Network Risk and Compliance Analyst: Primary responsibilities will include: Develop and manage monitoring activities to ensure compliance with Information Security and Technology regulatory requirements and internal policies and standards Identify, develop and maintain key risk indicators to track and ensure compliance with established policies and standards Lead global and complex compliance remediation projects with cross-functional teams Conduct targeted reviews to identify risks, opportunities, and areas for improvement Lead development of management action plans; propose resolution options, identify responsible owners, and closure dates Proactively identify and report Information Security and Technology compliance risks Ensure risks are effectively identified, quantified, prioritized, communicated, and managed, including recommendations for risk mitigation, and identifying the root cause/key themes Effectively communicate findings and recommendations to management in detailed and organized format/process via presentations to stakeholders and senior management Manage Audit, Regulatory and Third-Part audits/risk assessments Lead development of formal responses to Audit and Regulatory inquiries or assessments. This may be comprised of documentation gathering, drafting of documents, and researching past activity and reports Centralize compliance responses/data to improve audit response time and create consistent responses across teams Interact with Auditors and Regulators as needed Develop and conduct ongoing risk and compliance training and education Role Requirements: Bachelor's degree in Computer Science, Cyber Security, Information Security, Information Systems Management, Information Technology Auditing or related relevant field Strong technical background in order to communicate effectively with Network Engineers Experience in leading projects, preferably global projects Experience with audits and/or compliance assessments/monitoring. PMI, CISSP, CISM, CISA a plus Ability to operate in a fast-paced global environment. Ability to work under pressure, meet tight deadlines and embrace change. Ability to communicate clearly to various levels of management (including executive management), across various business functions (including engineering)
Mar 25, 2024
Full time
Network Risk and Compliance Analyst: Primary responsibilities will include: Develop and manage monitoring activities to ensure compliance with Information Security and Technology regulatory requirements and internal policies and standards Identify, develop and maintain key risk indicators to track and ensure compliance with established policies and standards Lead global and complex compliance remediation projects with cross-functional teams Conduct targeted reviews to identify risks, opportunities, and areas for improvement Lead development of management action plans; propose resolution options, identify responsible owners, and closure dates Proactively identify and report Information Security and Technology compliance risks Ensure risks are effectively identified, quantified, prioritized, communicated, and managed, including recommendations for risk mitigation, and identifying the root cause/key themes Effectively communicate findings and recommendations to management in detailed and organized format/process via presentations to stakeholders and senior management Manage Audit, Regulatory and Third-Part audits/risk assessments Lead development of formal responses to Audit and Regulatory inquiries or assessments. This may be comprised of documentation gathering, drafting of documents, and researching past activity and reports Centralize compliance responses/data to improve audit response time and create consistent responses across teams Interact with Auditors and Regulators as needed Develop and conduct ongoing risk and compliance training and education Role Requirements: Bachelor's degree in Computer Science, Cyber Security, Information Security, Information Systems Management, Information Technology Auditing or related relevant field Strong technical background in order to communicate effectively with Network Engineers Experience in leading projects, preferably global projects Experience with audits and/or compliance assessments/monitoring. PMI, CISSP, CISM, CISA a plus Ability to operate in a fast-paced global environment. Ability to work under pressure, meet tight deadlines and embrace change. Ability to communicate clearly to various levels of management (including executive management), across various business functions (including engineering)
An IT intensive financial services organisation based in London is expanding its cybersecurity assurance capability with the creation of an IT Audit Manager position with a specific focus on cyber risk management. Your experience will include both internal IT Audit and a good understanding of Cyber specific risks and controls along with key regulatory frameworks governing IT Security. Strong Technical IT skills to an infrastructure level would be beneficial to success in this role. You will work alongside experienced audit and risk professionals and have a high level of exposure to senior stakeholders in and around the leading edge technology structures in this organisation. The working culture is highly flexible with an expectation of only 2 days in the office per week. A great role to cement your status as a technical IT Auditor and to further develop your cybersecurity expertise at the forefront of the financial services IT Security battle. To apply, please send your CV to or get in touch to discuss in more detail. Eames Consulting is acting as an Employment Agency in relation to this vacancy.
Mar 23, 2024
Full time
An IT intensive financial services organisation based in London is expanding its cybersecurity assurance capability with the creation of an IT Audit Manager position with a specific focus on cyber risk management. Your experience will include both internal IT Audit and a good understanding of Cyber specific risks and controls along with key regulatory frameworks governing IT Security. Strong Technical IT skills to an infrastructure level would be beneficial to success in this role. You will work alongside experienced audit and risk professionals and have a high level of exposure to senior stakeholders in and around the leading edge technology structures in this organisation. The working culture is highly flexible with an expectation of only 2 days in the office per week. A great role to cement your status as a technical IT Auditor and to further develop your cybersecurity expertise at the forefront of the financial services IT Security battle. To apply, please send your CV to or get in touch to discuss in more detail. Eames Consulting is acting as an Employment Agency in relation to this vacancy.
