Information Security Risk Analyst

Management Level

G

Core Duties/Responsibilities
Risk Identification, Assessment and Analysis

• Assist and conduct comprehensive risk assessments to identify potential cybersecurity threats and vulnerabilities across EQ's infrastructure, data, applications, mobile and networks.
• Assist in conducting comprehensive security risk assessments for internal systems, third-party services, and cloud-based infrastructure.
• Review cloud architecture, deployment models, and services to identify gaps against industry best practices (e.g., CIS Benchmarks, NIST, ISO
• Utilise security tools and threat modelling techniques to evaluate the likelihood and impact of various security risks and identify the top priorities.
• Collaborate with DevOps and Cloud Engineering teams to advise on security controls and risk mitigation strategies in AWS, Azure.
• Analyse security data from multiple sources (including technical security documents, penetration testing results and code scans) to provide insights into potential risks and security gaps.
• Assist in designing and recommending risk mitigation strategies based on assessment findings, including updates to policies, security controls and technical solutions.
• Maintain Risk records and Risk Acceptances regarding IT, Information or Cyber Security in the Company's Risk Register/GRC tool.

Regulatory Requirements Identification

• Research, identify and interpret, with the help of legal and compliance team, cyber security requirements and standards (e.g. GDPR, NIST, ISO27001, SOX, AI Act, DORA).
• Stay up-to-date with evolving cybersecurity regulations and legal requirements at local, national and international levels in which EQ operates.
• Assist in compliance assessment and gap analysis to determine EQ's adherence to relevant cybersecurity regulations and frameworks. Ensure that these are incorporated into the Risk Process so that they are rigorously applied, where necessary, to new and changed IT systems and applications.

Third-Party Risk Management

• Conduct Risk Analysis of existing and new third-parties playing a significant role in the Company's supply chain and with access to Company or customer data or the Company's systems
• Track any significant risk issues arising to completion over agreed timescales.

Information Security Metrics & Reporting

• Assist by collecting and organising data, helping to identify potential risks across various business units and prepare appropriate metrics and reports.
• Support in the creation of regular and ad-hoc reports for Executives and senior management teams

Stakeholder Engagement

• Engage with various developers and stakeholders across the business in selecting tailored security training on the training platform.
• Engage in knowledge sharing sessions on emerging threats and security risk trends.

Risk Method Development

• Assist the Information Security Risk Manager in developing and maintaining the EQ Security Risk Process.
• Assist in developing and implement risk management strategies.
• Collaborate with IT and security teams to implement technical measures like firewalls, encryption, and MFA.
• Analysis and improvement of existing information security policies guidelines and procedures, creating new ones where required
• Define best practice in the design and coding of proprietary systems developed by the Company and support the development teams in adhering to such practices with advice, education and provision of dynamic and static application security testing tools.

We are committed to equality of opportunity for all staff and applications from individuals are encouraged regardless of age, disability, sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships. Please note any offer of employment is subject to satisfactory pre-employment screening checks.