Job purpose

Evelyn Partners is looking for an Information Security Compliance Analyst with expertise in risk assessments, risk treatment advisory, third party assessments, security compliance and security assurance.

The candidate must have an ability to perform as a productive and pragmatic member of an Information Security team. The position will require the execution of day-to-day information security risk management activities and the enhancement of the overall effectiveness and efficiency of the information security risk management capabilities across Evelyn Partners. The successful candidate will also play a crucial role in ensuring our organisation's compliance with information security standards and frameworks, particularly Cyber Essentials, ISO 27001 and NIST Cybersecurity Framework (CSF) v2.

The successful candidate will need to work out of our Liverpool office at least two days per week.

Key Responsibilities

• Perform internal information security risk assessments and recommend mitigation actions / solutions.
• Collaborate with stakeholders and project teams to define security requirements based on scope, objectives, data, and technologies.
• Maintain risk registers and mange escalations, re-assessments, risk acceptance and risk exceptions.
• Evaluating and identifying new and current information security risks using both internal sources (audit findings, penetration test results etc.) as well as external sources (threat intelligence feeds, industry specific treat advisories)
• Continuously review security controls to assess changes in residual risk and the sufficiency of compensating controls.
• Review and manage security risk exception requests, ensuring timely reviews before expiry.
• Prepare reports with risk metrics, trends, findings, and ratings for key stakeholders.
• Assist in managing the ISMS, including audits, risk assessments, incident management, reporting, and security awareness.
• Maintain certifications, such as Cyber Essentials / ISO27001 / NIST CSF v2, against a backdrop of a growing firm and evolving regulations, technology and processes.
• Assist in developing control testing and assurance strategies, to ensure that organisation-wide security controls are meeting their objectives.
• Collaborate closely with internal and external stakeholders and SMEs.
• Identify best practices, develop technical standards, processes, and policies, and advise stakeholders on security.
• Develop and implement security policies, standards, and documentation ensuring compliance with legal regulations.
• Drive continuous improvement and contribute to internal and external cybersecurity collaboration.
• Serve as the security point of contact, guiding technology teams and business stakeholders.
• Engage with security allies to drive security initiatives and promote a risk-aware mindset.
• Remain current on industry standards for security in a technology environment.
• Ensure alignment with standards, recommend control improvements, and evaluate risks to confidentiality, integrity, and availability.
• Advise and guide business services on maintaining compliance with relevant legislation and security frameworks.