Our Organisation The Football Association The FA is the not-for-profit governing body of football in England. It is responsible for promoting and developing every level of the game, from grassroots through to the professional game, and generates significant revenue to support investment into English football each year. The FA oversees England international teams across men's, women's, youth and disability football, as well as running the National League System and FA Competitions including the Emirates FA Cup, Barclays FA Women's Super League, FA Women's Championship, and Vitality Women's FA Cup, and the world-class facilities of Wembley Stadium and St. George's Park, all with a purpose to Unite the Game and Inspire the Nation. 90 minutes to change our world Digital Technology HAVE THE DIGITAL WORLD AT YOUR FEET Technology is key to the FA's transformation. From supporting grassroots via our day-to-day digital presence, to using data-led insights to drive the game - to developing future focused platforms for professional football - our Digital Technology team is central to our future. Whilst investment in technology to make the experience of all participants relevant and easy, is already at the heart of how we can serve the game, we are looking to invest even further and deliver in a more iterative way, forming product lines and fully moving towards an Agile, Product Management framework. By 2024, we will upgrade and simplify our core football administration system (moving from Whole Game System to Platform for Football) and provide enhanced capability to England teams. Our product lines cover all those that RUN , PLAY , LEARN as well as our responsibility to REGULATE , WIN and leverage DATA whilst also ensuring sufficient focus on the CORE BUSINESS online and PLATFORMS that support each product and service across the organisation. Join us in helping to DECIDE THE GAME and HAVE THE DIGITAL WORLD AT YOUR FEET . The Role and Key Accountabilities Provide the focal point for all InfoSec elements, both with FA technology partners and internally to FA and County FA stakeholders. Collaborate with the CISO service and the Head of Service Delivery to build an effective Info Sec roadmap that will increase the maturity of the FA's cyber security posture, through budget definition and implementation of fit for purpose Policies, Standards, Processes, and tools. Assist in defining the vision and set the strategy for IT Risk and Cyber Security at The FA, that proactively keeps our customers and our staff safe. Assist in delivering security behavioural change whilst communicating cyber security objectives across the organisation Work with the technical design authority with responsibility for all Info Sec aspects across the FA project portfolio: Design and build all Info Sec projects that deliver process or toolsets specific to Info Sec roadmap Ensure that all projects have defined security standards and are implemented as expected Ensure that all software lifecycle management includes secure coding standards, security validation and testing Validate that any third parties providing solutions or services to the FA meet a minimum set of defined security requirements Ensure the effective governance for InfoSec activities across the FA, aligning all IT partners in the delivery of security controls. Maintain all FA information security policies and standards, including regular reviews and updates Manage an assurance framework to monitor compliance against FA information security policies and standards across the internal FA user base and managed service providers Manage the operational effectiveness of any Info Sec service delivered via IT managed service providers Ensure effective and best practice use of identity and access management and privileged access management tools Manage plans for all BCP and DR with all FA and IT partner teams Act as a security incident responder, assisting in the management and co-ordination of activities for any Info Sec incident, ensuring analysis and effective actions are taken. Manage the planning and delivery of security testing activities, including the co-ordination of remediation tasks for vulnerability findings within the FA networks, applications, and any other related products. Work with IT partners to provide an effective training and awareness program to all FA users Ensure regular and documented meetings are held with the delivery partner to measure delivery performance and implement corrective actions where required Attend the Change Advisory Board, and Architecture Review Board, to ensure all Info Sec requirements have been considered and are provided in any existing or new solutions Execute additional tasks as required in order to meet FA Group changing priorities. Comply with all company policies and procedures to ensure the highest standards of health, safety and wellbeing can be maintained. What we are looking for Essential Experience in Information Security operations A thorough understanding of best practice within Information Security and risk management. Experience with managing third party service providers and business stakeholders Experience of managing information security incidents In depth knowledge of Info Sec marketplace and solutions Good project and change management skills Excellent knowledge and experience of using MS Office applications to fulfill reporting and analysis tasks Good technology experience and strong info sec technical background in both traditional and cloud (Azure preference) environments Experience with quality improvement processes to drive efficiency Effective presentation skills (written and verbal) The ideal candidate must hold at least one of the following qualifications: CISM / CISMP / CISSP / ISO 27001 Lead Implementer / ISO 27001 Lead Auditor Desirable Technology experience within Football or other sporting associations or a working knowledge of sports administration systems Experience working in a matrix structure/multiple client groups What we can offer you An exciting and challenging role within a changing, dynamic and world-renowned sports organisation. Attractive benefits and a competitive salary. Please be aware that unless you are on a homebased contract, your contract with The FA will specify a fixed location of either Wembley Stadium, St. George's Park or our Processing Centre. We currently work within a hybrid working model whereby the expectation is to work from your contractual location for part of the week, and as and when required by the team. The remaining days can be worked remotely. We will continue to monitor this model and it may be adjusted in future if deemed necessary. The Football Association Group promotes inclusion and diversity, and welcomes applications from everyone. If you have any particular requirements in respect of the recruitment or interview process please mention this in your application.
