Fletchers Solicitors
loading
Make a Claim

Information Security Analyst (SYS032)

Back to vacancy list

Information Security Analyst (SYS032)

Added 1 month ago

Main Purpose:

You will be a ‘hands on’ cyber security, risk management and data compliance lead ensuring we are able to comply to GDPR, Cyber Essentials Plus and ISO27001 accreditations. You will be required to upskill our service desk teams about data and security best practice ensuring they are able to perform all repetitive tasks competently. You will ensure adherence to high data integrity standards which are key to this role.

Principal Duties and Responsibilities

Reporting directly into the Director of Technology Operations, the main duties will include:

  • Creation and ongoing management of the ISO27001 Information Security Management System (ISMS).
  • Management of technical security compliance with company policy, educating stakeholders and working with them to achieve and record technical security compliance
  • Owns the Technical Security policy (TSP), maintains and reviews that document in keeping with legislative, regulatory and policy requirements, communicates content to stakeholders
  • Provides consultation on the technical security roadmap for the business including technical aspects such as anti-malware, Data Loss Prevention (DLP), Security Event and Incident Management (SIEM) and Intruder Prevention/Detection Systems (IPS/DPS)
  • Fully collaborates with the Infrastructure & Software Development teams where required to assist in specific security standards, project design and implementation activities
  • Ensures that technical security processes and procedures are maintained in keeping with compliance requirements
  • Acts as a technical security Subject Matter Expert (SME) for the business as a whole

 

 

 

  • Manage technical vulnerability assessments (including regular penetration testing) of IT systems and processes, identifying potential vulnerabilities, making recommendations for risk mitigation and implement subsequent approved changes
  • Keeps abreast of security vulnerabilities and implements a proactive defensive strategy for the company to defend against electronic threats
  • Engage with our Compliance team & internal auditors to deliver robust improvement strategies, risk management practices and continual improvements relating to all facets of information security
  • Evaluate existing and products and third-party security cloud-based security capabilities in keeping with internal processes and make recommendations
  • Provide full support for security incidents including the management of forensic investigations, identifying, and implementing resolutions in keeping with internal processes
  • To support and contribute to the organisations corporate goals and business objectives
  • Act as a point of escalation to the Service Desk Analysts and support them in identifying, troubleshooting and resolving security issues ensuring the team have knowledge transferred to enable them to perform repetitive IT service tasks
  • Work closely with the Risk & Compliance team for proactive management and mitigation of risks and issues
  • Work in a collaborative way with the Technology teams to support the implementation of the Technology Roadmap and secure application design
  • Create and maintain systems configuration documentation, including creating and maintaining test plans and recovery methods of all systems
  • Keep up to date on infrastructure and security trends, developments and the associated opportunities and contribute to the development of plans to exploit those trends to improve the IT service delivery to the firm

Key Competence Requirements

  • The ability to communicate with stakeholders at all levels and convey complex security concepts in a simple way with business risk context.
  • Broad range of experience in managing and delivering security solutions
  • Experience of Cloud hosting (Azure) / on-prem technologies and in-depth understanding of associated security management controls
  • Demonstrates a wide range of security understanding in technology across differing platforms
  • Excellent senior stakeholder communication
  • Demonstrates in-depth understanding of security principles and methodologies

 

 

 

  • Demonstrates in-depth knowledge of security management frameworks, especially ISO27001 and Cyber Essentials Plus (ISO Lead Auditor/Implementer trained ideally with a good working knowledge of ISO 9001 too)
  • Demonstrates good knowledge of the security marketplace, products and capabilities and understanding the relationship between a variety of common security solutions
  • Demonstrates in-depth and hands-on knowledge of Active Directory, Azure AD, Windows and VMware operating systems
  • Experience in delivering security projects against compliance requirements

Desirable Requirements

  • ISC2 or ISACA accreditations (ie. CISSP)
  • Knowledge of risk management concepts and methodologies
  • Knowledge of penetration and threat testing methodologies and approaches, including external test targets e.g. OWASP, NIST
  • Knowledge of security baseline standards and experience implementing ISO27001
  • Experience of working in a senior IT Security role

Send vacancy to a friend