Information Security Consultant – System and Organization Controls, SOC 1/SOC 2 Compliance
Tevora
Cyber Security
Cyber Governance and Compliance Analyst
The Ardonagh Group
full-time
Posted on:
Origin: • 🇬🇧 United Kingdom
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
Cyber Security
About the role
- Support with maintaining information and Cyber Security governance artefacts (Policies, Business Standards, Cyber Metrics).
- Assist Operational Teams with processes and procedures, providing reviews, advice, and contributions to procedural documents.
- Support in developing, maintaining and updating Cyber Education and Awareness content.
- Conduct ad-hoc reviews and oversight of operational access management processes to ensure effectiveness.
- Effectively leverage the Everywhen risk framework to identify, analyse and manage cyber risk within the estate reflecting in-depth knowledge and experience.
- Manage and assist in completing cyber due-diligence requests for clients and internal stakeholders.
- Manage and assist in cyber security assessments for new mergers and acquisitions.
- Apply assurance processes to accurately identify and register cyber risks.
- Collaborate with the IT Governance function to identify significant areas of IT risk.
- Tracking, management and reporting of risk, control and deviation remediation activities.
- Update the risk register of information assets with risks associated with each asset.
- Maintain the risk register of exceptions, assess and record the risk associated with any exceptions.
- Report to the Chief Information Security Officer and collaborate with Cyber Governance, Education, and Awareness Analyst to develop cyber risk posture.
Requirements
- A degree in Cybersecurity, Information Technology, Information Systems, or a related field.
- Relevant qualifications such as CISA, CISSP or CISM would also be desirable.
- Cyber security experience within a large complex corporate regulated environment and familiarity with cybersecurity regulations and frameworks (e.g., NIST, CIS, GDPR) and their application.
- Strong understanding of cybersecurity principles, threats, and risk management practices.
- Proficiency in security tools and technologies.
- Knowledge of data protection and privacy laws relevant to the organisation.
- Ability to work under pressure, prioritise and manage workload with high autonomy, integrity and assertiveness.
- Excellent analytical and problem-solving skills.
- Strong communication skills across all mediums.
- Ability to work collaboratively and build relationships with stakeholders at all levels.
- Proactive and able to manage multiple tasks in a fast paced environment.
