Job Description
IT Risk Analyst required for market leading financial services firm. The role will focus on the Data Classification process that identified the most precious resources for the Business and include the following: Responsibilities:Prepare and perform the Data Classification exercise across all Lines of Business with various stakeholders up to C-LevelProduce documentation for the wider company audience to explain and better guide staff in selecting the best data classification labels for their informationCollect the up-to-date information from Business regarding their most valuable data and its use on a yearly basis (at minimum) and support the business in evaluating the most appropriate classificationMaintain a proper audit track on signoffs provided by the Business, Information Security and the Data Privacy Office regarding Data Classification topicsAct as intermediary with the IS Project Reviewer to be able to evaluate the most appropriate Data Classification level for new dataMonitor the applied Information Security labels and track non-compliance with the Data Classification registerManage and maintain the Data Classification register, a consistent record of the most valuable data in the organisation, their owner, their classification, and their locationAct as a champion for Information Security when dealing with areas of the business, providing assistance with the raising of information risks and explaining current policy as requiredMaintain close working relationships with appropriate teams across and outside of Information Security.ExperienceMasters degree in Computer Science, Engineering, or related field with a minimum of 5 years of professional experience in Risk Management (Required) and/or Information Security (Preferred)Expert in synthesizing and clearly communicating complex information to all audiences up to C-Level leaders (Required)Experience in articulating risks in business language and advising on the appropriate risk management action (Required)Experience in Data Classification, process discovery or Business Impact Assessment (Required)Excellent attention to detail and the ability to create clear, concise and engaging presentations breaking down difficult problems (Required)Expert analytical and reporting skills (Required)Excellent interpersonal and collaborative skills (Required)Expert in Microsoft Office (Word, Excel, PowerPoint, SharePoint) (Required)Experience in multinational companies (Required)Strong knowledge of Risk management (Required)Strong knowledge of Risk management frameworks (ISO 3100X, NIST 800-30/37/39, ENISA, EBIOS, OCTAVE, FAIR) (Required)Strong knowledge of Information Security frameworks (Mitre ATT&CK, NIST, ISO 2700X ) (Preferred)Experience in information security management reporting and related methodologies (Preferred)Information Security and/or Information Technology industry certification (CISSP, CISM, or equivalent) (Preferred) IND123