Job Responsibilities
The role of the Information Security Analyst will implement information security related tasks and focused on support and delivery, as advised and requested by the Head of Information Security (CISO). There are two streams of the organisational structure, Policy & Compliance and Technical Operations.
- Vendor security assessments in line with ISO27001, NIST, CIS, Cyber Essentials
- Policy updates/Risk management - tracking creation and review
- Maintain certification programmes and all coordination activity
- Document security breaches and assess the damage they cause and support the wider team
- Work with the security team and the wider IT team and external security partners to perform tests and uncover vulnerabilities and record and track for auditability and reporting
- Maintain company-wide best practices policy for security/Network/Software/Wi-Fi/Cloud/Messaging etc..
- Assist in performing penetration testing/Monitoring and recording Risk and assessment.
- Technical design authority & project review support
- Change delivery and security by design
- Security incident management and support
Skills Required
- Certified Information Systems Auditor (CISA), or ISO/IEC 27001 Lead Auditor or Implementer qualification
- Experience coordinating Audit, Risk programmes
- Certified Information Systems Security Professional (CISSP) would be beneficial
- Experience with computer network penetration testing and techniques
- Understanding of Firewalls, proxies, SIEM, antivirus, and IDPS concepts
- Understanding of patch management with the ability to deploy patches
- Demonstrable experience facilitating IT Control audit activities.
- Experience working with large and extended Operational and Engineering teams
This role offers hybrid working - 2 days WFH/3 days office based. But requires someone flexible for this to increase/decrease Dependent on workload.