Senior Information Security Governance & Risk Analyst - Remote

Overview

This role involves overseeing Landmark's risk management practices, performing both qualitative and quantitative data analysis, and effectively communicating findings to diverse audiences. Key responsibilities include leading risk assessments, presenting results, recommending actions, and promoting best practices. Additionally, the role focuses on enhancing risk management processes, conducting internal reviews, managing a team of analysts, and ensuring the effective implementation of risk treatment actions. Proficiency in FAIR is highly desirable.

In Short

• Lead the performance of Risk Assessments and present detailed results, recommending actions to address risks and drive best practices.
• Oversee the maintenance and continuous improvement of the risk management framework and artefacts.
• Enhance and refine processes and procedures for risk analysis and management activities.
• Integrate advanced risk management principals into policies, procedures, and standards, ensuring they are relevant and up to date.
• Ensure that thorough internal reviews are conducted to assess and improve the organisation's risk posture.
• Manage and mentor a team of risk analysts, providing guidance and support to ensure professional development and effective performance.
• A working knowledge of the FAIR (Factor Analysis of Information Risk) assessment methodology is highly desirable.
• Coordinate with teams to ensure effective implementation, verification, and closure of risk treatment actions.
• Maintain our ISMS in line with the ISO27001:2022 standard and ensure policies and procedures are effective across our organisation.
• Lead the response to 3rd party information security audits and questionnaires.
• Lead collaboration with Compliance and other teams on external and internal audits and reviews.
• Work closely with our procurement team to ensure that Supplier risks are effectively assessed and managed.
• Review 3rd party and customer security schedules to ensure we can meet the obligations outlined.

Requirements

• You will have experience in an Information Security GRC role or in compliance, auditing, data protection, information security, risk management, or a related field.
• You will excel at translating policy statements into actionable, implementable risk and security controls that can be monitored, audited, and continuously improved.
• You will possess the ability to evaluate their effectiveness and recommend enhancements.
• The drive and motivation to make improvements.
• Excellent communication skills.
• A proven track record in identifying Information Security risks and providing suggestions on mitigation/treatment through the implementation of risk treatment plans.
• Good understanding of common information risk and security management standards, frameworks, and laws/regulations: e.g. ISO/IEC 27001, GDPR, NIST 800-53, etc.
• Experience using FAIR (Factor Analysis of Information Risk) methodology to quantify risks.
• Experience with data mapping and risk assessment tools and processes that identify information security and cyber risks to business assets and operations is highly desirable.

Benefits

• Competitive salary and benefits package.
• Opportunities for professional development and career advancement.
• Flexible working arrangements.
• Work in a collaborative and supportive environment.
• Engage in meaningful work that impacts the organization positively.