Information Security Analyst
You’ll find the promise we make to our clients is the same one we make to our employees: Your success is our priority.
Here, you’ll find growth and career opportunities across all our businesses. We’re intentionally built to help you succeed. Our reach is expansive with a global team of 2,000 people working together. Our expertise is diverse with more than 450 investment professionals sharing global perspectives across all major asset classes and markets. Our clients have access to a broad array of investment strategies and we have the capability to create bespoke solutions matched to clients’ specific requirements.
Columbia Threadneedle is a people business and we recognise that our success is due to our talented people, who bring diversity of thought, complementary skills and capabilities. We are committed to providing an inclusive workplace that supports the diversity of our employees and reflects our broader communities and client-base. We welcome applications from returners to the industry.
We appreciate that work-life balance is an important factor for many when considering their next move so please discuss any flexible working requirements directly with your recruiter.
Where you’ll fit in & what our team goals are….
You will function as the local point of contact and information security subject matter expert for business change and Information security initiatives being delivered across EMEA and APAC. This role will ensure security is embedded in projects and deliverables meet production acceptance criteria prior to production implementation.
How you'll spend your time....
- Serve as a security expert on change programmes, providing guidance and support to enable change delivery teams to comply with enterprise and technology security policies, industry regulations and best practices.
- Identify appropriate security requirements, through a deep understanding of the business requirements and security control environment for each phase of a project or change initiative.
- Analyse security needs based on the sensitivity or proprietary nature of the data, business and technology functional and non-functional requirements, and work with the appropriate teams to develop and execute new or existing security technologies or processes as required.
- For the global and local delivery teams - ensure all stakeholders are aware that global and local requirements are met, with the skillset to influence change at all levels.
- Conduct risk analysis and contribute to the prioritisation of information security initiatives based on risk and business need.
- Weigh business needs and security concerns, make recommendations and clearly articulate options (including benefits and risks) to business partners, decision makers and key stakeholders.
- Communicate known security risks and solutions to mitigate risks to business and technology partners as needed.
- Assist with the investigation and operational support of the information security incident management processes.
- Ensure solutions are fully integrated into business-as-usual activities.
- Ensure systems are incorporated into the local service catalogue.
- Ensure regional KPI’s and KRI’s are defined and delivered.
- Maintain current expertise in information security technology, methodology, tools, threats/vulnerabilities, news and regulatory changes, emerging security trends, issues and threats.
- Work with Project Management to ensure that projects have met all Security / Production acceptance criteria prior to design, and implementation into production
To be successful in this role you will have....
- Knowledge of managing policies and events within Data Leakage Prevention solution
- Working and hands-on knowledge of Security Information & Event Management (SIEM) systems.
- Experience working with Identity and Access Management (including Privileged Account Management)
- Good understanding and demonstrated operational ability of IT Security Operations, Malware analysis, Advance Persistent Threat (APT), Cyber Threat etc
- InfoSec experience in a mature security environment
- Good all round technical knowledge of Applications, Databases, and Infrastructure
- Excellent understanding of project management lifecycle and methodologies
- Strong stakeholder management, persuasion & influencing skills at all levels
- Security knowledge / background essential (CISSP or similar)
- Well organised / analytical & logical approach, with attention to detail
- Able to demonstrate “pragmatism with principle”, i.e. blend a rules-based-approach with an ability to ‘read’ - and to act in accordance with - the organisation’s implicit risk tolerances
- Client focussed – able to focus on the ‘big picture’, risk vs business benefit
- Ability to work under pressure and show flexibility
- Able to communicate succinctly and influence at all levels
- Capable of innovative problem-solving and process improvements
- Strong and resilient character – able to overcome resistance
If you also had this, it would be great….
- Experience of a complex, multi-platform environment, preferably in financial services sector
- ITIL Managers or foundation certificate desirable
- Exposure to risk management methodologies