Cloud Security Analyst - GRC
Bristol - Mainly Remote site visits once per month
£45,000 - £50,000 + benefits
Fantastic new permanent opportunity for an experienced GRC focused Cloud Security Analyst with this market leading financial services business based in Bristol.
As Cloud Security Analyst and a member of the Information Security team, you will provide specialist support focusing on Cloud Security Governance, Risk & Compliance. You will assist in delivering compliance to internal and external standards, frameworks, and attestations. You will also be responsible for the maintenance of documentation and processes necessary to maintain compliance to industry frameworks, including assisting with post internal and external audit finalisation of findings and follow-ups.
Main responsibilities:
Assisting in meeting compliance requirements within the business in line with frameworks such as NIST or ISO27001. Monitoring of scheduled compliance activities such as Firewall rule reviews, developer security training, colleague policy attestations and collecting and collating evidence of such activities to assist in audit and assessment activities. Security Compliance oversight of transformation initiatives and cloud security compliance activities. Collating and compiling Management Information to provide assurance to the Head of Infosec and CISO of ongoing security compliance. Assisting in creating, reviewing and updating key ISMS documentation. Working with risk functions to complete security controls testing and alignment of controls with industry frameworks, performing gap analysis and assisting with remediation activities. Maintaining the program of remediation for audit and assessment findings. Provide SME support to cloud teams for security compliance requirements. Skills Required:
Proven background within a similar GRC focussed Cloud Security Analyst position. Proven experience in a Security Compliance or Information Security role with a good technical background. Experience must have been gained within a regulated industry (preferably Financial Services) with experience of securing cloud environments such as AWS & Azure and understanding compliance requirements for cloud environments. Must be experienced in liaising with stakeholders at all levels and be confident in influencing business areas to meet compliance requirements. Certified to a recognised industry certification such as CISSP, CCSK, CCAK or equivalent. Demonstrable experience of working with compliance and risk management in a NIST or ISO27001 aligned environment. Experience of identifying, articulating, managing and reporting Information Security risks and an understanding of risk management practices, aligned with industry best practice. Achieved a Cloud Certification (AWS certified cloud practitioner, AWS certified solutions architect or AWS certified Security - Specialty) desirable. For any further queries regarding the role, please contact Danny Palmer at
#J-18808-Ljbffr
Assisting in meeting compliance requirements within the business in line with frameworks such as NIST or ISO27001. Monitoring of scheduled compliance activities such as Firewall rule reviews, developer security training, colleague policy attestations and collecting and collating evidence of such activities to assist in audit and assessment activities. Security Compliance oversight of transformation initiatives and cloud security compliance activities. Collating and compiling Management Information to provide assurance to the Head of Infosec and CISO of ongoing security compliance. Assisting in creating, reviewing and updating key ISMS documentation. Working with risk functions to complete security controls testing and alignment of controls with industry frameworks, performing gap analysis and assisting with remediation activities. Maintaining the program of remediation for audit and assessment findings. Provide SME support to cloud teams for security compliance requirements. Skills Required:
Proven background within a similar GRC focussed Cloud Security Analyst position. Proven experience in a Security Compliance or Information Security role with a good technical background. Experience must have been gained within a regulated industry (preferably Financial Services) with experience of securing cloud environments such as AWS & Azure and understanding compliance requirements for cloud environments. Must be experienced in liaising with stakeholders at all levels and be confident in influencing business areas to meet compliance requirements. Certified to a recognised industry certification such as CISSP, CCSK, CCAK or equivalent. Demonstrable experience of working with compliance and risk management in a NIST or ISO27001 aligned environment. Experience of identifying, articulating, managing and reporting Information Security risks and an understanding of risk management practices, aligned with industry best practice. Achieved a Cloud Certification (AWS certified cloud practitioner, AWS certified solutions architect or AWS certified Security - Specialty) desirable. For any further queries regarding the role, please contact Danny Palmer at
#J-18808-Ljbffr
