- Claims and Insights, Information Technology, Legal, Security and Risk
- United Kingdom
We are recruiting an experienced Cyber Security Compliance Analyst with prior PCI compliance experience. You will deliver assurance that key Cyber Security Policies and Standards are adhered to via auditing and compliance practices against a defined framework and industry recognised regulations. The role involves collation and reporting on third party security assessments, both as part of an annual review process and during procurement. A key element is maintaining PCI compliance; conducting GAP analysis, gathering evidence and engaging with QSA services on an annual basis.
- Perform due diligence and Cyber Security assurance over 3rd parties.
- Provide reporting on 3rd parties security stance and highlight potential risks to senior stakeholders.
- Assist in maintaining the Cyber Security risk register, holding key individuals accountable for remedial action.
- Provide IT support to the Internal Audit function, tracking remedial actions.
- Assist in the continued compliance with PCI DSS and the annual assessment and maintenance
- Complete assurance tasks ensuring that the key Cyber Security Policies and Standards are adhered to.
- Work with key business areas to work towards a level of compliance where required.
- Escalate where non-compliance poses a business risk to key business stakeholders.
- Perform regular and periodic compliance related tasks
- Assist in maintaining audit evidence repository, ensuring artefacts remain current.
- Develop and publish any additional Cyber Security Policies and Standards which are required.
- Deliver Cyber Security training and awareness
- Experience relating to Cyber Security, Compliance or Assurance.
- Experience in leading 3rd party assessments, running 3rd party assurance services preferably against a recognised framework.
- In depth understanding/experience of PCI DSS preferably or other similar compliance standards.
- Experience of conducting compliance reviews, including creation of GAP analysis reports and remediation plans.
- Understanding of risk methodologies and experience of applying these in assessments,
- Qualifications Desirable: Professional security management certification, such as a Systems Security Certified Practitioner (SSCP), Certified Information Systems Security Professional (CISSP), Certified Information systems Auditor (CISA)
- 27 days holiday plus eight statutory bank holidays
- Pension scheme
- Performance related bonus
- Life assurance
- Sports centre
- Free on-site parking
- Lift share scheme
- Subsidised café and restaurants
- Discount on Dyson machines