Information Security Analyst

Onsite / Hybrid - day per week onsite norm, but due to construction currently it is days per week until further notice.

• Design Test cases to evaluate the IS capability / control design effectiveness and operational effectiveness
• Executes day-to-day operational IS control testing work and contributes to the delivery of the testing and monitoring function and manages scope of deliverables
• Undertakes testing assignments, drafts test findings for review, facilitates issue tracking and validates them to closure.
• Drafts high quality test reports for review by senior management, facilitates finding tracking and validates actions taken to remediate previous test findings
• Executes IS Control effectiveness test fieldwork in line with the agreed test approach , documenting Process Flows, identification of key risks, testing of key controls to determine whether they are properly designed and are operating effectively and documenting work in accordance with standards
• Communicates openly with management and the internal stakeholders; keeps them informed of potential findings and escalate problems / delays accordingly. Further, partners with other divisions / teams during IS Control effectiveness tests engagement to use a collaborative approach
• Significant and multi-year work experience in the Information Technology / Information Security area or in IT Audit, preferably in the financial industry; ideally combined with experience in project management
• Experience in global and diverse teams across different time zones and within a matrix environment
• University degree in Computer Science / (Commercial) Information Technology or equivalent qualification
• Professional appearance and strong verbal and written communication skills and the ability to communicate on all hierarchy levels. Fluent in English is required; German language skills are of benefit
• Professional / industry recognized certifications (, CISA, CCSP, CISSP, OSCP) are highly beneficial to cover a broad range of Information Security areas where relationship with the business or IT is required
• Strong knowledge of IS threat analysis and frameworks (, MITRE Telecommunication&CK Framework) as well as cyber security standards (, NIST, OWASP, ISO) and knowledge of the regulatory environment in the financial sector (, KAIT, BAIT, ESMA cloud guidelines)