Security Assurance Analyst

About the Springer Nature Group 

Springer Nature opens the doors to discovery for researchers, educators, clinicians and other professionals. Every day, around the globe, our imprints, books, journals, platforms and technology solutions reach millions of people. For over 175 years our brands and imprints have been a trusted source of knowledge to these communities and today, more than ever, we see it as our responsibility to ensure that fundamental knowledge can be found, verified, understood and used by our communities – enabling them to improve outcomes, make progress, and benefit the generations that follow.  

Purpose of the Role   

The Security Assurance Analyst is a role within the Assurance Team in the SN Tech department. It is responsible for policy development and for ensuring that the organization is aligned with the industry standards through internal security audits under the guidance of the Head of Security Assurance. The ideal candidate will have a strong background in information security, risk assessment, and compliance. 

Responsibilities  

Policy and Compliance: 

• Develop, review, and update security policies, standards, and procedures to ensure compliance with industry standards and regulations. 

• Monitor compliance with security policies and procedures across the organization. 

• Ensure adherence to relevant regulatory requirements and frameworks, such as GDPR, HIPAA, ISO/IEC 27001, ISO/IEC 27001, PCI-DSS and CIS Controls 

• Perform Information Security assessments and GAP analysis 

Training and Awareness: 

• Participate and improve the security training and awareness program. 

• Create and deploy phishing campaigns. 

Risk Assessment: 

• Participate in the Cyber Risk Assessment process 

• Participate in the Risk Management process improvement 

Continuous Improvement 

• Participate in the continuous improvement cycle, by reviewing and improving existing policies and procedures. 

Support Internal Audits: 

• Participate in the internal Audits from an Information Security perspective 

• Support the mitigation process for the findings related with Information Security 

Incident Response Plan: 

• Support the improvement of the incident response plan and related policies 

• Conduct post-incident analysis and reporting to identify lessons learned and areas for improvement. 

 Technical Expertise: 

• Be aware of current security technological trends such as SASE, SSE, XDR, SOAR, SIEM, CNAPP etc. 

• Be able to understand and audit the security controls implemented. 

Key Relationships: 

• CISO Team; 

• SOC Team; 

• Engineering Enablement Team; 

• NetOps Team: 

• Work Place Enablement; 

Experience, Skills & Qualifications 

• Minimum 5 years of experience in Information Security roles with hands-on exposure in policy development. 

• Bachelor's degree in Computer Science, Information Security, or a related field. A Master's degree is preferred. 

• Professional certifications such as CISSP, CISM, CISA, or equivalent are highly desirable. 

• In-depth knowledge of information security frameworks, standards, and best practices (e.g., ISO/IEC 27001, NIST, COBIT, CIS Controls). 

• Strong understanding of regulatory requirements and industry standards related to information security. 

• Analytical mindset with the end-to-end view, ability to interpret data and present clear, actionable insights. 

• Strong written and verbal communication skills in English language for preparing detailed reports and interacting with stakeholders 

• Self-starter with a strong attention to detail and ability to manage multiple tasks and priorities in a fast-paced environment 

#LI-AR1