Sep 22, 2022
Full time
Our Organisation The Football Association The FA is the not-for-profit governing body of football in England. It is responsible for promoting and developing every level of the game, from grassroots through to the professional game, and generates significant revenue to support investment into English football each year. The FA oversees England international teams across men's, women's, youth and disability football, as well as running the National League System and FA Competitions including the Emirates FA Cup, Barclays FA Women's Super League, FA Women's Championship, and Vitality Women's FA Cup, and the world-class facilities of Wembley Stadium and St. George's Park, all with a purpose to Unite the Game and Inspire the Nation. 90 minutes to change our world Digital Technology HAVE THE DIGITAL WORLD AT YOUR FEET Technology is key to the FA's transformation. From supporting grassroots via our day-to-day digital presence, to using data-led insights to drive the game - to developing future focused platforms for professional football - our Digital Technology team is central to our future. Whilst investment in technology to make the experience of all participants relevant and easy, is already at the heart of how we can serve the game, we are looking to invest even further and deliver in a more iterative way, forming product lines and fully moving towards an Agile, Product Management framework. By 2024, we will upgrade and simplify our core football administration system (moving from Whole Game System to Platform for Football) and provide enhanced capability to England teams. Our product lines cover all those that RUN , PLAY , LEARN as well as our responsibility to REGULATE , WIN and leverage DATA whilst also ensuring sufficient focus on the CORE BUSINESS online and PLATFORMS that support each product and service across the organisation. Join us in helping to DECIDE THE GAME and HAVE THE DIGITAL WORLD AT YOUR FEET . The Role and Key Accountabilities Provide the focal point for all InfoSec elements, both with FA technology partners and internally to FA and County FA stakeholders. Collaborate with the CISO service and the Head of Service Delivery to build an effective Info Sec roadmap that will increase the maturity of the FA's cyber security posture, through budget definition and implementation of fit for purpose Policies, Standards, Processes, and tools. Assist in defining the vision and set the strategy for IT Risk and Cyber Security at The FA, that proactively keeps our customers and our staff safe. Assist in delivering security behavioural change whilst communicating cyber security objectives across the organisation Work with the technical design authority with responsibility for all Info Sec aspects across the FA project portfolio: Design and build all Info Sec projects that deliver process or toolsets specific to Info Sec roadmap Ensure that all projects have defined security standards and are implemented as expected Ensure that all software lifecycle management includes secure coding standards, security validation and testing Validate that any third parties providing solutions or services to the FA meet a minimum set of defined security requirements Ensure the effective governance for InfoSec activities across the FA, aligning all IT partners in the delivery of security controls. Maintain all FA information security policies and standards, including regular reviews and updates Manage an assurance framework to monitor compliance against FA information security policies and standards across the internal FA user base and managed service providers Manage the operational effectiveness of any Info Sec service delivered via IT managed service providers Ensure effective and best practice use of identity and access management and privileged access management tools Manage plans for all BCP and DR with all FA and IT partner teams Act as a security incident responder, assisting in the management and co-ordination of activities for any Info Sec incident, ensuring analysis and effective actions are taken. Manage the planning and delivery of security testing activities, including the co-ordination of remediation tasks for vulnerability findings within the FA networks, applications, and any other related products. Work with IT partners to provide an effective training and awareness program to all FA users Ensure regular and documented meetings are held with the delivery partner to measure delivery performance and implement corrective actions where required Attend the Change Advisory Board, and Architecture Review Board, to ensure all Info Sec requirements have been considered and are provided in any existing or new solutions Execute additional tasks as required in order to meet FA Group changing priorities. Comply with all company policies and procedures to ensure the highest standards of health, safety and wellbeing can be maintained. What we are looking for Essential Experience in Information Security operations A thorough understanding of best practice within Information Security and risk management. Experience with managing third party service providers and business stakeholders Experience of managing information security incidents In depth knowledge of Info Sec marketplace and solutions Good project and change management skills Excellent knowledge and experience of using MS Office applications to fulfill reporting and analysis tasks Good technology experience and strong info sec technical background in both traditional and cloud (Azure preference) environments Experience with quality improvement processes to drive efficiency Effective presentation skills (written and verbal) The ideal candidate must hold at least one of the following qualifications: CISM / CISMP / CISSP / ISO 27001 Lead Implementer / ISO 27001 Lead Auditor Desirable Technology experience within Football or other sporting associations or a working knowledge of sports administration systems Experience working in a matrix structure/multiple client groups What we can offer you An exciting and challenging role within a changing, dynamic and world-renowned sports organisation. Attractive benefits and a competitive salary. Please be aware that unless you are on a homebased contract, your contract with The FA will specify a fixed location of either Wembley Stadium, St. George's Park or our Processing Centre. We currently work within a hybrid working model whereby the expectation is to work from your contractual location for part of the week, and as and when required by the team. The remaining days can be worked remotely. We will continue to monitor this model and it may be adjusted in future if deemed necessary. The Football Association Group promotes inclusion and diversity, and welcomes applications from everyone. If you have any particular requirements in respect of the recruitment or interview process please mention this in your application.
