Information Security Risk Analyst

Management Level

Business Division: GRCLS

Business Function / Department:

Job Title: Information Security Risk Analyst

Reporting to (Job Title): INFO SECURITY RISK MANAGER

Date:

Equiniti is a leading international provider of shareholder, pension, remediation, and credit technology. With over 6000 employees, it supports 37 million people in 120 countries.  

EQ India began its operations in 2014 as a Global India Captive Centre for Equiniti, a leading fintech company specialising in shareholder management. Within a decade, EQ India strengthened its operations and transformed from being a capability centre to a Global Competency Centre, to support EQ's growth story worldwide.

Role Summary

The Information Security Risk Analyst will work within a small team delivering a range of risk-related services. You will report to the Information Security Risk Manager; You will share the workload and activities of the Information Security Risk Management team, consisting of the Head and up to 5 other staff.

Core Duties/Responsibilities

Risk Identification, Assessment and Analysis

• Assist and conduct comprehensive risk assessments to identify potential cybersecurity threats and vulnerabilities across EQ’s infrastructure, data, applications, mobile and networks.
• Utilise security tools and threat modelling techniques to evaluate the likelihood and impact of various security risks and identify the top priorities.
• Analyse security data from multiple sources (including technical security documents, penetration testing tests and code scans)  to provide insights into potential risks and security gaps.
• Maintain Risk records and Risk Acceptances regarding IT, Information or Cyber Security in the Company’s Risk Register/GRC tool.

Regulatory Requirements Identification

• Research, identify and interpret, with the help of legal and compliance team,  cyber security requirements and standards
• Stay up-to-date with evolving cybersecurity regulations and legal requirements at local, national and international levels in which EQ operates.
• Assist in compliance assessment and gap analysis to determine EQ’s adherence to relevant cybersecurity regulations and frameworks. Ensure that these are incorporated into the Risk Process so that they are rigorously applied, where necessary, to new and changed IT systems and applications.

Third-Party Risk Management

• Conduct Risk Analysis of existing and new third-parties playing a significant role in the Company’s supply chain and with access to Company or customer data or the Company’s systems
• Track any significant risk issues arising to completion over agreed timescales.

Information Security Metrics & Reporting

• Assist by collecting and organising data, helping to identify potential risks across various business units and prepare appropriate metrics and reports.
• Support in the creation of regular and ad-hoc reports for Executives and senior management teams

Stakeholder Engagement

• Engage with various developers and stakeholders across the business in selecting tailored security training on the training platform.
• Engage in knowledge sharing sessions on emerging threats and security risk trends.

Risk Method Development

• Assist the Information Security Risk Manager in developing and maintaining the EQ Security Risk Process.
• Assist in developing and implement risk management strategies.
• Collaborate with IT and security teams to implement technical measures like firewalls, encryption, and MFA.
• Analysis and improvement of existing information security policies guidelines and procedures, creating new ones where required
• Define best practice in the design and coding of proprietary systems developed by the Company and support the development teams in adhering to such practices with advice, education and provision of dynamic and static application security testing tools.

Skills, Capabilities and Attributes

The key skills and experience required for this role can be summarised as follows.

We are open-minded when it comes hiring candidates, we care more about attitude and aptitude rather than specific experience or qualifications. You should have accumulated at least 3-5 years’ technical experience in a security role within industry, assurance services or a consultancy.

Preferably, some experience is required of:

• De facto or (inter)national standards for control, such as CoBIT, ISO 2700x, NIST CSF, etc.
• Governance, Risk & Compliance (GRC) tools and methods
• Experience in mobile, web application, infrastructure and cloud penetration testing.
• Experience in mobile, web application, infrastructure and cloud penetration testing.
• Demonstrable knowledge of the Cyber Kill Chain and MITRE ATT&CK Framework.
• Good understanding of adversarial tactics, techniques, and procedures (TTPs) and their likelihood and impact to EQ.
• Experience in evaluating existing cyber defences against identified threats and attacks to determine weaknesses and propose relevant detective or preventive control enhancements. 

Benefits:

Being a permanent member of the team at EQ you will be rewarded by our company benefits, these are just a few of what is on offer:

• 3 days of additional leaves on & above statutory requirement along with 2 days of voluntary leaves to pursue the CSR initiatives  
• Business related certification expense reimbursement
• Comprehensive Medical Assurance coverage for dependents & Parents
• Cab transport for staff working in UK & US shift
• Accidental & Life cover 3 times of concerned CTC

We are committed to equality of opportunity for all staff and applications from individuals are encouraged regardless of age, disability, sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships. Please note any offer of employment is subject to satisfactory pre-employment screening checks.