Junior Risk Assessment Analyst

  • Location

    Glasgow, Scotland

  • Sector:

    IT Security

  • Job type:


  • Salary::

    Up to £0.00 per annum + COMPETITIVE MARKET RATE

  • Contact:

    Gail Maguire

  • Contact email:


  • High Salary:


  • Low Salary:


  • Reference:


  • Job Published:

    11 months ago

  • Duration:

    12 months+

  • Expiry Date:


  • Startdate:


Junior Risk Assessment Analyst - Glasgow

My client is a highly dynamic and globally successful Investment Bank. They currently have an opportunity for a Junior Risk Assessment Analyst to join their team in Glasgow on a contract basis.

The role:
Team Profile:
Supplier Security Assessment Program (SSAP)

Supplier information security risk management is facilitated through the Supplier Security Assessment Program.

The program was established to understand, assess and manage the Firm's relationships with external suppliers by promoting awareness and assessing them against prioritized information security risk factors.

In most cases, this includes suppliers whom may access, host, store and/or process the Firms sensitive data.

Primary Responsibilities:

As part of the Supplier Security Assessment Program this resource will be responsible for Information Security assessments globally where the Bank's data is stored, hosted, and/or processed externally with a supplier.

Key activities include:
- Ensuring Third party technology risk assessments (InfoSec reviews) are conducted in a timely manner and in accordance with required standards.
- Collaborating with Technology, Business Unites, Suppliers, Legal, and Sourcing to evaluate a supplier's policies and procedures, comparing them to firm standards and industry best practices (e.g. ISO27001, NIST).
- Interpreting and providing guidance on data risk and controls, specifically around vendors handling sensitive data.
- Presenting findings to management as required.
-Dealing with escalations and managing expectations.
-Reviewing and updating of key process documentation. -Conducting sample based QA of the InfoSec reviews.

Skills Required:
-Security or Risk Management
-Strong working knowledge of Technology Risk Controls -Technology Risk Assessments
- Strong Vendor management and third party technology assessments experience
-Strong experience in communicating with key stakeholders (e.g. third party vendors, business unit owners etc.)
-Professional qualifications from ISACA, such as Certified Information Systems Auditor (CISA), or ISC2, such as Certified Information Systems Security Professional (CISSP)
-Experience and a clear understand of relevant Industry Standards, best practice and certifications (e.g. ISO7001, SSAE16, NIST etc.).
-Bachelor's degree or relevant experience A thorough knowledge of Microsoft Word, PowerPoint and Excel with ability to create reports, analyses data using lookup functions and create pivot tables -Motivated self-starter, with the ability to be pro-active and work well as part of a team
-Excellent oral, written, communication and presentation skills
-Ability to build and sustain relationships with individuals at all levels of the organization and leverages this to achieve work-related objectives
-Dynamic individual with the ability to switch context quickly and work on multiple streams of work concurrently
-Excellent client facing skills, with an ability to interact at all levels of the organization
-Ability to multi-task with attention to detail Strong project management skills desired Microsoft SharePoint