Information Security Analyst

Overview

About the Role Environmental Resources Management (ERM) is a leading global provider of environmental, health, safety, risk, and social consulting services with 160 offices and over 8,000 staff members covering the entire spectrum of consulting services. ERM is committed to providing a service that is professional and of the highest quality to create value for our customers. ERM’s Global IT team is seeking a Cyber Security Compliance Analyst. This role will be a fixed shift (2-11) IST. In this role, you will play an essential role in managing information security governance, risk, and compliance. Key Accountabilities & Responsibilities

• Client Requests and Contract Reviews:
• Serve as a point of contact for client requests for information related to information security compliance. Must have deep understanding in this and provide detailed evidence-based responses.
• Review contracts and agreements to ensure compliance with information security requirements and standards.
• Attending client meetings and address their security concerns.
• Third-Party Risk Management:
• Manage third-party risk assessment processes, including vendor security assessments and due diligence.
• Evaluate third-party security controls and assess their alignment with organizational policies and standards.
• Exception Requests:
• Review and evaluate exception requests related to information security policies and standards.
• Assess the impact of proposed exceptions and make recommendations to management for approval or mitigation. Foundational Responsibilities These are foundational skills that all team members within the Cyber Operations team must have:
• Compliance Management:
• Assist in the development, implementation, and maintenance of the company's information security compliance program.
• Ensure adherence to regulatory requirements, industry standards, and internal policies and procedures.
• Conduct regular compliance assessments and audits to identify gaps and areas for improvement.
• Governance Support:
• Support the establishment and maintenance of information security governance frameworks, policies, and procedures.
• Assist in the development of governance documentation, including charters, policies, standards, and guidelines.
• Provide guidance and support to stakeholders on governance-related matters, ensuring alignment with business objectives.
• Risk Management:
• Assist in the identification, assessment, and mitigation of information security risks across the organization.
• Conduct risk assessments and analyze security controls to ensure effectiveness and compliance with ISO 27001 requirements.
• Collaborate with stakeholders to develop and implement risk mitigation strategies and action plans.
• ISO 27001 Compliance:
• Support the implementation and maintenance of ISO 27001 certification requirements.
• Assist in the development and documentation of ISO 27001 policies, procedures, and controls.
• Conduct internal audits to assess compliance with ISO 27001 standards and identify areas for improvement.
• Security Awareness and Training:
• Assist in the development and delivery of security awareness and training programs for employees.
• Promote a culture of security awareness and best practices throughout the organization. Influence And Decision-Making Operating within practices and procedures covered by precedent or well-defined policies; end results will be subject to review. The job will contain a variety of activities and clear short-term objectives. The job holder may determine their own priorities whilst meeting clear outcomes. Explains policies, practices and procedures of the job area to parties within and outside of own job function. May have responsibility for communicating with parties external to the organisation (e.g., customers, vendors, etc.).
  
  

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Lead Implementer Training ISO27001 Job specific capabilities/skills:
• 3-4 years of experience in information security, compliance, or related field.
• Strong English Verbal communication skills, including presentation skills, with an ability to communicate with a range of technical and non-technical team members and other relevant individuals.
• Strong English Written communication skills, for example to write technical reports and reviews of Master Service Agreements.