Reference No 27202 Ensure all your application information is up to date and in order before applying for this opportunity. Job Title Information Security Analyst Type Permanent Salary Range Competitive Division Business Services Sub Division Business Services Department Information Security (10001024) Location 55 Baker Street The threat to the security and integrity of IT environments through cyber-attacks is increasing; the Property Services industry being not immune to these risks. Recognising this threat, Knight Frank are increasing their focus on IT Security and Information Risk Management, with investment in people, process and technology. The Information Security Analyst will support the development of a the firms’ IT and Information Security governance framework. The role will monitor the execution of IT and Information Security standards across the Group, working to identify and analyse issues and influence actions to mitigate risks. Working within the Information Security practice, the role will risk assess the implementation of new technologies and IT change within Knight Frank. Alongside the Information Security Architect, it is expected that the role will advise, from the design stage in the Project Management Lifecycle, on IT Security requirements to accept these changes into an operational state. This may include external risk assessments and internal operating process enhancements. The role will collaborate with business stakeholders to understand the emerging needs of our clients and will provide insight on the expectations of organisations in our key industry verticals. The role will provide advice on accreditation requirements that will most prominently position Knight Frank in the market, supporting an aspiration for IT Security and Information Risk Management to be considered an enabler for business growth. As required, the role will manage and coordinate the firm’s response to technology related audit requirements. This includes the maintenance of the Firms’ ISO27001 accreditation and the response to ad-hoc audits requested in support of client proposals and engagements. Responsibilities Develops and maintains Information Security Management practice and process to ensure certification to required industry standards (e.g., ISO 27001) within relevant geographic boundaries. Develops, proposes and seeks sponsorship for changes to policies, procedures and controls to ensure the integrity of our IT service and effective management and control of our information assets. Facilitates the implementation of these controls. Provides support and guidance across the Knight Frank business, informing key stakeholders of the impact of changes in industry practice and regulation on the use of technology/data in the delivery of our services. Performs focused information risk assessments of existing or new services and technologies, alongside the Project team and technology subject matter experts. As required, will extend the assessment of existing and proposed services to third party suppliers, including the facilitation of IT Security checks during the supplier onboarding process. To advise on and, where needed, perform internal audit to ensure it meets the requirements of our accreditations. This includes occasional travel within the UK and overseas offices. In collaboration with Learning and Development, designs and maintains the firm’s mandatory training for IT Security, Information Risk Management and related subject matter (as it becomes relevant to our business). Maintains strong working relationships with individuals and groups involved in managing information risk across the organisation. Active participation in Information Security and Data Protection governance and working groups. Responds to information security requirements to support client proposals and undertake PQQ and audit requests from clients as required. Monitors information security incidents, contributing to incident response and root cause analysis. Will own resulting actions as required where they relate to required changes in IT Security and Information Risk Management policy and controls. Professional experience and personal skills profile 5+ years of work experience in roles with responsibility for the delivery and management of Information Security, preferably as an information security or risk analyst. 3+ years’ experience in a role with accountability for regulatory compliance and information security management frameworks (e.g., International Organization for Standardization [IS0] 27000, National Institute of Standards and Technology [NIST] 800). Demonstrable experience is facilitating IT Control audit activities. Desirable, but not essential Bachelor or Master’s degree in business/Computer Science/Information Security or a related field. Relevant IT Security or Information Risk Management qualifications (Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA)). A general background in working within IT, preferably within an Infrastructure or Application support/management role. Particular Aptitudes/Skills Required This role requires an individual with the ability to communicate and deal with others at all levels with confidence. The successful candidate will be flexible, self-motivated, organised and pro-active with the ability to adapt to a wide range of tasks. Proven analytical, evaluative, and problem-solving abilities. Excellent written and oral communication skills. Excellent interpersonal skills. Ability to present technical information and ideas in business-friendly and user-friendly language. Keen attention to detail. Ability to effectively prioritize and execute tasks in a high-pressure environment. Exceptional customer service orientation. Extensive experience working in a team-oriented, collaborative environment.