Security Assurance Analyst

Harris Global
London (Central)
14 Oct 2016
24 Oct 2016
Contract Type
Security Assurance Analyst My client research investment strategies to predict returns in financial markets across multiple asset classes. The organisation can offer a dynamic, flexible and highly stimulating working environment, where good ideas are prized and rewarded. The Role This is an opportunity for a motivated, meticulous, and technically-minded person to join the Security Control Assurance team of a financial research institution. You will have responsibility for the design, implementation, operation, maintenance and continuous improvement of the framework for continuously testing and reporting on all security controls You will need a good working knowledge of underlying technologies used by security controls, and understand the objectives of security controls. A successful candidate will have the ability to switch between attack and defence mind frames and at the same time understand the business impact of discovered control weaknesses and gaps The Individual The ideal candidate should have experience, knowledge and demonstrable ability in: · Minimum two years’ experience of technical security assurance testing (please note this is not an audit role). · Penetration tools and techniques to discover ways of bypassing security controls · Experience of technical and process security controls for example AV, IDS, proxies, ASV, SIEM, FIM, IAM, PIM, cryptography, software security controls, and access management processes. · Operating in time critical, complex, and outcome-focused technical environments. · Understanding complex software and system interactions. · Understanding complex technical security controls. · Strong experience in one or more of the following scripting language: Python, PowerShell, PHP. · SQL. · Automated security compliance tools and automation of security control testing. · Strong verbal and written communication skills. · Managing and prioritising a large number of requirements. Desirable skills: · Knowledge of IT control and assurance frameworks (e.g. ISO, NIST, COBIT, PCI). · Experience in software development, security design, testing, operations and/or IT operations. · Security risk management. In addition, you will be expected to: · Work closely with the Security Risk Management team to ensure there is integration between the security risk and assurance functions. · Keep up to date with emerging security vulnerabilities and threats. · Work closely with the Security Implementation Group to discuss security control assurance findings. · Ensure the team can provide timely updates in both technical context as well as executive summaries in case the posture/threat landscape changes. This job was originally posted as