InfoSec Analyst
United Kingdom - Remote
Applications have closed
Current Health
Get the technology and support to scale care at home or clinical trials with Current Health's enterprise care-at-home platform.Information Security Team
The Current Health Information Security Team is responsible for managing the Information Security Management System (ISMS) and Data Privacy program at Current Health. Current Health ISMS is ISO 27001 and Cyber Essentials Plus certified and SOC 2 Type II accredited. The team is responsible for ensuring compliance with these frameworks and standards and the continuous development of the ISMS.
In addition to this the Information Security team are responsible for the development, implementation and monitoring of controls including vulnerability management, business continuity and disaster recovery, incident response, internal and external audit, access controls and user access reviews, co-ordinating external penetration testing, and awareness training. The Information Security team work closely with teams across the business including Software and Hardware Engineering, IT, Quality, Regulatory, Product, Customer and Sales Teams.
A Day in the Life
As a security analyst within Current Health, the role provides the opportunity to work on a variety of key projects and initiatives that are key to helping Current Health achieve its strategic objectives. This will include helping Current Health achieve HITRUST certification within 2023, carrying out Business Impact Analysis and developing Business Continuity and Disaster Recover Plans, enhancing Incident response processes and procedures, working with Software and Hardware Engineering teams on projects including external penetration testing. Playing a key role in external audits including ISO 27001, Cyber Essentials, SOC 2, and HITRUST.
Due to the importance of information security at Current Health, the role allows you to work closely with teams across the entire organisation and build relationships with all levels of roles and disciplines and help drive and promote security within Current Health.
Key Duties & Responsibilities
- Assist in the continuous development of Current Health Information Security Management System in accordance with applicable standards including ISO 27001, SOC 2 and HITRUST.
- Carryout Business Impact Analysis and develop business continuity and disaster recovery plans for key business processes and critical systems
- Keep up to date with the latest security and technology developments
- Monitor identity and access management, including monitoring for abuse of permissions and privilege escalation by authorised users
- Monitor networks, applications and cloud-based systems for attacks, intrusions and unusual, unauthorised, or illegal activity
- Review logs and alerts from Security Information and Event Management system and cloud-based applications for potential security incidents and provide incident response
- Perform periodic user access reviews of network and cloud-based applications
- Carry out routine vulnerability assessments of internal and external networks and manage the remediation of vulnerabilities identified in accordance with information security policies and procedures.
- Coordinate third party penetration testing and manage the remediation of findings in accordance with Information security policies
- Monitor end user device and usage for compliance with security policies
- Assist in the rollout of Single Sign on and Multifactor Authentication for all company cloud-based applications
- Monitor and maintain security configurations across all company cloud-based systems
- Support the audit process during internal and external information security audits such ISO 27001 and SOC 2
- Support the Sales and Implementation teams by providing input during customer RFI and RFP processes
Requirements
- Experience working in a similar Cyber Security / Security Analyst role ideally within a fast-paced start-up environment
- Holding or working towards an information security certification such as CISSP, CEH, Security+ is desirable
- Good understanding of data privacy laws including HIPAA and the GDPR
- Good working knowledge of information security standards and frameworks such as ISO 27001, NIST, CIS, SOC 2, Cyber Essentials Plus, HITRUST
- Excellent understanding of security threats, attack scenarios, intrusion detection techniques and incident management.
- excellent IT skills, including knowledge of computer networks, operating systems, software, hardware, and security
- Good working knowledge of security systems including SIEM, firewalls, IDS/IPS, WAF, Endpoint Security
- Experience with cloud service providers such as AWS, Azure, Google Cloud
- Experience with external cyber security audits including ISO 27001 and SOC 2
Benefits
- Competitive bonus scheme
- Salary Exchange Pension scheme (5% employee, 3% employer contribution)
- Private Medical Insurance through Vitality
- 2 x Life Assurance cover
- Critical Illness cover
- Employee Assistance Program
- £10 pcm flex pot to use toward benefits in our Benni benefits portal
- On call allowance (Only payable if and for so long as you provide on call services)
- Flexible, autonomous working environment
- Bike to work scheme
- Give as you earn through payroll
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits AWS Azure CEH CISSP Cloud Compliance Endpoint security Firewalls GCP GDPR HIPAA HITRUST IAM IDS Incident response Intrusion detection IPS ISMS ISO 27001 Monitoring NIST Pentesting Privacy RFPs SIEM SOC SOC 2 Vulnerabilities Vulnerability management
Perks/benefits: Career development Competitive pay Flex hours Health care Salary bonus Signing bonus Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs