Principle, Cybersecurity Analyst

As our Princple, Cybersecurity Analyst, you'll analyze and execute activities around Cybersecurity process, controls, standards and regulatory requirements. Every day you'll enable businesses and functions to manage their information security risks and to ensure risk and controls are assessed accurately, objectively, and independently through professional and specialized subject matter experts. To thrive in this role, you must have experience in operational processes or third party information security reviews in the Financial Services industry or similarly regulated sector. You understand risk management, Audit, ISR, etc.

The Principle, Cybersecurity Analyst is expected to work collaboratively with other members of the RISO/ BISO organisation, the core central teams and have a good understanding of local business requirements and cybersecurity control landscape for the respective business/ region. This is a leadership position and will mentor/lead junior staff and interface with senior management and regulators on cyber related topics.
  • Have an in-depth understanding of the GB/GF/Reg technology landscape and local requirements to provide advice and input into the business/ region technical requirements and ensure these are captured and incorporated into the cybersecurity strategy and future demand management
  • Provide cybersecurity advice and input into the business initiatives for the GB/GF/Region to ensure compliance with cybersecurity controls and effective security management relating to business initiatives.
  • Work collaboratively with cybersecurity Architecture and Engineering teams to ensure that business led transformation initiatives follow the right principles in relation to cybersecurity architecture, design and engineering.
  • Work closely with the Cybersecurity Delivery Lead to support the role out of new cyber initiatives
  • To support the Region/ Country / Service line lead(s) with technical input when providing tailored reporting for the respective GB/GF/Reg
  • Provide cyber consulting and technical SME input into the global path-to-green initiatives for Cybersecurity controls improvement work. This includes contributing to identify adequate requirements to reduce cyber risk, providing input into roadmaps and mitigation plans for gaps identified within the Cybersecurity controls for the GB/GF/Region.
  • Where appropriate, support the Region/Country/Service Line Lead(s) to assess the impact of major incidents to the GB/GF/Region by providing specific technical and cyber input for the business/ region, working closely with the core cybersecurity functions on action plans to minimise impact.


Qualifications

  • Undergraduate degree or equivalent work experience.
  • Proven extensive technical knowledge and experience relevant within information security such as: information security governance, cloud security, operating system and database security, security logging and monitoring systems, vulnerability assessment tools, encryption, single-sign-on, logical access administration fundamentals, multi-factor authentication, and/or secure software development.
  • Mature communication, collaboration and presentation skills, including engaging audiences at various levels, as well as an ability to deliver concise presentations to senior management.
  • Technical domain knowledge, including an understanding of secure application development methodologies, operating system and database controls, network and cyber security principles, and system-related internal controls.
  • Knowledge of current and emerging threats/threat vectors.
  • Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities
  • Proven knowledge of security controls and methodology (e.g. NIST, ISO27001) as well as corporate policies and procedures.
  • Demonstrates expertise in technology, applications and/or interfaces crafted to support the business.
  • Strong collaboration skills, strong analytical skills, and the ability to identify and recommend solutions for cybersecurity issues. The person works with a startup mentality and has a shown ability to be a self-starter.


All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.