Cyber Security Testing Assurance Analyst

Cyber Security Testing Assurance Analyst

This Cyber Security Testing Assurance Analyst will report to the Cyber Security Testing Manager and will work within the Information Systems directorate based in our Crawley office. You will be a permanent employee.

You will attract a salary of £49,600.00 and a bonus of 7.5%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote.

Close Date: 06/09/2024

We also provide the following additional benefits:

1. Personal Pension Plan – Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)
2. Tax efficient benefits: cycle to work scheme
3. Season ticket loan
4. Occupational Health support
5. Switched On – scheme providing discount on hundreds of retailers products.
6. Discounted access to sports and social clubs
7. Employee Assistance Programme.

JOB PURPOSE:

The Testing Assurance Analyst will support the Cyber Security Testing Manager in ensuring that a strong cyber security posture is maintained across the UK Power Networks (UKPN) IT estate, by identifying cyber security weaknesses and vulnerabilities and guiding actions to mitigate the risks and avoid disruption to the integrity and availability of the IT services that are crucial to delivering UKPN services to customers.

DIMENSIONS:

People: work collaboratively in a team of circa 10 permanent and temporary cyber security testing and assurance resources.

Suppliers: regular interaction with third party suppliers commissioned for meeting specialist testing and assurance requirements.

Stakeholders: Establish and maintain collaborative working relationships with internal and external technology teams and third party providers, suppliers, and partners to improve outcomes and create agreement around a course of action.

Responsibilities:

1. Compliance: work with service owners and the Technology team to ensure the IT estate complies with current UKPN technical standards, driving and tracking remediation actions required to mitigate identified weaknesses and vulnerabilities.
2. Penetration testing: help develop red and purple team penetration testing exercises, aligned to important industry cyber security threat intelligence.
3. Vulnerability management: help develop vulnerability management, ensuring that all known security vulnerabilities are identified, assessed, prioritised and tracked to remediation against UKPN policy.
4. Identity and access management: help develop identity and access management across UKPN, ensuring alignment with appropriate policies.
5. Business Forensics: work with HR and the Data Privacy Officer to complete approved requests for information from the wider business, ensuring that sensitive data is handled according to policy.
6. Analysis: analyse risks associated with vulnerabilities, develop and present reasoned remediation steps, track progress and escalate to ensure remediation activities are completed according to set timescales.
7. Reporting: create reports on specific remediation activities and the status of the remediation, tracking through to completion and reporting findings.
8. Continuous Improvement: recommend improvements to testing procedures such as purple teaming, based on ongoing use and analysis.

NATURE AND SCOPE:

The Information Systems Department works across UK Power Networks, supporting us in the achievement of our vision to remain the best performing Distribution Network Operator (DNO). The team achieve this through the provision of technology solutions, and the optimisation of current solutions to improve how we operate. Continuous improvement, customer service and seamless delivery is at the heart of this ethos and are therefore strongly underpinned by effective cyber security.

You will support all other team members, the rest of Information Systems team, IT Service Providers and partners across UK Power Networks to implement and increase cyber security operations capabilities.

The main measure of success for this role is upholding the IT and organisational resilience of UK Power Networks in relation to cyber security testing and assurance.

Qualifications:

1. Experience in cyber security within enterprise environments, including Azure Cloud and Office 365. Should understand these platforms and how to utilize their security features including defender for identity.
2. Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, related field or equivalent training and/or experience.
3. A comprehensive understanding of Identity and Access Management and the implementation of it in an enterprise environment.
4. A basic knowledge of compliance regulations, such as Cyber Essentials, PCI DSS, and GDPR to be able to confirm data is being handled in a compliant manner.
5. Experience with network and infrastructure security principles, such as firewalls, intrusion detection and prevention systems, and access control.
6. Knowledge of security tools, such as Vulnerability detection, scanning and remediating, penetration testing tools, and forensic tools to help assess and validate security posture.
7. Experience working in a team environment and with a range of internal and external individuals and teams.
8. Show good self-motivation and initiative, including a desire to embrace continuous learning and development, whilst achieving results.
9. Maintain a professional and secure working environment, with good personal integrity and discretion due to the nature of the cyber security remit of the role.

Health & Safety Responsibilities:

Managers and supervisors carry both legal and company responsibilities for ensuring the health and safety of their employees, those under their control and those who might be affected by the work undertaken, i.e. public, visitors and employees of other organisations. This includes briefing individuals working for them and ensuring there is the necessary understanding, competence and application of requirements to work safely and without harming the environment.

Employees will ensure they understand the health and safety risks involved in their work activities and their responsibility to apply the controls needed to manage those risks to acceptable levels. Similarly where work activities can have an adverse impact upon the environment, and where there are legal requirements, employees will understand those impacts and the controls they must ensure are applied.

We are committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.