Iam - Cyberark

 Responsibilities

• Support the Information Security Manager in delivering the Information Security Management System and to drive continuous improvement for information security.
• Evaluate and assess cyber security controls across the business and its third party vendors to ensure compliance with the NIST Cyber Security Framework (CSF).
• Conduct comprehensive risk assessments using the NIST CSF.
• Use risk management techniques to identify cyber threats, risks and issues in a timely manner.
• Support, develop and conduct third-party vendor security assurance activities.
• Collaborate with cross-functional teams to develop and implement risk management activities.
• Respond to security support tickets and other enquiries; providing information security support and escalation.
• Support the creation and collection of metrics, validation of security control performance and the identification of emerging cyber risks.
• Collaborate with the Enterprise Risk Management (ERM) team to maintain, develop and deliver cyber risk reporting and appetite statements.
• Maintain Information Security policy and procedure ensuring content is relevant to the current cyber threat landscape.
• Maintain, develop and test the Cyber Incident Response Plan, ensuring content is relevant to the current cyber threat landscape.
• Monitor, maintain and manage Lancashire compliance with its relevant cyber security regulation obligations.
• Manage actions and output generated by stakeholder engagements; for example customers, regulators, internal and external auditors.
• Maintain currency with emerging security trends, threat intelligence, industry standards and good practice, and security enhancing technologies.

Essential Skills, Knowledge & Experience

• A minimum of five years of experience in an Information Security role.
• Experience working in a professional services environment
• Hands-on experience conducting cyber risk assessments and developing cyber risk mitigation strategies.
• Hands-on experience conducting cyber security control assessments.
• Hands-on experience developing and maintain cyber risk reporting and risk appetite statements.
• Hands-on knowledge and experience working with recognised security frameworks such as, NIST CSF, ISO27001 etc.
• Hands-on experience managing and maintaining cybersecurity compliance with regulatory frameworks such as FCA, PRA, NYDFS etc.
• Experience developing a governance framework by maintaining policy and procedure.
• Ability to achieve against agreed deadlines.
• Ability to work both independently and collaboratively.
• Strong interpersonal and communication skills (written and verbal), with the ability to interact with technical and non-technical stakeholders at all levels.
• Strong analytical and problem-solving skills.
• Strong organisation and planning skills.
• A pro-active and enthusiastic approach.
• Knowledge of Microsoft systems (on-premise and Azure cloud), technologies, infrastructure, awareness of systems management and operational support tools.
• Acknowledges and responds positively to exceptional events in information security to meet the objectives of the business.