Information Security Analyst 1069

Job Description

We are looking to recruit an Information Security Analyst to join our existing IT team.

Working with the Head of Information Services to provide advice and guidance on info security and further develop security policies and processes across the entire infrastructure estate.

This greenfield role shall be responsible for supporting and maintaining information driven solutions within a fast-paced and challenging environment. As a member of the IT team, you will review all aspects of the information systems environment and its components. The successful candidate will be required to proactively improve and provide advice and guidance on information security matters. You will feel comfortable in a role with autonomy, being the sole information security employee within the group. You enjoy responsibility and work closely with the IT team.

We believe this is an excellent opportunity for candidates who have a strong understanding of IT infrastructure and information security (primary skill) and enjoy fast-paced environments.

Key Duties and Responsibilities

1. Assist with info security incident management and response activities
2. General day-to-day support on managing and responding to security alerts from systems and end users
3. Perform daily, weekly, and monthly security checks, reconciliation and compliance checks and investigate exceptions
4. Fulfil information security requirement questionnaires and support the process
5. Identify security risks
6. Report security risks to the (add your title here) and the board
7. Create security policies, processes, procedures.
8. Compile a list of technical controls to strengthen the security capabilities and resilience to continued cyber threats
9. Be aware of information security risks, mitigations, and opportunities to strengthen resilience to cyber-attacks and info security incidents
10. Implementation of monitoring, reporting systems and applications
11. Document user requirements and technical training guides
12. Risk registration - management
13. Test information security disaster recovery and capabilities - identifying issues and work with the organisation to drive continual improvements.

Qualifications:

Technical Requirements

1. Hands-on experience of information security
2. Exposure to info sec standards including but not limited to Cyber Essentials, ISO 27001, 27002 etc., Data Protection Act and the General Data Protection Regulation
3. Add in here any IT infrastructure awareness you’d like
4. Good understanding of security testing principles, including experience of vulnerability scanning, identifying, resolving, and reporting risks
5. Documentation creation

Detailed knowledge of:

1. Information Security
2. Threat analysis
3. Reporting
4. Information incident management
5. Security Incident Response processes, procedures, and best practices
6. Disaster Recovery and Business Continuity principles
7. Event and log analysis

Core Behavioural Skills:

1. Confident individual with good interpersonal skills, able to deal with people at all levels and communicate to users in a clear, non-technical language
2. Team-player
3. Analytically minded, able to break down and understand information
4. Must be comfortable with working in a fast-moving, dynamic environment
5. Strongly customer-focused, used to providing support to demanding users
6. Good organisational skills, used to managing and prioritising own workload
7. Ability to report on progress, timescales, outstanding and completed activities