Reporting to the Information Security Manager, the Information Security Assurance Specialist plays a key role in strengthening the firm’s information security posture.
Identifies where security assurance testing of systems and processes is required, commissions tests from relevant suppliers, and manages findings through to resolution.
Provides security assurance across IT project and change management lifecycles by:
Identifying security requirements
Reviewing project design documentation
Working with technical stakeholders to mitigate information security risks
Requires a proactive, motivated individual who can quickly grasp technical concepts and clearly communicate risks to a range of stakeholders.
Requires a strong background in information security within professional or financial services.
Key Responsibilities
Plan, scope, commission, and oversee technical assurance testing, including:
Penetration testing of IT project deliverables prior to production release
Annual baseline penetration testing of core systems and IT infrastructure
Offensive security testing such as physical penetration tests and social engineering exercises (e.g. vishing)
Validate and prioritise test findings based on risk, and manage them through to mitigation or formal risk acceptance.
Collaborate with IT Architecture to review design documentation for new or significantly changed IT solutions, embedding security requirements from the outset.
Identify and assess information security risks associated with technical change requests.
Represent information security at Technical Change Advisory Board (T-CAB).
Drive continuous improvement in security assurance by:
Defining required security testing and appropriate timing
Pre-defining typical information security requirements for projects
Support management of the Information Security Management System (ISMS), including:
Maintaining policies
Producing management reports
Supporting compliance activities
Work outside standard hours (9:30am–5:30pm) when required.
Candidate Profile
Strong experience in information security or technical cyber security, ideally within a regulated or ISO 27001-aligned environment.
Strong knowledge of ISO 27001 and Cyber Essentials Plus standards.
Self-motivated, results-driven mindset with strong ownership and accountability.
Excellent organisational and prioritisation skills in a fast-paced environment.
Intellectual curiosity and commitment to continuous improvement.
Proven ability to collaborate effectively and communicate confidently with senior leadership.
Key Behaviour Attributes
Technical & Professional Expertise
Actively maintains and broadens technical knowledge
Drive to Deliver
Manages multiple tasks simultaneously and completes them on time
Communication & Influence
Presents information clearly, logically, and in a structured manner
Resilience
Adapts quickly to change and embeds improvements into processes
