About the Role An exciting opportunity has arisen to join our Information Security Compliance team.
You will assist in delivering compliance to internal and external standards, frameworks, and attestations.
You will also be responsible for the maintenance of documentation and processes necessary to maintain compliance to industry frameworks, including assisting with post internal and external audit finalisation of findings and follow-ups.
Key Responsibilities: Assisting in meeting compliance requirements within HL, such as PCI-DSS and in line with frameworks such as SWIFT CSCF, CSA CCM and NIST CSF.
Monitoring of scheduled compliance activities such as Firewall rule reviews, developer security training, colleague policy attestations and collecting and collating evidence of such activities to assist in audit and assessment activities.
Security Compliance oversight of transformation initiatives and cloud security compliance activities.
Collating and compiling Management Information to provide assurance to the Head of Infosec and CISO of ongoing security compliance.
Assisting in creating, reviewing and updating key ISMS documentation.
Working with risk functions to complete security controls testing and alignment of controls with industry frameworks, performing gap analysis and assisting with remediation activities.
Maintaining the program of remediation for audit and assessment findings.
Provide SME support to cloud teams for security compliance requirements.
About You We are looking for a proven professional with experience in a Security Compliance or Information Security role with a strong technical background.
Experience must have been gained within a regulated industry (preferably Financial Services) with experience of securing cloud environments such as AWS & Azure and understanding compliance requirements for cloud environments.
Certified to a recognised industry certification such as CISSP, CCSK, CCAK or equivalent.
Demonstrable experience of working with compliance and risk management in a NIST CSF or ISO27001 aligned environment, along with PCI-DSS and SWIFT.
Experience of identifying, articulating, managing and reporting Information Security risks and an understanding or risk management practices, aligned with industry best practice.
Achieved a Cloud Certification (AWS certified cloud practitioner, AWS certified solutions architect or AWS certified Security - Specialty)
What We Offer Discretionary annual bonus and annual pay review 25 days holiday plus bank holidays and 1-day additional Christmas closure Option to purchase an additional 5 days holiday Flexible working options available, including hybrid working Enhanced parental leave Pension scheme up to 11% employer contribution Sharesave scheme - have a real stake in HL's future Income Protection and Life insurance (4 x salary core level of cover) Private medical insurance Health care cash plans - including optical, dental, and outpatient care - confidential support including mental health counselling and remote GP Wellhub - unlimited access to fitness providers and wellness coach sessions Variety of travel to work schemes with bike storage and shower facilities Inhouse barista and deli serving subsidised coffee and sandwiches Two paid volunteering days per year