Information Security Assurance Analyst - Dublin, Ireland - Insight Investment

    Insight Investment
    Insight Investment Dublin, Ireland

    1 week ago

    Default job background
    Permanent
    Description

    Company Overview:
    Insight Investment is a leading asset manager focused on designing investment solutions to meet its clients' needs.

    Founded in 2002, Insight's collaborative approach has delivered both investment performance and growth in assets under management. Insight manages assets across its core liability-driven investment, risk management, full-spectrum fixed income, currency and absolute return capabilities.

    Insight Investment is owned by BNY Mellon, a global leader in investment management and investment services.

    Insight has a clear mission and purpose to offer investors a different approach to achieving their investment goals; one that prioritises the certainty of meeting their chosen objectives in contrast to the traditional focus on maximising return and minimising volatility.


    Insight takes responsible investment seriously. In our view, it is as an essential part of deciding whether an investment is fair value.

    Insight is a signatory to the Financial Reporting Council's UK Stewardship Code4 and a founding signatory to the UN-supported Principles for Responsible Investment (PRI) in 2006.


    Insight has a global network of operations in the UK, Ireland, Germany, US, Japan and Australia.


    Division Description:

    Insight has established risk management and compliance functions to provide second line, independent oversight of the firm's investment management activities.

    These functions operate on an arm's length basis from Insight business staff.

    Investment risk

    The Investment Risk team is primarily responsible for the oversight and governance of investment risks within both pooled funds and segregated mandates.

    In addition, it ensures the business has adequate systems and controls in place to manage the risks arising from derivatives and other complex asset types.

    The team formulates and has oversight of our derivatives policies and carries out the model validation process as well as ongoing data quality controls.

    The team also provides advice and support to various groups throughout Insight.

    Operational risk
    The Corporate Risk team has responsibility for the design and development of the risk management framework.

    The team's objectives are the promotion and facilitation of forward-looking identification and assessment of potential risks considering both quantitative and qualitative impacts; implementing clear reporting and escalation processes to ensure that the residual risk profile of the firm is appropriate and in line with the Board's risk appetite and overseeing the timely setting and regular monitoring of actions required to reduce the risk profile or improve the control environment where these are deemed necessary.


    Information risk

    The Information Risk team is responsible for oversight and challenge of risk arising from the processing of the firm's operational information and personal data.

    The team is separate from Operational Risk because of the distinctive nature of technology risk controls.

    Information Risk works through maintenance of compliance with ISO standards for the firm's business continuity and information security management systems, through setting and communicating information policies, through direct access to IT and security teams, and by operation of non-technological information controls and training programmes.

    Information Risk is not a security or technology team, but it does use specialist knowledge of information processing controls as well as investment processes.


    Compliance

    The Compliance team has responsibility for the identification and assessment of current and future changes in regulation and other key inputs to the business, formulation of policy and provision of guidance and training to ensure that the Insight reputation is properly protected, regulatory standards are being met and any competitive opportunities from regulation changes are fully explored.

    The Team is responsible for ongoing advice on day-to-day business regulatory related issues and monitoring and assurance of robustness of controls and compliance with regulation.


    Position Description:

    The Information Risk team forms a 2nd Line of Defence function, with responsibility to operate the Information Security Management System (ISMS) and oversee information risk including security across the firm.


    The Insight Information Security Management System (ISMS) is certified compliant with ISO27001. As such, it includes identification and oversight of controls operated by first-line teams across the business.

    The purpose of the role is to assure the integrity of the ISMS and information risk response to regulation.


    Role Responsibilities:

    • Management, operation and development of control assurance.
    • Management of ISMS assurance audits and resolution of issues arising from them, liaising with colleagues across the firm.
    • Tracking and closure of internal audit and other issues
    In addition to the core responsibilities, the Analyst will participate in the broader functions of the team, including:


    • Approvals for high-sensitivity access and privilege
    • Response to customer and prospect diligence enquiries
    • Response to colleagues and assistance with training and awareness programmes.
    • Support and evidence for audits
    • Assistance with personal data privacy processes and controls
    • Identification and selection of tools and systems for efficient operation of the Information Risk function

    Experience required:

    • Clear understanding of the ISO27001 standard and compliance audit management rather than just experience of Annex A controls.
    • The level sought is equivalent to the "ISO 27001 Lead auditor" qualification.
    • Experience with other information security frameworks such as NIST Cybersecurity and AICPA SOC2 would be valuable.
    • Understand the objective and operation of information security controls in order to assess their design and effectiveness.
    • Effective communication and organisational skills are required.
    • Some understanding of investment management business and regulators would be beneficial but is not essential.
    • Analytical and organisational skills with the ability to work independently, and as part of a wider team, with minimal supervision.

    Insight is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief and sexual orientation.