We are looking for a qualified CISSP - Information Security Analyst for our Operations team to deliver key BAU IT Security Management functions including the Information System Risk Assessment, Vendor Risk Assessment, Risk Acceptance and Policy review processes
Maintain the IT Security policies in accordance with regulatory and audit-driven changes (e.g. SOX and other US regulation) under the guidance of the Information Security Manager.
Assist in Sarbanes Oxley testing internal/ external audits as defined by AMPF testing schedules and processes. Oversee the operational IT control environment, including processes for joiners/leavers/transfers, identity and access management, access re-certification, security alert and breach management & reporting, privileged access use, etc.
Management of Vulnerabilities and assist with remediation Develop and maintain Management Information (MI) relating to the operational control environment mentioned above
Assist the Head of Service Delivery & Support in delivering effective Security Administration processes to meet TAM Security Policies and audit requirements, leveraging ITIL and Security best practices where appropriate.
Assist the Information Security Manager with conducting due diligence reviews on third parties ensuring alignment with Security best practices (e.g. ISO-27001).
Capture and report security incidents / breaches and assist with investigation and remedial action.
How you'll spend your time.....
Assist in the move into BAU of the Information System Risk Assessment Process, and co-ordinate regular Information System Risk Assessments (refreshing old assessments and performing first-time assessments for new systems).
Logging, reporting, and tracking of vulnerability and patch management process across CTI environment Refresh and re-invigorate the Vendor Security Assessment Processes, and co-ordinate regular Vendor Security Assessments
Develop, own & publish MI to provide management with assurance of the integrity of the operational IT control environment, including joiners/leavers/transfers, identity and access management, recertification, security alert and breach management & reporting, privileged access use.
Own and maintain the data protection asset register, ensuring compliance with relevant requirements and flagging issues with management
Working with the Information Security Manager and Head of Infrastructure, providing thought-leadership for the Information Security configurations for network and server environments.
Co-ordinate fieldwork for external audit, assist in finding identification, acceptance and fix drafting
Oversee the monitoring and response to System Security alerts through (e.g. SCCM)
Manage the delivery of operational and project objectives, and ensure that any issues with achieving delivery date are captured and addressed.
Represent the Information Security Manager and Security Management function at department and project meetings as applicable.
Work with Project Management to ensure that projects have met all Security / Production acceptance criteria prior to implementation.
Work to promote the image of Security Management across CTI.
Develop and maintain the Information Security Management intranet site
Provide cover and other assistance for the Information Security Manager as required
About Columbia Threadneedle Investments
What working at Columbia Threadneedle offers.....
You'll find the promise we make to our clients is the same one we make to our employees: Your success is our priority.
Here, you'll find growth and career opportunities across all of our businesses. We're intentionally built to help you succeed. Our reach is expansive with a global team of 2,000 people working together. Our expertise is diverse with more than 450 investment professionals sharing global perspectives across all major asset classes and markets. Our clients have access to a broad array of investment strategies and we have the capability to create bespoke solutions matched to clients' specific requirements.
Columbia Threadneedle is a people business and we recognise that our success is due to our talented people, who bring diversity of thought, complementary skills and capabilities. We are committed to providing an inclusive workplace that supports the diversity of our employees and reflects our broader communities and client-base.
We appreciate that work-life balance is an important factor for many when considering their next move so please discuss any flexible working requirements directly with your recruiter.