Information Security Risk Analyst

ABOUT RWS:

RWS Holdings plc is the world’s leading provider of technology-enabled language, content management and intellectual property services. We help our customers to connect with and bring new ideas to people globally by communicating business critical content at scale and enabling the protection and realization of their innovations.

Our vision is to help organizations interact effectively with people anywhere in the world by solving their language, content and market access challenges through our collective global intelligence, deep expertise and smart technology.

Customers include 90 of the globe’s top 100 brands, the top 10 pharmaceutical companies and 18 of the top 20 patent filers worldwide. Our client base spans Europe, Asia Pacific, and North and South America across the technology, pharmaceutical, medical, legal, chemical, automotive, government and telecommunications sectors, which we serve from offices across five continents.

Founded in 1958, RWS is headquartered in the UK and publicly listed on AIM, the London Stock Exchange regulated market (RWS.L).

For further information, please visit: www.rws.com

The Role: 
The Information Security Risk Analyst will identify and mitigate security risks by advising the business on security issues, supporting the development of standardised secure architectures, ensuring consistent implementation of information security policies, standards, procedures, and controls to effectively improve security posture.

Duties:
* Management and supervision of security risk management activity
* Supporting business functions with scoping, requirements gathering, risk assessments, and design of security projects 
* Performing security reviews of business processes and supply-chain engagements, identifying control gaps, and helping to develop suitable security risk management plans
* Managing security incident investigations, including creation of incident reports and hosting debrief meetings 
* Collaborating with solutions teams to ensure appropriate adoption of security by design principles
* Implementation of information security program tools and solutions
* Developing standard operating procedures in line with security policy
 

Person Specification
Skills and Experience
* Knowledge of Information Security standards and guidelines such as ISO 27001, ISO 27005, ISO 31000, NIST CSF
* Knowledge of secure software development methodologies, tools, and DevSecOps practices
* Hands on experience with performing security risk assessment and maintaining a security risk register
* Hands on experience of managing and reporting on information security incidents
* Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defence-in-depth)
* Familiarity with local, enterprise and cloud-based (especially Azure and AWS) networking architectures and relevant security frameworks
* Knowledge of appropriate data security regulations such as GDPR, HIPAA 
* You are a naturally organised and methodical person who can follow and enhance a structured process
* You have a strong interest in IT and Information Security
* You are a naturally organised and methodical person who can follow and enhance a structured process
* You have an ability to establish relationships easily but can be assertive when required.

Education: Degree or certifications in Information security
Experience: 2 years + in a similar information security role