- Conduct vendor risk assessments and project security risk assessments based on established methodologies and frameworks.
- Evaluate security risks associated with third-party vendors and internal projects, considering factors such as security, privacy, and compliance.
- Identify vulnerabilities and potential risks and provide recommendations for risk mitigation strategies.
- Apply knowledge of industry best practices and regulatory requirements to assess and mitigate security risks.
- Ensure compliance with security policies, standards, and procedures in vendor relationships and project activities.
- Develop and maintain security assessment frameworks and methodologies for vendor risk assessments and project security risk assessments.
- Stay informed about emerging security threats, industry trends, and regulatory requirements related to vendor management and project security.
- Participate in incident response activities and contribute to security incident investigations and remediation efforts.
- Collaborate with procurement teams to assess and manage security risks associated with vendors.
- Review vendor security documentation, such as questionnaires, audits, and certifications, to evaluate their security posture.
- Provide guidance to procurement teams regarding security requirements and standards for vendor selection and ongoing monitoring
- Apply risk management principles to identify, assess, and prioritise security risks.
- Collaborate with project managers and technical teams to assess security risks and propose appropriate risk mitigation strategies.
- Track and monitor the implementation of security remediation plans.
- Conduct periodic reviews and audits to ensure compliance with security policies, standards, and regulatory requirements.
- Support the development and enforcement of security policies, standards, and procedures related to vendor management and project security.
- Provide security awareness training and guidance to staff as required.
- Bachelor's degree in Computer science, Information Technology, or a related field (or equivalent work experience).
- Professional certifications such as CISA, CISM, or similar credentials are preferred.
- Strong knowledge of information security principles, best practices, and standards (e.g., ISO 27001, NIST).
- Experience in conducting vendor risk assessments and project security risk assessments.
- Familiarity with security frameworks and assessment methodologies.
- Knowledge of regulatory requirements related to data privacy and protection (e.g., GDPR, CCPA) is a plus.
- Strong analytical and problem-solving skills.
- Excellent written and verbal communication skills.
- Ability to work independently and collaboratively in a team-oriented environment.
- Attention to detail and a commitment to maintaining high-quality standards.
Information Security Officer - London, United Kingdom - Eden Scott
Description
Job Description
Exciting opportunity for an experienced Information Security Officer to join a global professional services organisation based in London.
You will have a key role in ensuring the security of their systems and data by evaluating the risks associated with third-party vendors and internal projects and recommending appropriate risk mitigation strategies.
You will work closely with cross-functional teams across the organisation to ensure compliance with security standards and best practices.
Key responsibilities:
Assessing Security Risks (SCTY - Level 4, BURM - Level 4)
Information Security (SCTY - Level 4)
Supplier Relationship Management (SUPP - Level 4)
Risk Management (BURM - Level 4)
Security Compliance Management (SCAD - Level 3, SCTY - Level 4, AUDT - Level 4
Risk and Control: Ensure that all activities and duties are carried out in full compliance with our regulatory requirements and internal policies.
Essential Skills And Experience
This role is based on a hybrid basis with 3 days per week in their London office.