Information Security Compliance Analyst
Liverpool, United Kingdom
Applications have closed
Evelyn Partners
We've been experts in wealth, accountancy and business advisory services since 1836.Company Description
Evelyn Partners is the UK’s leading integrated wealth management and professional services group, with over 186 years of experience in helping generations of people and businesses to thrive. We offer an extensive range of financial and professional services to individuals, family trusts, professional intermediaries, charities and businesses.
We provide an award-winning service for our clients by employing the best people. Join us on our mission to place the power of good advice into more hands because we believe that everyone deserves access to good advice, regardless of where they’re at in their financial journey.
An exceptional track record of growth and innovation is driven by our core values of: Personal, offering advice based on a true understanding of what matters to our clients; Partnership, working with our clients in a joined-up, collaborative way; and Performance, demonstrating a breadth and depth of advice expertise to deliver first-class results.
Read more about us and available career opportunities here: Wealth, accountancy and business advisory services | Evelyn Partners and Careers | Evelyn Partners
Job Description
Job purpose
Evelyn Partners is looking for an Information Security Compliance Analyst with expertise in risk assessments, risk treatment advisory, third party assessments, security compliance and security assurance.
The candidate must have an ability to perform as a productive and pragmatic member of an Information Security team. The position will require the execution of day-to-day information security risk management activities and the enhancement of the overall effectiveness and efficiency of the information security risk management capabilities across Evelyn Partners. The successful candidate will also play a crucial role in ensuring our organisation's compliance with information security standards and frameworks, particularly Cyber Essentials, ISO 27001 and NIST Cybersecurity Framework (CSF) v2.
Key Responsibilities
- Perform internal information security risk assessments and recommend mitigation actions / solutions.
- Collaborate with stakeholders and project teams to define security requirements based on scope, objectives, data, and technologies.
- Maintain risk registers and mange escalations, re-assessments, risk acceptance and risk exceptions.
- Evaluating and identifying new and current information security risks using both internal sources (audit findings, penetration test results etc.) as well as external sources (threat intelligence feeds, industry specific treat advisories)
- Continuously review security controls to assess changes in residual risk and the sufficiency of compensating controls.
- Review and manage security risk exception requests, ensuring timely reviews before expiry.
- Prepare reports with risk metrics, trends, findings, and ratings for key stakeholders.
- Assist in managing the ISMS, including audits, risk assessments, incident management, reporting, and security awareness.
- Maintain certifications, such as Cyber Essentials / ISO27001 / NIST CSF v2, against a backdrop of a growing firm and evolving regulations, technology and processes.
- Assist in developing control testing and assurance strategies, to ensure that organisation-wide security controls are meeting their objectives.
- Collaborate closely with internal and external stakeholders and SMEs.
- Identify best practices, develop technical standards, processes, and policies, and advise stakeholders on security.
- Develop and implement security policies, standards, and documentation ensuring compliance with legal regulations.
- Drive continuous improvement and contribute to internal and external cybersecurity collaboration.
- Serve as the security point of contact, guiding technology teams and business stakeholders.
- Engage with security allies to drive security initiatives and promote a risk-aware mindset.
- Remain current on industry standards for security in a technology environment.
- Ensure alignment with standards, recommend control improvements, and evaluate risks to confidentiality, integrity, and availability.
- Advise and guide business services on maintaining compliance with relevant legislation and security frameworks.
Qualifications
Key Skills and Experience
- Information Security experience is desirable.
- The ability to work proactively, pragmatically and collaboratively in a fast-paced working environment, balancing multiple concurrent activities.
- Experience managing internal and third-party vendor risk assessments and writing risk assessment reports.
- A record of accomplishment of effectively analysing security controls, while understanding the risk of certain controls not being in place.
- Experience working in an Information Security role dealing specifically with governance, risk and compliance areas is preferred.
- Prior experience writing Information Security related Policies, Processes and Procedure is desirable.
- The ability to effectively communicate security risks and impact to various business (often non-technical) stakeholders.
- Experience in using standards such as ISO 27001 (Implementation, Compliance, Certification, and audit reviews), NIST CSF, and Cyber Essentials is desirable.
Professional Qualifications and Education
- Degree or equivalent in Information Technology or Risk Management is preferred.
- Certification in cloud architectures is advantageous, especially Microsoft Azure
- Certification in Information Security domains is preferred, especially around ISO27001.
Additional Information
As a colleague here at Evelyn Partners, you will have access to benefits that include:
- Competitive salary
- Private medical insurance
- Life assurance
- Pension contribution
- Hybrid working model (role dependant)
- Generous holiday package
- Option to purchase additional holiday
- Shared parental leave
We are proud to value the differences that a diverse workforce brings, representative of society and our clients. At Evelyn Partners we have a wide range of highly active employee resource groups and we’re delivering multiple diversity, equity and inclusion initiatives across the organisation. It is our commitment to provide a workspace where all colleagues, regardless of identity, background, or circumstance, feel respected as individuals and feel that they can achieve their full potential and work in a safe, supportive, and inclusive environment.
We are happy to make any reasonable adjustments to accommodate for your needs throughout the application process. Please let your Recruiter know.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits Azure Cloud Compliance Governance ISMS ISO 27001 NIST Risk assessment Risk Assessment Report Risk management Threat intelligence
Perks/benefits: Career development Competitive pay Equity / stock options Health care Medical leave Parental leave
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.