We´re hiring new talent

Quartz believes in the power of the individual to create great things.

We're hiring new talent

Information Security GRC Senior Analyst

Deadline

30/09/2022

What are we about:

Our ambition is simple. To combine our global know-how with local insight to help our clients turn their business goals into reality. By offering innovation, automation and organizational design. All with a personal touch.

Where the strategic magic happens:

London is our base of operations. Here, we’ve created an international office with dozens of exceptional people. Over the years, we’ve worked hard to secure our place as leading advisors and business support consultants within our industries. We are incredibly proud of what we’ve achieved so far and plan to continue along the same path. Constantly learning, improving and growing to make sure we always create lasting value for our clients.

Our Mission

Create value and reimagine the technology that powers the categories we work in. Provide management and consulting teams that turn start-ups into medium-sized businesses and support them as they evolve.

Summary

Reporting to the Information Security Governance, Risk and Compliance (GRC) Team Lead, the Senior Information Security Analyst will be part of a global team of information security specialists, contributing to governance practices and security risk management activities across the organisation.

The Senior Information Security Analyst will have strong knowledge of information security frameworks and an understanding of their practical application, along with strong written and verbal communication skills.  The role will suit a highly motivated, proactive individual who understands the importance of fostering a strong security culture in a fast paced, agile environment.

Responsibilities

Key responsibilities include, but are not limited to:

  • Draft, review, and update information security policies, standards and procedures, aligned to recognised frameworks (e.g. ISO 27001, NIST CSF, CIS Critical Security Controls) and tailored to organisational objectives and stakeholder requirements.
  • Conduct security assessments and reviews, focusing on People, Processes and Technologies, to identify information security risks and control gaps.
  • Contribute to all aspects of information security risk management activities, including the development of effective risk mitigation plans, the continuous improvement of control measures and the collation of risk reporting metrics.
  • Develop and deliver training content across a range of security themes tailored to all levels of the organisation and specific business functions. Identify new and creative ways to enhance security education and training provision through graphical, written and verbal means.
  • Carry out open source intelligence (OSINT) research to collect information on current and future security threats and trends relevant to the organisation.
  • Assist the GRC Team Lead and Principal Analyst in providing information security support to wider organisational projects through stakeholder collaboration. Conduct vendor/product security and privacy reviews to provide best practice recommendations throughout the third party risk management lifecycle.
  • Provide GRC input across the wider security function, including Cyber Security, Security Engineering and Physical Security, in support of team projects, security monitoring and alerting tasks and incident response activities.

Requirements

  • Strong knowledge and practical experience implementing information security standards and control frameworks (e.g. ISO27001, NIST CSF, CIS Controls, GDPR).
  • Experience across a range of themes including security and privacy principles, risk management, third-party risk analysis, cyber hygiene, personal and physical security best practices.
  • Experience leveraging a range of security tools for analysis and reporting (e.g. GRC platforms, SIEM, Data Classification/DLP).
  • A good understanding of technical concepts relating to IT infrastructure (e.g. networks, email systems, authentication) with the ability to quickly grasp complex technical aspects.
  • Adaptable and versatile with the proven ability to work independently as well as build positive cross-departmental working relationships.
  • Strong English (verbal and written). Confident and engaging communicator capable of condensing information into clear, concise and informative reports and presentations.
  • Willing to travel up to 10% of the time.

Desirable

  • CISMP, CRISC, CISM or other relevant industry certifications.

Job application

Thanks for your application