E

Resilience and Security Analyst

EFG Bank AG
Full-time
On-site
London, United Kingdom
Cybersecurity & Compliance
Description
 General Info
  • Department: COO
  • Work time Percentage: 100%
  • Location: London - Mayfair

Our Company

EFG International is a global private banking group, offering private banking and asset management services. We serve clients in over 40 locations worldwide. EFG International offers a stimulating and dynamic work environment and strives to be an employer of choice. 

EFG is committed to providing an equitable and inclusive working environment that is founded on the principle of mutual respect. Joining our team means experiencing a supportive environment, where your contributions are valued and recognised. We strongly believe that the diversity of our teams gives us a competitive advantage by fostering better decision-making and greater innovation.

Our Purpose and Mission

Empowering entrepreneurial minds to create value – today and for the future.

We are a private bank, offering personalised solutions on a global scale to private and institutional clients. Our sustainable success is based on our talents and on how we partner with our clients and communities to create lasting value.

Job Description

The Resilience and Security Analyst is pivotal in ensuring the effective governance and management of outsourced services and third-party vendors, in line with regulatory standards and Bank policies. This role is crucial in safeguarding the security and integrity of the organization's information assets by identifying risks, implementing controls, and driving continuous improvement.

The role also involves supporting relationship managers throughout the vendor lifecycle, ensuring regulatory compliance and adherence to SLA commitments. The Analyst will identify specific risks, threats, and vulnerabilities, respond to and assess gaps in local laws, regulations, and industry practices, and assist in developing tailored risk and security controls.

Reports To: Head of Operational Resilience and Third-Party Risk Management, and functionally to the Head of Data Management and Information Security

Main responsibilities:

Outsourcing and Third Party Risk Management

  • Manage end-to-end vendor lifecycle activities
  • Ensure regulatory compliance and adherence to Bank standards
  • Support relationship managers in monitoring vendor performance and resolving issues
  • Maintain a central third-party register
  • Collaborate with business functions and SMEs to complete risk assessments
  • Participate in due diligence assessments for new vendors
  • Assist in preparing monthly reporting packs and periodic Board reports
  • Support the development of policies and procedures

Information Security 

  • Implement the EFG information security strategy and related programs
  • Assist in preparing monthly Info Sec reports and periodic Board reports
  • Develop and maintain local security policies, procedures, and standards
  • Support the development of information security and crisis management policies and procedures
  • Implement and coordinate Clear Desk Audits
  • Identify, evaluate, and manage information security risks and vulnerabilities
  • Review security FLOD controls
  • Assist with reviews of Third-Party Risks
  • Ensure authorized access to or release of systems/data
  • Coordinate and conduct security awareness and training programs
  • Conduct regular security assessments and audits to ensure compliance
  • Stay updated on information security issues, regulatory changes, industry trends, and emerging threats
  • Support the response to local and regional security incidents
  • Support the assessment of privileged-level accesses
  • Implement preventative actions to prevent breaches and close risk gaps

Skills and experience

  • Bachelor's degree in Computer Science, Information Technology, or a related field preferred
  • 2+ years of experience in information security or vendor management
  • Detail-oriented and highly organized, with the ability to work under pressure
  • Self-motivated team player
  • Strong knowledge of information security principles, practices, and technologies
  • Knowledge of Outsourcing regulations
  • Excellent communication and interpersonal skills
  • Industry certifications such as CISSP, or CRISC are a plus

Our Values

  • Accountability: Taking ownership for tasks and challenges, as well as seeking continuous improvement
  • Hands-on: Being proactive to rapidly deliver high-quality results
  • Passionate: Being committed and striving for excellence
  • Solution-driven: Focusing on client outcomes and treating clients fairly with a risk-aware mindset
  • Partnership-oriented: Promoting collaboration and teamwork. Working together with an entrepreneurial spirit.

Application
Should you wish to apply for this position use this link to apply.