Contract, Up to 6 months
Pay day: up to £700 a day
Location: Fully remote
Start Date: ASAP
Key skills: Vendor Security – Vendor Due Diligence
CPL are working with a global Pharmaceuticals to recruit for a contract Information Security Analyst.
To support and maintain EMEA’s information security management system including the delivery of information security controls; information security supplier assessments; information security incident management; information security awareness training and the maintenance of information security policies, standards and procedures, in accordance with ISO 27001 and other information security frameworks and legislation.
The role sits within the scope of the organisation’s ISO 27001 certified information security management system.
Main duties/responsibilities:
• Perform comprehensive third-party supplier information security due diligence assessments in a timely manner, report on results and recommend remediation actions
• Perform information security risk assessments and risk management activities
• Manage and support information security events and incidents through to resolution
• Manage the information security awareness training program, to ensure all employees develop and maintain an awareness about and comply will all applicable Information security policies, procedures, laws and regulations
• Support corporate compliance with the General Data Protection Regulation (GDPR) from an information security perspective
• Support the information security / IT audit processes for ISO 27001 and other compliance requirements
• Support the creation, implementation and maintenance of IT/information security standards, policies, processes and procedures in accordance with the IT/information security control frameworks such as ISO 27001
• Monitor, analyse and reporting on information security-based management metrics, in many cases using information security technologies such as DLP and SIEM
• Maintain awareness of new and changed security threats through review of specialist sites such as NCSC, CERT, etc
• Provide information security consultation, advice and guidance for EMEA business activities and projects
• Collaborate with global and regional compliance and information security teams on information security and data privacy initiatives and events as required.
• Any other IT/information security tasks as requested by Manager or Director
Experience required:
• Good knowledge of a broad range of IT technology platforms, products, services.
• Experience in an IT security / governance, risk and compliance-based role / information Security Management
• Knowledge & experience of developing and performing information security due diligence assessments of third-party organisations
• Knowledge & experience of conducting risk assessments/business impact assessments
• Practical experience of developing and executing remediation plans to address vulnerabilities/security risks and to achieve compliance with information security standards/IT control frameworks such as ISO 27001
• Demonstrated experience of audits to achieve compliance with information security standards
• Demonstrated experience in implementing and managing effective ISMS controls
• Demonstrated experience of working with external service providers within an information security role.
• Business/customer facing experience
• Proven track record of working both in a team and independently
If you are interested please apply or send your CV to [email protected]