InfoSec Analyst

Information Security Team

The Current Health Information Security Team is responsible for managing the Information Security Management System (ISMS) and Data Privacy program at Current Health. Current Health ISMS is ISO 27001 and Cyber Essentials Plus certified and SOC 2 Type II accredited. The team is responsible for ensuring compliance with these frameworks and standards and the continuous development of the ISMS.

In addition to this the Information Security team are responsible for the development, implementation and monitoring of controls including vulnerability management, business continuity and disaster recovery, incident response, internal and external audit, access controls and user access reviews, co-ordinating external penetration testing, and awareness training. The Information Security team work closely with teams across the business including Software and Hardware Engineering, IT, Quality, Regulatory, Product, Customer and Sales Teams.

A Day in the Life

As a security analyst within Current Health, the role provides the opportunity to work on a variety of key projects and initiatives that are key to helping Current Health achieve its strategic objectives. This will include helping Current Health achieve HITRUST certification within 2023, carrying out Business Impact Analysis and developing Business Continuity and Disaster Recover Plans, enhancing Incident response processes and procedures, working with Software and Hardware Engineering teams on projects including external penetration testing. Playing a key role in external audits including ISO 27001, Cyber Essentials, SOC 2, and HITRUST.

Due to the importance of information security at Current Health, the role allows you to work closely with teams across the entire organisation and build relationships with all levels of roles and disciplines and help drive and promote security within Current Health.

Key Duties & Responsibilities

• Assist in the continuous development of Current Health Information Security Management System in accordance with applicable standards including ISO 27001, SOC 2 and HITRUST.
• Carryout Business Impact Analysis and develop business continuity and disaster recovery plans for key business processes and critical systems
• Keep up to date with the latest security and technology developments
• Monitor identity and access management, including monitoring for abuse of permissions and privilege escalation by authorised users
• Monitor networks, applications and cloud-based systems for attacks, intrusions and unusual, unauthorised, or illegal activity
• Review logs and alerts from Security Information and Event Management system and cloud-based applications for potential security incidents and provide incident response
• Perform periodic user access reviews of network and cloud-based applications
• Carry out routine vulnerability assessments of internal and external networks and manage the remediation of vulnerabilities identified in accordance with information security policies and procedures.
• Coordinate third party penetration testing and manage the remediation of findings in accordance with Information security policies
• Monitor end user device and usage for compliance with security policies
• Assist in the rollout of Single Sign on and Multifactor Authentication for all company cloud-based applications
• Monitor and maintain security configurations across all company cloud-based systems
• Support the audit process during internal and external information security audits such ISO 27001 and SOC 2
• Support the Sales and Implementation teams by providing input during customer RFI and RFP processes

Requirements

• Experience working in a similar Cyber Security / Security Analyst role ideally within a fast-paced start-up environment
• Holding or working towards an information security certification such as CISSP, CEH, Security+ is desirable
• Good understanding of data privacy laws including HIPAA and the GDPR
• Good working knowledge of information security standards and frameworks such as ISO 27001, NIST, CIS, SOC 2, Cyber Essentials Plus, HITRUST
• Excellent understanding of security threats, attack scenarios, intrusion detection techniques and incident management.
• excellent IT skills, including knowledge of computer networks, operating systems, software, hardware, and security
• Good working knowledge of security systems including SIEM, firewalls, IDS/IPS, WAF, Endpoint Security
• Experience with cloud service providers such as AWS, Azure, Google Cloud
• Experience with external cyber security audits including ISO 27001 and SOC 2

Benefits

• Competitive bonus scheme
• Salary Exchange Pension scheme (5% employee, 3% employer contribution)
• Private Medical Insurance through Vitality
• 2 x Life Assurance cover
• Critical Illness cover
• Employee Assistance Program
• £10 pcm flex pot to use toward benefits in our Benni benefits portal
• On call allowance (Only payable if and for so long as you provide on call services)
• Flexible, autonomous working environment
• Bike to work scheme
• Give as you earn through payroll