Information Security Controls and Reporting Analyst

Job Title: Information Security Controls and Reporting Analyst
Location: Cardiff Bay, Wales
Department: Information Security & Compliance
Reports To: Information Security and Compliance Manager (Cardiff Bay)

Join us now, the Information security and compliance team have a new role, they need a detail oriented person to join to become the Information Security Controls and Reporting Analyst.

WHO ARE WE?

Our success over the last 25 years and our ongoing growth can be attributed to our people and our strong culture. Culture and engagement really are part of our DNA here at Creditsafe and we take pride in making Creditsafe a great place to work. It’s important to us that people can be themselves, feel a sense of professional and personal growth and feel part of a global community.

We offer a varied range of benefits that support a good work-life balance, including a hybrid approach to work, which enables you the flexibility needed to thrive.

THE TEAM

Creditsafe’s Information Security and Compliance team are motivated by protecting company reputation, safeguarding existing revenue, and supporting the generation of future revenue. We realise that security can often be misunderstood so our approach is enabling new and existing customers to interact with our products and services, and we pride ourselves on balancing a positive security culture with a robust control environment. Our responsibilities include setting security policies, educating users on good security practices, managing security risks, and auditing our security posture. We interact with various teams, both internally and externally, and we aim to be as helpful and supportive as possible. Outside of security we’re passionate about a combination of sport, music, coffee, dogs, and memes.

JOB PROFILE

Your primary role will be to collate and review evidence of information security controls included within information requests used to acquire new clients / provide assurance for existing clients. This will include the implementation and management of a new system to improve the current process. You will also be working alongside our Information Security Auditor and Information Security Risk Manager to identify areas of concern that require improvement to the control environment.

KEY DUTIES AND RESPONSIBILITIES

  • Providing responses to new and existing clients’ information security questionnaires, including control evidence and related policies
  • Implementation and management of new client assurance system
  • Supporting the assessment of controls and processes against Creditsafe’s information security standards (e.g., ISO27001) whilst measuring effectiveness and reviewing documentation of information security controls
  • Working with relevant teams to gather evidence of information security controls in operation and report on their effectiveness
  • Supporting the production of control testing reports, prior to communication with appropriate stakeholders
  • Communicating client requirements, control gaps and deficiencies, risk exposures, and changes to the information security risk profile to senior management and other stakeholders, as required
  • Delivering assessments of information security risks to confidentiality, integrity, and availability in accordance with business impact, risk appetite and organisational policies
  • Monitoring and performing ongoing assessment of risks, policy non-compliance and control gap remediation
  • Ensuring appropriate technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology / threats

The responsibilities detailed above are not exhaustive and you may be requested to take on additional responsibilities deemed as reasonable by their direct line manager.

SKILLS AND QUALIFICATIONS

  • Excellent written and verbal communication skills (presentations and documentation)
  • An understanding of IT principles and an ability to communicate technical concepts effectively to a varied audience.
  • Ability to use proactivity and initiative to be accountable for your own workload
  • Ability to assess problematic situations to identify causes, gather and process relevant information, generate possible solutions, and make recommendations and / or resolve the issue.
  • A willingness to share knowledge and mentor other team members while improving communication among employees
  • Internal audit or control testing experience
  • Practical knowledge of information security and / or corporate risk management, control assurance methodologies and frameworks
  • Effective stakeholder relationship building and management skills
  • Pragmatic approach to problem solving and issue resolution

Desirable

  • Thorough understanding of information security concepts, protocols, industry best practices, strategies, frameworks, and regulations (e.g., IS027001, NIST, PCI-DSS)
  • Information security or internal audit certification
  • Previous experience in a large, financial services organisation

Creditsafe is an equal opportunities employer that values diversity. Please contact Creditsafe if there is any support you need with your application.