Edward Reed Recruitment Limited
Newcastle Upon Tyne, Tyne And Wear
Senior IS Auditor The successful candidate will be part of the Internal Audit Section and will undertake a range of high profile IS audit assignments within the organization with a view to effectively address risk and add value to the business. Key responsibilities Supporting the business during the development of new IS and cyber initiatives as an independent specialist Working with the IS team and senior management to support the identification of emerging risks and, designing programs of work and controls to mitigate against these Leading the internal audit program for ISO27001 and ISO27019 Other general IS areas, for example audit reviews over data centres, cloud security, application reviews Designing and undertaking the IS internal audit work program, including preparing audit reports and presenting the results to senior management Supporting management in identifying key process or control improvements and efficiencies Supporting the Head of Internal Audit in delivering an effective and value-added internal audit service Undertaking adhoc assignments and special investigations where necessary Skills/Main Competencies Strong IS and in particular IS security technical knowledge Ability to effectively communicate with a wide range of stakeholders and constructively challenge management's views where necessary Personal drive and resilience to support the continuous improvement of the internal audit service Strong technical skills to identify process improvements to support the company to meet its IS and other objectives Ability to self-motivate, leading and delivering a portfolio of high profile IS audits from planning to reporting Excellent planning / organisational skills with a track record of being able to work to deadlines and prioritise tasks. Essential Qualifications and Experience CISA 5+ years' experience in a similar role Detailed understanding of IS processes and systems, including Information Security Management, IS Security including vulnerability assessment, IS Architecture, IS Strategy, IS Asset Management, Service Continuity management, IS Contract Management, Data and digitalisation Desirable Qualifications and Experience Qualified accountant (ACA, ACCA, CIMA, CIPFA) CISSP / CISM / CRISC / other relevant security certification ISO27001 Lead Auditor IS Risk Management
Feb 23, 2022
Full time
Senior IS Auditor The successful candidate will be part of the Internal Audit Section and will undertake a range of high profile IS audit assignments within the organization with a view to effectively address risk and add value to the business. Key responsibilities Supporting the business during the development of new IS and cyber initiatives as an independent specialist Working with the IS team and senior management to support the identification of emerging risks and, designing programs of work and controls to mitigate against these Leading the internal audit program for ISO27001 and ISO27019 Other general IS areas, for example audit reviews over data centres, cloud security, application reviews Designing and undertaking the IS internal audit work program, including preparing audit reports and presenting the results to senior management Supporting management in identifying key process or control improvements and efficiencies Supporting the Head of Internal Audit in delivering an effective and value-added internal audit service Undertaking adhoc assignments and special investigations where necessary Skills/Main Competencies Strong IS and in particular IS security technical knowledge Ability to effectively communicate with a wide range of stakeholders and constructively challenge management's views where necessary Personal drive and resilience to support the continuous improvement of the internal audit service Strong technical skills to identify process improvements to support the company to meet its IS and other objectives Ability to self-motivate, leading and delivering a portfolio of high profile IS audits from planning to reporting Excellent planning / organisational skills with a track record of being able to work to deadlines and prioritise tasks. Essential Qualifications and Experience CISA 5+ years' experience in a similar role Detailed understanding of IS processes and systems, including Information Security Management, IS Security including vulnerability assessment, IS Architecture, IS Strategy, IS Asset Management, Service Continuity management, IS Contract Management, Data and digitalisation Desirable Qualifications and Experience Qualified accountant (ACA, ACCA, CIMA, CIPFA) CISSP / CISM / CRISC / other relevant security certification ISO27001 Lead Auditor IS Risk Management