ISR, Assurance Analyst
Edinburgh (City of Edinburgh) IT development
Job description
Role Title: ISR Assurance Analyst
Business: Information Security
New or Existing Role - New
Grade: GCB5
Role Purpose
· The ISR Assurance Analyst role is part of the ISR Assurance team within Information Security Risk. The role of the ISR Assurance Analyst is to assist in the production and preparation of KRI data for the Assurance team as part of planning and preparation for the Assurance Reviews. The role holder will also be responsible for providing governance around the Assurance reviews, ensuring all reviews are carried out on time.
Key Accountabilities
Impact on Business
· Analysis of the Information Security Risks faced by the GB/GFs.
· Reviewing KRIs and the risk position of a GB/GF, region, or country
· Providing monitoring of GB/GFs adherence to applicable regulations and analysis of impacts from/exposure to upcoming changes in regulations
Customers / Stakeholders
· Lead on the preparation of risk analysis and KRI data to the ISR Assurance Review team as part of the planning and preparation for Assurance Reviews
· Liaising with interested parties including Audit, and other 2LoD functions external to ISR such as Operational Risk
· Providing analysis and explanation of the changes in the Information Security Risk position
Leadership & Teamwork
· Collaborating effectively with SMEs from across the ISR teams to understand changes in the Information Security Risk position
· Collaborate with ISR colleagues in other regions and countries to monitor and understand the Information Security Risk position for the GB/GFs
· Work with the ISR Information Managers to support the definition, review and update of the Information Security Risk KRIs
Operational Effectiveness & Control
· To support the end to end Assurance review process
· To provide regular reporting on assurance for various stakeholders as and when required
· To maintain effective communication with other ISR teams, 2LoD functions, Internal Audit, and GB/GF contacts.
· Complete other responsibilities, as assigned
Major Challenges
· Assist in the planning for all Assurance reviews, collating data from Risk Analysis team
· Establish ISR Assurance analysis as a useful resource for the new 2LoD ISR teams
· Create effective relationships with ISR GB/GF Oversight and Regional representatives through the provision of regular and ad hoc reports
· Support the development of a risk assurance analyst reporting framework
Role Dimensions
· Regulatory punitive damages and censures possible in the event of Information Security weakness and/or failures Potential significant reputational damage and consequent share price impacts due to Information Security incidents
Management of Risk
· The role is expected to adhere to all relevant FIM policies and operational risk guidelines
· Provide analysis of the exposure of the GB/GFs to information security risks, highlighting vulnerabilities, increases in risk, and risk position on emerging risks
Observation of Internal Controls
· Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
· Monitors adherence to the Information Security Risk policies (B.10.x) in the Global Risk FIM, the effectiveness of controls set up to implement these policies, and adherence to relevant regulations.
Desired profile
Qualifications :
Knowledge & Experience / Qualifications
· The role requires a good knowledge of ISR policies and standards
· Should possess good analytical skills to undertake analysis and interpretation of information risk related data, and identify the key trends and changes in the risk position that need to be highlighted as part of Risk Analysis.
· Experience working in relevant environment/s, i.e. Information Security, IT Operations, Software Delivery.
· Expertise in a relevant area i.e. production of Management Information, Analytics, or Risk related activities.
· Able to explain information security risks clearly and in non-technical language to the business and how these apply to them.
· Good technical writing skills to allow the results of risk analysis to be presented clearly, concisely and consistently.
· Have knowledge of ISR's role within the three lines of defence and the Operational Risk framework
· Able to build connections and work effectively as part of a virtual team of people across boundaries working on global risk analysis
· When required, able to escalate issues appropriately in order to ensure that remedial action is taken.
· Need to have strong interpersonal skills to build and maintain relationships with a wide range of people involved in risk analysis activities, from data collection to users of the analysis.
· A flexible and adaptable approach to change and will support others to respond in a similar way
· A flexible and adaptable management style with experience of developing yourself and others
· Professional Security Qualifications such as CISA, CISM, CRISC – preferable
We are an equal opportunity employer and are committed to creating a diverse environment.