Cyber Assurance Analyst London, England

Financial Conduct Authority

Full Time London, England 70000 GBP ANNUAL Today

Job description

Salary: National up to £62,000 and London up to £70,000 per annum – Salary offered will be based on skills and experience

Are you interested in joining a team that will help shape and deliver the future of Cyber Security at the FCA?

The Role

We are recruiting for a Cyber Assurance Analyst position. This role sits within the wider Assurance team of the Cyber and Information Resilience (C&IR) department.

C&IR is responsible for the management of cyber security at the FCA. 'Cyber security' means the protection of the FCA's data and systems from malicious activity, including theft, damage and disruption, in order that the FCA can deliver its key business functions.

Operational Assurance

C&IR will conduct security and data reviews, analysis and testing to confirm the appropriate application (whether through technology, process or behaviour) of the policies and the secure operation of the FCA's systems and the information and data thereon – such as:

Determining that correct measures of governance and controls are in place to validate identified cyber risks and vulnerabilities are prioritised correctly and remediated based on agreed C&IR SLAs
Validate operational decisions with stakeholders (such as BTS Product Groups) are made in accordance with our policies and standards and do not increase the overall risk exposure of the FCA
Assess, measure and report findings of our key applications and security and information assurance controls
Facilitate the identification and proportionate management of risk to our suppliers

What you will be doing

Directly support the development and operation of the systems and infrastructure assurance frameworks, helping ensure they remain aligned to the C&IR strategy
Represent the C&IR assurance framework where required to promote clear and measurable security assurance requirements and decisions
Drive secure testing and remediation of our critical applications with key stakeholders such as IT product groups, including red team testing
Supporting the development of the cloud assurance regime, within our cloud environments (i.e. AWS)
Tracking and planning of vulnerability prioritisation and remediation
Operating the running & development of security assessments & assurance testing activities
Operation of the pen testing process, including threat assessments and breach attacking simulations in conjunction with our third-party security testers
Ensure adequate monitoring capability is incorporated into solutions and feed into information and cyber risk metrics and key risk and performance indicators
Solid awareness of cyber and information security threats and their mitigations
Monitoring compliance with cyber policies, standards and frameworks, in particularly ISO 27001 and NIST 800, OWASP and MITRE
Build strong working relationships with key contacts, stakeholders and business colleagues
Assist in setting the scope for assurance activities and setting risk tolerance with regards to identified issues
Collate and produce (and automate where possible) assurance reporting and metrics that is appropriate for the relevant audience

What will the candidate get from the role?

Our competitive flexible benefits scheme gives you the opportunity to create a personalised benefits package, tailored to suit your lifecycle. You can use this allowance to purchase additional benefits such as dental or cycle to work or you have the option top up your base salary by taking this as cash. Core benefits that you will receive as standard are:

25 days holiday per year
Private healthcare with Bupa
A non-contributory Pension of at least 8% of your basic salary each month (there are several contribution levels that increase depending on your age – up to 12% a month once you reach the age of 35)
Life assurance of eight times your basic salary
Income protection
We support hybrid working which means you will be able to work from home up to 60% of the time over a month with the remainder of your time in one of our three office locations

You will also get

An opportunity to tackle a challenging, interesting and varied portfolio of work, working with key stakeholders and senior members across the FCA
An opportunity to own and drive the cyber assurance testing agenda
An opportunity to be innovative and contribute to an evolving team within the FCA
Broadening of existing technical skills and knowledge
Involvement in the development of cyber and information assurance activities within the FCA
Interesting and fast moving work in a friendly, goal-orientated environment
Involvement in a team that is making a difference to the way the FCA operates

The skills and experience you’ll have

We're a signatory to the Government's Disability Confident scheme. This means that we guarantee an interview to any disabled candidates entering under the scheme, who best meet the minimum criteria for a role.

Minimum

A technical degree or relevant professional cyber security qualification (e.g. CISSP, CISM, CCSP or CEH)
Demonstrable expertise working with ISO 27001/2, NIST 800-53, NIST CSF, CIS Top 20 , CIS benchmarks and/or ISF security frameworks
Possesses relevant expertise and qualifications in applying principles driven by industry best practice

Essential

Demonstrable experience within the design, implementation and management of systems and/or assurance frameworks
Detailed understanding of information security, particularly security testing and vulnerability management
Relevant experience in cyber security
Experience of a technical business change work stream
Ability to develop effective relationships with internal and external stakeholders

Desirable

Keen desire to keep up to date with online technologies and trends
Experience of a hands-on role involving pen testing and vulnerability assessment activities of complex applications and operating systems
Knowledge of COBIT or other recognised risk management frameworks

About the FCA

The FCA regulates the conduct of 50,000 firms in the UK to ensure our financial markets are honest, fair and competitive. We do this to make sure markets work well for individuals, businesses and the economy as a whole. For more information on what we do, our three-year strategy can be found

here.

The FCA's Values & Diversity

Our ambition is to cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences and similarities enable us to be a better organisation – one that makes better decisions, drives innovation, and delivers better regulation. We particularly welcome applications from women, disabled, and minority ethnic candidates, as under-represented groups

Flexible working

We welcome applications from candidates who are looking for flexible arrangements. Many of our staff work flexibly including working part-time, staggered hours, and job shares. We can’t promise to give you exactly what you want but we won’t judge you for asking.

Multilocation & hybrid working

As part of the FCA’s on-going commitment to develop our national presence, most of our vacancies are now open to working in our Edinburgh, Leeds, or London offices. This means that as part of the application process you will be able to select your preference of which office location you would like to work from.

Useful information

Applications for this role close at midnight on 21st June

This role is graded as Senior Associate - Regulatory

Security Clearance will be required for this role

Got a question?

If you are interested in learning more about the role, please contact Sara Holland on

[email protected]

Please note that all applications must be submitted through our online portal before the closing date, applications sent via email will not be accepted.

Post Jobs Online Apply Job