Security Assurance Analyst Lisboa

Security Assurance Analyst
Lisboa
Lisboa, Lisboa, Portugal

Springer Nature opens the doors to discovery for researchers, educators, clinicians and other professionals. Every day, around the globe, our imprints, books, journals, platforms and technology solutions reach millions of people. For over 175 years our brands and imprints have been a trusted source of knowledge to these communities and today, more than ever, we see it as our responsibility to ensure that fundamental knowledge can be found, verified, understood and used by our communities – enabling them to improve outcomes, make progress, and benefit the generations that follow.  Â

 Â

Purpose of the Role  Â

 Â

The Security Assurance Analyst is a role within the Assurance Team in the SN Tech department. It is responsible for policy development and for ensuring that the organization is aligned with the industry standards through internal security audits under the guidance of the Head of Security Assurance. The ideal candidate will have a strong background in information security, risk assessment , and compliance. Â

 Â

Responsibilities Â

 Â

Policy and Compliance: Â

Develop, review, and update security policies, standards, and procedures to ensure compliance with industry standards and regulations. Â

Monitor compliance with security policies and procedures across the organization. Â

Ensure adherence to relevant regulatory requirements and frameworks , such as GDPR, HIPAA, ISO/IEC 27001 , ISO/IEC 27001, PCI-DSS and CIS Controls Â

Perform Information Security assessments and GAP analysis Â

Training and Awareness: Â

P articipate and improve the security training and awareness program. Â

Create and deploy phishing campaigns. Â

Risk Assessment: Â

Participate in the Cyber Risk A ssessment process Â

Participate in the Risk Management process improvement Â

Â

Continuous Improvement Â

Participate in the continuous improvement cycle, by reviewing and improving existing policies and procedures. Â

Support Internal Audits: Â

Participate in the internal Audits from an Information Security perspective Â

Support the mitigation process for the findings related with Information Security Â

Â

Incident Response Plan: Â

Support the improvement of the incident response plan and related policies Â

Conduct
- incident analysis and reporting to identify lessons learned and areas for improvement. Â

Â

 Technical Expertise: Â

Be aware of current security technological trends such as SASE, SSE, XDR, SOAR, SIEM, CNAPP etc. Â

Be able to understand and audit the security controls implemented. Â

Â

Key Relationships: Â

CISO Team; Â

SOC Team; Â

Engineering Enablement Team; Â

Net
Ops Team: Â

Work Place Enablement; Â

Â

Experience, Skills & Qualifications Â

Minimum 5 years of experience in Information Security roles with
- on exposure in policy development. Â

Bachelor's degree in Computer Science , Information Security, or a related field. A Master's degree is preferred. Â

Professional certifications such as CISSP, CISM, CISA, or equivalent are highly desirable. Â

In-depth knowledge of information security frameworks, standards, and best practices (e. g. , ISO/IEC 27001, NIST, COBIT , CIS Controls ). Â

Strong understanding of regulatory requirements and industry standards related to information security. Â

Analytical mindset with the
-
- end view, ability to interpret data and present clear, actionable insights. Â

Strong written and verbal communication skills in English language for preparing detailed reports and interacting with stakeholders Â

Self-starter with a strong attention to detail and ability to manage multiple tasks and priorities in a
- paced environment Â

#LI-AR1