Risk Analyst (ISO 27001)

We are AMS. We are a global total workforce solutions firm; we enable organisations to thrive in an age of constant change by building, re-shaping, and optimising workforces. Our Contingent Workforce Solutions (CWS) is one of our service offerings; we act as an extension of our clients' recruitment team and provide professional interim and temporary resources.

Evelyn Partners is the UK's leading integrated wealth management and professional services group, with over 186 years of experience in helping generations of people and businesses to thrive. We offer an extensive range of financial and professional services to individuals, family trusts, professional intermediaries, charities and businesses.

On behalf of Evelyn Partners, AMS are looking for a Risk Analyst for a 6 Month contract based in Liverpool (Hybrid).

Purpose of the Role:

Evelyn Partners is looking for a Risk Analyst with expertise in risk assessments, risk treatment advisory, third party assessments, security compliance and security assurance.

The candidate must have a thorough understanding of and an ability to perform as a productive and pragmatic member of an Information Security team. The position will require the execution of day-to-day information security risk management activities and the enhancement of the overall effectiveness and efficiency of the information security risk management capabilities across the Evelyn Partners Enterprise.

The successful candidate will also play a crucial role in ensuring our organisation's compliance with information security standards and frameworks, particularly Cyber Essentials, ISO 27001 and NIST Cybersecurity Framework.

As a Risk Analyst you will be responsible for:

• Performing internal information security risk assessments and recommending mitigation actions/solutions.
• Collaborating with stakeholders and project teams to define security requirements based on scope, objectives, data, and technologies.
• Maintaining risk registers and managing escalations, re-assessments, risk acceptance and risk exceptions.
• Evaluating and identifying new and current information security risks using both internal sources (audit findings, penetration test results etc.) as well as external sources. (threat intelligence feeds, industry specific treat advisories)
• Continuously reviewing security controls to assess changes in residual risk and the sufficiency of compensating controls.
• Maintaining certifications, such as Cyber Essentials/ISO27001/NIST CSF v2, against a backdrop of a growing firm and evolving regulations, technology and processes.
• Assisting in developing control testing and assurance strategies, to ensure that organisation-wide security controls are meeting their objectives.

Key Accountabilities, Skills & Experience:

• Experience in using standards such as ISO 27001 (Implementation, Compliance, Certification, and audit reviews), NIST CSF, and Cyber Essentials.
• Experience working in an Information Security role dealing specifically with governance, risk and compliance areas.
• Prior experience writing Information Security related Policies, Processes and Procedures.
• Experience managing internal and third-party vendor risk assessments and writing risk assessment reports.
• The ability to effectively communicate security risks and impact to various business (often non-technical) stakeholders.

About the Client:

We provide an award-winning service for our clients by employing the best people. Join us on our mission to place the power of good advice into more hands because we believe that everyone deserves access to good advice, regardless of where they're at in their financial journey.

As a high growth organisation, we offer personal growth opportunities in an environment that empowers you to drive change. Our collaborative, open door culture supports you to perform at your best, with high levels of autonomy and a strong partnership mindset across the organisation.

Next Steps:

This client will only accept workers operating via an Umbrella or PAYE engagement model.

If you are interested in applying for this position and meet the criteria outlined above, please click the link to apply and we will contact you with an update in due course.

AMS, a Recruitment Process Outsourcing Company, may in the delivery of some of its services be deemed to operate as an Employment Agency or an Employment Business.