Information Security Analyst

Information security is an essential function at Lancashire and so is committed to its continuous improvement; the addition of this role is an important element in achieving its security objectives during Lancashire's time of digital transformation and growth.

Reporting to the Information Security Manager, the post holder will be responsible for evaluating cyber security controls, conducting risk assessments and collaborating with cross-functional teams. The post holder will support the Information Security Manager in maintaining all aspects of information security risk management including responding to security inquiries and incidents, maintaining cyber security governance, and ensuring compliance with relevant regulatory requirements.

• Support the Information Security Manager in delivering the Information Security Management System and to drive continuous improvement for information security.
• Evaluate and assess cyber security controls across the business and its third party vendors to ensure compliance with the NIST Cyber Security Framework (CSF).
• Conduct comprehensive risk assessments using the NIST CSF.
• Use risk management techniques to identify cyber threats, risks and issues in a timely manner.
• Support, develop and conduct third-party vendor security assurance activities.
• Collaborate with cross-functional teams to develop and implement risk management activities.
• Respond to security support tickets and other enquiries; providing information security support and escalation.
• Support the creation and collection of metrics, validation of security control performance and the identification of emerging cyber risks.
• Collaborate with the Enterprise Risk Management (ERM) team to maintain, develop and deliver cyber risk reporting and appetite statements.
• Maintain Information Security policy and procedure ensuring content is relevant to the current cyber threat landscape.
• Maintain, develop and test the Cyber Incident Response Plan, ensuring content is relevant to the current cyber threat landscape.
• Monitor, maintain and manage Lancashire compliance with its relevant cyber security regulation obligations.
• Manage actions and output generated by stakeholder engagements; for example customers, regulators, internal and external auditors.
• Maintain currency with emerging security trends, threat intelligence, industry standards and good practice, and security enhancing technologies.

• A degree in Computer Science, Cybersecurity, Information Security, or a related discipline, or up to two years of experience in an Information Security role.
• Understanding of cyber security control assessments, either through academic study or practical exposure.
• Familiarity with cyber risk reporting and risk appetite statements, gained through coursework or hands-on experience.
• Knowledge of recognised security frameworks such as NIST CSF, ISO27001, acquired through study or work experience.
• Awareness of cybersecurity compliance requirements with regulatory frameworks such as FCA, PRA, NYDFS.
• Understanding of governance frameworks including policy and procedure development.
• Ability to achieve against agreed deadlines.
• Ability to work both independently and collaboratively.
• Strong interpersonal and communication skills (written and verbal), with the ability to interact with technical and non-technical stakeholders at all levels.
• Strong analytical and problem-solving skills.
• Strong organisation and planning skills.
• A pro-active and enthusiastic approach.
• Knowledge of Microsoft systems (on-premises and Azure cloud), technologies, infrastructure, awareness of systems management and operational support tools.
• Acknowledges and responds positively to exceptional events in information security to meet the objectives of the business.

Desirable Skills, Knowledge & Experience

• Experience working in a professional services environment

At Lancashire, we believe our culture sets us apart. The way we behave and approach our work day-to-day is what makes us unique and creates a positive experience for our people, business partners and other stakeholders. Honesty and integrity in all we do is a given and The Lancashire Way reflects our true character and spirit.

Straight-talking

We feel empowered to share thoughts and ideas, because everyone's voice matters.

Collaborative

We work together towards common goals, share knowledge and support each other.

Hard-working

We all have a stake in the company's success and are proactive in contributing to our goals and vision.

Responsible

We focus on achieving tangible results with consistent standards across the Group.

Positive

We engage with brokers, clients, communities, stakeholders and colleagues professionally and passionately as proud ambassadors of Lancashire.

Lancashire are a provider of global specialty insurance and reinsurance products operating in Bermuda, London, the U.S. and Australia, across three delivery platforms: rated company, Lloyd's and collateralised security.

Our focus is on short-tail, specialty (re)insurance risks within four general segments: Property and Casualty, Aviation, Energy and Marine, and Specialty.