Information Security Senior Assurance Analyst

EQ is a leading international provider of shareholder, pension, remediation and credit technology. With over 5,000 employees, it supports 37 Million people in 120 countries. EQ’s purpose is to care for every customer and simplify every transaction, deliveredwith less of an impact on the environment. EQ’s vision is to be the leading global share registrar, offering complementary services to its client base. **Role Summary** The Information Security Senior Assurance Analyst will be a part of a small team delivering a range of services. They will report to the CISO; they will manage the Information Security Client Assurance team, consisting of up to 4 other staff. They will contributeto all the aspects of the team’s services as appropriate to demand, workload, skills and experience. **Core Duties/Responsibilities** The Information Security Senior Assurance Analyst will be required to lead and undertake the following specific activities: - Penetration & Red Team Management_ - Take the lead in probing & exploiting security vulnerabilities, conduct adversary simulation to identify control gaps - Performing threat modelling - Generate reports on the results of security assessments, both from the results of vulnerability scanning and penetration testing. - Security Control Testing_ - Review security controls and perform test against each control. - Prepare metrics and dashboard containing key information on controls, deviation and recommendation how to strengthen the security posture of the company. - Recommend mitigation steps to management - Actively participate in compliance audits, vulnerability reviews and assessments - Vulnerability & Test Remediation Tracking_ - Track and manage any remediation or adjustment findings - Prepare appropriate metrics and dashboard - Policy & Standards Exception Management_ **Skills, Knowledge & Experience** The key skills and experience required for this role can be summarised as follows. The Information Security Senior Assurance Analyst will have managed a central functional role or be have been engaged in consulting in a relevant specialism. They should have accumulated at least 5 years’ relevant experience in a role in industry, auditservices or a consultancy. Preferably, extensive experience is required of: - Proven knowledge of exploiting common - Security policy and standards development - Education and awareness campaigns - Measurement of awareness and change In addition, the following key experience is required: - Experience in SEIM, DLP and endpoint monitoring and response technologies preferable - Excellent oral and written communication skills - Excellent presentational skills - Experience of delivering against similar accountabilities with global impact in an organisation of similar scale and complexity as EQ - Ability and motivation to work with parties inside and outside the security community through a cooperative, interactive, trustful and respectful approach - A "doer" with capacity to drive relevant activities personally - Proven track record of development, maintenance and distribution of policies and standards - Broad general knowledge of good information security practice - Track record of dealing with external expert suppliers in education and communications fields - Ability to lead and motivate a small team. **EQ Benefits** Being a permanent member of the team at EQ you will be rewarded by our company benefits, these are just a few of what is on offer: - 28 days + 8 bank holidays. Option to buy more days through salary sacrifice. - A cash payment annually towards flexible benefits, e.g. dental insurance, gym membership, the above extra holiday etc. - 4 x Life Assurance. - Company sick pay (2 months full pay, 2 months half, following probation). - Matched pension scheme (e.g. you pay in 6%, EQ pay in 6%), up to 10% each side (20% in total). - Discounts with major retailers (EQ Wins). - Maternity or adoption leave of 3 months full pay, with return to work bonus / 2 weeks paid paternity leave.