information security analyst

RiskWise is an audit, risk and compliance advisory firm based in Athens, Greece. Our expert advisers, having considerable proficiency in internal audit, risk management, compliance, and regulatory affairs, are able to help any kind of organization identify, evaluate, control, report, manage and limit their risks. We are currently trusted risk management advisers to the boards and executive teams of some of Greece's fastest growing enterprises.

We are looking for a junior Information Security Analyst. The main scope of this role is to support the functions of the information security team with various tasks and external team projects (BS 10012, ISO27001 and GDPR preparation, information security testing and monitoring. This role will cover the broad aspects of the principles of information security governance and technical control management.

Role Overview and Key Responsibilities

The right candidate will be able to demonstrate an understanding of and compliance with regulatory framework of the customers, whilst practising effective risk management taking account of outcomes for clients and also:

Make sure that the information security processes are running properly on a daily, monthly and quarterly basis. Output will need to be thoroughly validated and distributed.

Analyse and investigate various security events to validate security incidents and perform vulnerability assessments while providing findings with remediation actions

Contribute to the operation of an effective and robust risk management framework and internal governance framework by proactively and reactively handling security incidents handling and escalation to the appropriate stakeholders.

Monitor customers' infrastructure to detect security events and vulnerabilities, by using various security tools, technologies and other security resources and detect inaccurate/incorrect data and ensure that datasets, are responsible, are clean in terms of operational and regulatory compliance.

Support senior members (Lead Auditors, Data Privacy Experts etc) of the firm on an ad hoc basis and propose management, tuning and optimisation of security tools following best practises and other performance metrics

Support Regulatory Responsibilities (Compliance/T&C)

Basic Skills required

• ISO27001, ISO 27701, ISO 22301 knowledge/implementation
• Experience working with incident management tools
• Knowledge of various operational skills and cloud infrastructure
• Information security incident management to include reporting, response and escalation to management where appropriate
• Generate security metrics, dashboards and reporting for management review
• Assist with managing technical tasks and analysis as needed
• Manage client due diligence questionnaires on behalf of InfoSec and IT to include maintaining repository of responses and ensuring timely responses to requesting team
• Support team with data mapping, process flows, Information Systems Mapping, gap analysis, vendor risk management including maintaining third party questionnaires, collating responses, working with Risk and Compliance team where needed
• Maintain policy document management, versions and document control
• Work closely with the staff across firm to gather information on working practices to help improve security posture and processes, perform information systems audit, disaster recovery plans
• Support with education and awareness and communications
• Keeping abreast of latest IT security measures and controls

Education and Training

• Software / Computing and Information Systems Academic Background
• Good written and verbal communications and numeracy skills
• Certifications (CIA, CISA, CIPM,CISA,CDPSE, CISM,ISMS) would be considered an asset

Job Type: Full-time