Security Control Assurance Analyst

Information Security London, United Kingdom


Description

Job Specification Security Control Assurance Analyst

The Company

At G-Research we research investment strategies to predict returns in financial markets across multiple asset classes. We also develop the research and execution platform to deploy these ideas in markets globally.

Our investment strategies, software and IT Systems are used to:

  • Evaluate, forecast and simulate investment ideas
  • Test for and control risk in investment portfolios
  • Maximise investment returns across a range of markets and products

Our software and services are used in markets around the globe and around the clock.

We offer a dynamic, flexible and highly stimulating working environment, where good ideas are prized and rewarded.

The Role

This is a rare opportunity for a motivated, meticulous, and technically-minded person to join the Security Control Assurance team of a financial research institution. The team is part of the Security Assessment and Assurance (SAA) department, which has overall responsibility for security risk and assurance.

The Security Control Assurance team is responsible for providing assurance of technical and process security control effectiveness, supporting security risk management activities and contributing to executive management reporting. This includes responsibility for the design, implementation, operation, maintenance and continuous improvement of the framework for continuously testing and reporting on all security controls. The team works closely with the Risk Management group that is also part of the SAA department, as well as the Security Implementation Group (SIG).

Candidates will need a good working knowledge of underlying technologies used by security controls, and understand the objectives of security controls. A successful candidate will have the ability to switch between attack and defence mind frames and at the same time understand the business impact of discovered control weaknesses and gaps. The role requires someone with drive, energy and a passion for technical security, assessment of security controls, automation, and the ability to think outside of the box. The successful candidate will have the ability to work independently, attention to detail and a desire to understand technology.

 

The Individual

The ideal candidate should have experience, knowledge and demonstrable ability in:

  • Minimum two years’ experience of technical security assurance testing (please note this is not an audit role).
  • Penetration tools and techniques to discover ways of bypassing security controls.
  • Experience of technical and process security controls for example AV, IDS, proxies, ASV, SIEM, FIM, IAM, PIM, cryptography, software security controls, and access management processes.
  • Operating in time critical, complex, and outcome-focused technical environments.
  • Understanding complex software and system interactions.
  • Understanding complex technical security controls.
  • Strong experience in one or more of the following scripting language: Python, PowerShell, PHP.
  • SQL.
  • Automated security compliance tools and automation of security control testing.
  • Strong verbal and written communication skills.
  • Managing and prioritising a large number of requirements.

 

Desirable skills:

  • Knowledge of IT control and assurance frameworks (e.g. ISO, NIST, COBIT, PCI).
  • Experience in software development, security design, testing, operations and/or IT operations.
  • Security risk management.

 

In addition, you will be expected to:

  • Work closely with the Security Risk Management team to ensure there is integration between the security risk and assurance functions.
  • Keep up to date with emerging security vulnerabilities and threats.
  • Work closely with the Security Implementation Group to discuss security control assurance findings.
  • Ensure the team can provide timely updates in both technical context as well as executive summaries in case the posture/threat landscape changes.