Data Security Analyst x 3 – Financial Services - London
Data Security Analysts are required to join the newly created CIB Data & Information Security Team. Each Data Security Analyst will be dedicated to a specific set of business lines / entities.
The role will focus on reviewing and assessing any mitigation measure aimed to preserve the integrity, availability, confidentiality or traceability of data for the specific needs of the business area. More specifically, data security analysists assist business managers and chief data officers in operational data classification and link to security measures, review custom data leakage strategies for their own business domain and are directly involved in the deployment of bespoke security measures (data access right clean-ups, data masking strategies, encryption / signature prioritization, etc.).
Data and Information have been put at the heart of the new Cyber Security Model. This is an exciting opportunity to work with interesting new security challenges in an environment with many different teams, platforms and applications.
The role encompasses a number of activities & responsibilities:
- To drive, track, and assist in the implementation of data security remediation plans within its perimeter, including but not limited to : data access right reviews (share drives, share points, applications), bespoke DLP strategies, masking strategies as part of Data Protection in non-Production program, etc.…
- To assist Business Management and Chief Data Office teams in producing pragmatic classifications and prioritization relevant to Data Security and the implementation of the Data Security Maturity model.
- To perform risk assessments and establish cartographies related to data security across its domain of responsibility, including shadow / light IT situations
- To monitor overall risk exposure on its perimeter and report to Data Security risk officer
- To provide expertise on data security risks should requirements on confidentiality, integrity, availability, or traceability not be satisfied.
- To measure and provide guidance on effectiveness of remediation measures deployed on its perimeter, in particular for the residual risks (e.g. residual risk after data masking, encryption or signature of sensitive data).
- Excellent understanding of IT Risk management concepts and their implementation (not limited to IT Security)
- Strong technical skills required to understand vulnerabilities in detail and how to resolve/mitigate them, therefore being in capacity to assess effectiveness of measures and residual risk.
- Excellent knowledge of IT best practices, from development to production and security
- Well-developed written communication skills with the ability to summarise key issues, conclusions and recommendations. Target audiences will include regulatory authorities, internal/external auditors and senior business stakeholders
- Awareness of key FFIEC and NIST standards related to IT security or IT Risk (NIST Cyber is a must)
- Usage of COBIT 5 or ISO 38500 framework, or associated certifications (CISA…)
- Exposure or certification related to ITIL, CMMi
- Familiarity with security risk standards, such as ISO 3100/27001/27005
- Exposure to NIST SP 800-30, ISACA IT Risk framework or equivalent
- Experience of specific security products and technologies: RSA Archer, MS SharePoint Portals, Atlassian JIRA