Threat and Controls Assessment Analyst

Description

We are IT Recruitment Specialists partnered with a prestigious Global Consultancy who required a Threat and Controls Assessment Analyst - London for one of their public sector clients based in the UK.

• IR35: This role is inside of IR35
• Initial duration: 6 months

Role and tasks

Description:

What you will be doing;

The Threat and Controls Assessment Analyst role will work as part of the global team to perform Threat Modelling on HSBC services.

Key Responsibilities:

• Perform effective threat and control assessments for business services across the HSBC estate.
• Liaise with Developers, Architects and other Technical Leads to understand the end to end service and identify where there are any control gaps
• Understand the Business requirements, evaluate potential products/solutions and provide technical recommendations.
• Be "hands on" with technology and contribute to the design, development and the support of projects with security recommendations.
• Identify threats across the IT estate; including applications, databases, network and other infrastructure components.
• Engage with other Cybersecurity teams, senior management and members of the Business when confronted with potential security issues.

What you will bring to the role;

To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills:

Mindset

• An inquisitive approach, always asking how to achieve goals in a smarter and more effective way
• An ability and interest to learn and experiment with new approaches to vulnerability management, in different contexts, across the amazing scale that HSBC brings.
• Stay up to date within the industry of new trends, and best practices

Good Risk and Controls understanding

• Knowledge and exposure of Risk and Control Management
• Ability to understand and assess both threats, controls and vulnerabilities, articulating these to both technical and business stakeholders.
• Knowledge of different frameworks and methodologies including Threat Modelling using STRIDE and the MITRE ATT&CK Framework.
• Desirable to have one or more industry-recognised cybersecurity-related certifications including CISSP, CRISC, CISM or Cloud Security Certifications

Strong Technical background

• Proven experience in general security concepts and principles and application specific security concepts and principles.
• Proven experience working in a large scale, multi-national and technologically diverse environment
• Hands on experience with threat modelling and strong technical understanding and experience of assessing vulnerabilities and identifying weaknesses in diverse enterprise IT assets
• Strong understanding of applications design and architecture
• Strong understanding of Software Development Life Cycle (SDLC) with a focus on security
• Knowledge and experience with network, host and application security practices
• Understanding of emerging technologies and corresponding security threats
• Strong stakeholder management and communications skills
• Experience of working in international and diverse environments
• Experience in engaging with business, technology, regional and regulator stakeholders
• Ability to communicate to executive leadership - effectively translating technical gaps into business risk
• Ability to prepare concise presentations and updates for senior management

Interpersonal Skills

Influential, credible and persuasive, active listener, embraces HSBC Values, shows good judgement and demonstrates high level of communication skills in order to achieve effective stakeholder management

If you are interested in this position and would like to learn more please send through your CV and we will get in touch with you as soon as possible. Please note, candidates are often Shortlisted within 48 hours.