The Job logo

What

Where

Senior Analyst - Controls & Standards Governance

ApplyJoin for More Updates

You must Sign In before continuing to the company website to apply.

Smart SummaryPowered by Roshi
Support the wider team with Information Security controls assurance activities and governance of Information Security Standards & Guidelines.

Role Purpose:

Support the wider team with Information Security controls assurance activities and governance of Information Security Standards & Guidelines.

 

Key relationships & committees:

Maintain key relationships with Cyber Security stakeholders and second line of defence.

Support Business Information Security Officers across different LSEG divisions.

 

Key Responsibilities:

  • Provide support with the execution of risk and controls assessments & other cyber assurance related activities for the Control Assurance and Standards function. 
  • Maintain and update the cyber control library ensuring controls and other key attributes of the library are aligned to industry best practice (NIST Cyber Risk Institute Profile). 
  • Conduct the assurance of cyber controls with control owners.
  • Support the wider team with testing of security controls, ensuring artefacts and metrics are reviewed to demonstrate controls are designed and operated effectively (DE & OE).
  • Track control deficiencies with control owners through to completion. 
  • Update and maintain Cyber Security Standards in line with industry best practice.
  • Ensure the annual review of Cyber Security Standards is completed.  Manage internal stakeholder feedback.
  • Support LSEG divisions in maintaining Security certifications (ISO 27001, SOC2) from a Controls and Standards perspective.
  •  Assist and support other GRC teams and wider cyber security team to ensure their deliverables are met. 
  • Work closely with audit and regulatory teams regarding queries around controls and standards.
  • Perform maturity and gap assessments of cyber controls and standards to industry recognised best practice.
  • Liaise with multiple stakeholders across different business units e.g. BISO’s, other LSEG legal entities, second and third line of defence ensuring GRC related queries are addressed in a timely manner.

 

Technical/Job Functional Knowledge:

  • Have a good understanding of NIST Cyber Risk Institute Profile, ISO27001, SOC2 and/or ISF Standard of Good Practice.
  • Experience of conducting RCSA/RCA or other cyber control assurance activities.  Knowledge of testing controls to determine if they are designed and operating effectively (DE & OE).  Be able to challenge control owners, identify control gaps and propose suitable remediation plans.
  • Experience in reviewing Information Security Standards, understanding the hierarchy of policies, standards and guidelines to determine the level of detail which is suitable for each. 
  • Although this is not a technical role, you must be able to demonstrate technical competence.  Therefore, demonstrate experience of implementing and reviewing cyber controls for Identity & Access Management, Perimeter security, Vulnerability Management, Security Engineering, Security Architecture, Security Operations Centre and Cloud Security.
  • Proficient in Microsoft Office, in particular Excel and PowerPoint.  Be able to analyse data and produce reports and metrics.  Experience in the use of Cyber GRC platform preferred.
  • Experience in maintaining cyber security certifications (ISO27001 and SOC2).
  • Good understanding of upcoming legal and regulatory requirements affecting Information Security and Technology.
  • Experience in Financial Services or other organisations where mature cyber controls are implemented would be beneficial.
  • Suitable qualifications such as CISSP, CISM, CRISC or MSc in Information Security. 

 

Personal Skills and Capabilities:

  • An adaptable team player.
  • As required support other GRC teams or work on ad-hoc projects.  This is a role where your peers will be able to support you and likewise you should be able to support them on engagements which cover different GRC domains. 
  • Good communication and presentation skills when engaging with clients and other internal stakeholders.  This role requires you to regularly interact with 2LoD and different legal entities within LSEG.   
  • Be able to work within a global team which is based across multiple locations.
  • A can-do attitude, being able to meet deadlines and prioritise workload. 
  • Objective analysis of poorly defined problems
  • Partnership and influence
  • Negotiation management
  • Able to engage with technical stakeholders and discuss technical controls.


 

Set alert for similar jobsSenior Analyst - Controls & Standards Governance role in Bengaluru, India
LSEG (London Stock Exchange Group) Logo

Company

LSEG (London Stock Exchange Group)

Job Posted

a year ago

Job Type

Full-time

WorkMode

On-site

Experience Level

3-7 Years

Category

Technology

Locations

Bengaluru, Karnataka, India

Qualification

Bachelor

Applicants

Be an early applicant

Related Jobs

LSEG (London Stock Exchange Group) Logo

Workday Senior Analyst

LSEG (London Stock Exchange Group)

Bucharest, Bucharest, Romania

+1 more

Posted: a year ago

Join our team as we look for an experienced candidate who can embed Workday and collaborate with People Function to deliver critical projects. Be a part of our fast-paced environment and contribute to process improvements. An excellent opportunity for someone with Workday knowledge!