Senior Information Security Analyst

PURPOSE:

The purpose of this role is to support the management and oversight of all IT security controls that underpin the end to end delivery of operational IT services to ii.

Responsibilities include, but not limited to:

• Day to day Information Security incident handling.
• Compliance to group security standards for applications and infrastructure.

• Vulnerability management and Reporting.

• Security awareness across ii.
• Consultancy and guidance as part of project engagement.

KEY ACCOUNTABILITIES:

CUSTOMER SERVICE

• Review project requirements with emphasis on overall fit to the Information Security Strategy as well as functionality and system qualities.
• Develop and contribute to negotiations of contracts / agreements with existing and potential clients and business partners from a security perspective
• Act as a consultant / resource in Information Security Business wide.
• Ownership of the development of security standards, baselines, guidelines and procedures.

CONTROL (RISKS, FINANCIALS, PROCESSES)

• Influence the development of Information Security frameworks and compliance with Group policies

• Vulnerability and Security analysis, monitoring, reporting and assessment using specialist products.
• Develop and maintain close working relationships with Risk Management.
• Provide regular review and challenge of 3rd parties Information Security policies and controls.
• Designing and executing vulnerability assessments, managing penetration tests and security assessment / audits, working with IT to recommend and help mitigate identified security risks.

LEADERSHIP

• Act as a technical security advisor, and provide support in developing the technical security posture of the organisation.
• Day to day Information Security incident handling
• Act as an InfoSec technical subject matter expert.
• Leading investigations into alleged or actual breaches of security by collating and analysing information and producing assessments and reports.

CHANGE

• Co-ordinate and assist in the development of projects and initiatives ensuring Information Security is considered throughout the project lifecycle.
• Assisting with the deployment, configuration and ongoing management of new security technologies.
• Collaborate with a wide range of departments across the business improve overall information security procedures.
• Own and deliver a security awareness programme of work throughout the Business.

Requirements

CORE CAPABILITIES:

• Assessing and maintaining compliance by detecting and mitigating cyber-threats.

• Performing daily and weekly monitoring tasks, managing alerts and follow-up actions. Continually developing and improving monitoring and reporting procedures

TECHNICAL CAPABILITIES:

• A strong and demonstrable knowledge of the technical security aspects of network, hardware and software technologies
• Ability to define and implement security controls in Cloud environments.

KNOWLEDGE, SKILLS, EXPERIENCE REQUIRED:

• At least 5 years’ experience in an Information Security role
• In depth understanding of technical security systems (e.g. internet filtering, anti-malware, vulnerability management, penetration testing, DLP, SIEM and firewalls)
• Self-motivated with strong analytical, research and problem-solving skills.
• An in depth understanding of Information Security and its core principles

DESIRABLE

• Possesses a security related qualification, ideally CISSP, CISA or CISM certified