Information Risk Analyst London, England
Job description
About us
Since Aspen was founded in 2002, we have become a leading, diversified specialty insurance and reinsurance company. We respond thoughtfully and creatively to find the best outcomes for our clients and business partners through carefully-tailored solutions.
We believe the way we work is just as important as the work we do, and we are guided by our core values of respect, honesty, trust and professionalism.
Aspen is a great place to develop your career offering an exciting and challenging environment where achievement is rewarded.
The role
To provide information security risk analyst support and administration to the Information Security Lead supporting the overall IT Information Risk management framework.
The role requires a good understanding of the information and cyber security regulatory and legal framework (SOX, FCA, BMA, APRA, MAS etc) within which we operate and a focus on service and delivery to ensure we meet the needs of our internal and external stakeholders.
“Our Aspen Values are expected to be reflected in the delivery and performance of every role.”
Key accountabilities
Strategy and Planning
- Contributes, monitors, and advises on the plan developments and changes in order to ensure relevancy, compliance and optimal delivery
- Assists Information Security Lead in the preparation and implementation of the operational team plans to ensure these are in line with wider business strategy and reflect key priorities.
- Determines own work priorities and activities in line with agreed plans set out by the Information Security Lead to ensure the achievement of the function’s objectives.
- Provide information security risk analyst support and administration to the Information Security Lead. Tasks may be generated by incidents, projects or specific regulatory or legal demands. There is no set “business as usual” work.
Policy, Process and Procedures
- Work with the IT team to gather and produce KPI and KRI metrics on a weekly/monthly basis
- Work with the wider team to co-ordinate the monthly reports to key stakeholders (Audit, Risk CISO, CIO)
- Manage the IT compliance calendar to ensure the team is proactive in responding to regulatory demands
- Support the delivery of information and cyber security-related training programs tailored to the functions within the UK Platform; raise awareness and promote behaviours that encourage doing the right thing.
- Maintain a record of third party and regulatory questionnaires completed to ensure continuity and accuracy of responses and to assist future questionnaire completion
Environmental Awareness/Customer Focus
- Managing key stakeholders, keeping them informed of progress and issues in a timely manner
- Work with the external audit teams specifically regarding SOX audits, arranging meetings with internal control owners, assisting in the production of walkthroughs, gathering and reviewing evidence as required
Skills & experience
Knowledge And Experience
- A working knowledge of cyber and information security requirements within the London Market and Lloyd’s insurance marketplace from a Managing Agent’s perspective would be desirable.
- A sound understanding of IT compliance matters generally.
- An understanding of the relevance for Data Privacy and the importance of Information Technology controls.
- Experience in IT compliance matters
- Experience in supporting the submission of global regulatory returns and assessments on information technology and cyber security.
- Experienced at communicating with a wide range of teams across an organisation, including Risk Management, Internal Audit, Compliance, HR, IT Managers and business managers.
Other
We are an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
Apply now
