My client is currently reviewing all of its Cyber Security policies and is looking for an experienced policy analyst to review enhance and re write their current security policies .
Duties and Responsibilities
- Create new, and update existing operational security policies, standards, process, and procedures to meet operational security needs and in line with superior internal and external frameworks and standards.
- Be the first point of contact for security for the organisation’s different stake holders.
- Engage early with the business to understand the business demand pipeline for security support and input.
- Proactively build and maintain security engagement between operational security and business for projects and programmes to ensure security policies, standards, procedures, and processes etc, are adhered to.
- Ensure all projects programmes and business initiatives have security input.
- Carry out assessment against business and security requirements to prioritise business demand.
- Create security requirements for projects and programmes.
- Engage with stakeholders and technical teams to ensure security requirements are captured, translated, and embedded as security by design and meet security policies and standards etc.
- Identifying and flagging risks and issues early.
- Improve security compliance process and communicate these to the stakeholders.
- Work actively to reduce risks and impact of risks to the organisation.
- Ensure risks are identified, assessed managed and reported in a timely manner.
- Proactively identify gaps and make improvements.
- Produce quality reports on security risks, progressions, and non-noncompliance with policies.
- Engage and build relationships with internal and external stakeholders.
- CISSP,CISM or CRISC qualified
- 5 + years of working in security in large Global , diverse, and complex organisation as security support role, supporting business, projects and programmes capturing business and security requirements.
- Public sector experience essential
- Experience of writing quality and actionable security policies, standards, and procedures, communicating and establishing them across a very diverse organisation.
- Sound knowledge of project management methodologies and security integration
- Working closely with technical teams, business forums, projects, and security integration
- Ability to communicate technical security risks and requirements to different, technical, and non-technical audience.
- Have a technical IT and Security background with recent Governance, Risk and Compliance experience.
- Experience of working with ISO27001, NCSC’s Could Principles, Cloud Assurance Framework, NIST and other NCSC and HMG standards and guidance, adapting them into organisational policies and procedures etc.
- IT and networking knowledge, especially, Microsoft products, including Azure security and security tools.
- Working knowledge of threat and vulnerability, attack types and response.
- Ability to prioritise, work under pressure and manage demands and workload autonomously and with other technical and non-technical teams.
- Experience producing high quality documentation, policies, process, and reporting and communicating them to different stakeholders.
- Ability to work collaboratively in a large and diverse organisation across the globe.
- A good command of written and verbal communication skills is required for this role to be able to engage with diverse and global organisation.
Job Reference: DB-2309-337633
Salary: £520 - £525 per day + Fully remote inside IR35
Salary per: day
Job Duration: 3m rolling
Job Start Date: ASAP
Job Industries: Cyber Security Jobs
Job Locations: Greater London
Job Types: Contract
Job Skills: Analyst, security policy