Information Security Analyst

Employer: Harvey Nash Plc

Location: Lancashire

Salary: 38249.00 - 45413.00 GBP Annual

Closing date: 15 Apr 2025

Sector: IT

Job Role: Information Security Officer

Job Type: Permanent

Role Title: Information Security Analyst

Reports To: Technical Information Security Manager

Overview:

Information Security (IS) is fundamental to protecting the confidentiality, integrity, and availability of the university's IT systems and data. IS works across all technologies to ensure appropriate levels of security are implemented and maintained. From project support to awareness, IS delivers security services across the university.

This is a role with a high level of autonomy, analysing and managing a significant number of high-risk and sensitive enquiries and incidents, often utilising complex tooling. Driving improvements to the management and understanding of information security across the organisation, with frequent interactions with senior stakeholders and customers including university staff, academics, students, and third parties. This role is pivotal in securing our network and infrastructure and will lead improvements in the way we identify and manage threats to our information and systems.

Responsibilities

• Develop technical information security capabilities, strategies, standards, methods, tooling, and processes that will improve performance and efficiency of the information security function, considering changes to regulatory requirements, the threat landscape, and technological advances.
• Maintain awareness of current security technologies, threats, and trends and use this knowledge to proactively seek out security weaknesses in technology, processes, and working practices and implement corrective measures to enhance the University's security posture.
• Consult on projects, providing authoritative, expert advice on cybersecurity controls and issues to increase the organisation's overall security posture and to drive adherence to security policies, standards, and guidelines.
• Lead investigations into security incidents and requests having a perceived security impact, including investigation of network and platform-specific security issues.
• Coordinate the cyber incident response capability, acting as a point of contact for security incidents, ensuring relevant information is communicated to senior stakeholders in a timely manner, assisting in secure restoration of business capabilities following a cyber incident, and overseeing the continual improvement of the Cyber Incident Response Plan and runbooks.
• Proactively liaise with business, IT teams, and third parties to understand technologies, business needs, processes, and dependencies to ensure advice given is professionally sound and appropriate to the university's needs.
• Identify business practices that result in incidents and requests that are challenging from a security perspective and recommend improvements to reduce incidents and improve efficiency and effectiveness.
• Develop and communicate corporate information security policy, standards, and guidelines. Consult and advise on exceptions to technical security policies and standards and oversee escalation and approval processes. Maintain a registry of exceptions and continuously track them.
• Oversee security-related tooling and processes as well as maintaining various security-related registers and records.
• Maintain and operate a regular vulnerability scanning and penetration testing schedule including development of test scopes, facilitation and coordination of testing, and managing remediation of test findings.
• Track and report on trends in security posture. Formulate and oversee appropriate responses to changes in the security position.
• Act as a point of contact in audits and liaise with external auditors providing information and documentation as required.
• Represent information security at relevant governance forums and committees, preparing and delivering management information as required.
• Deputise for the Technical Information Security Manager and Head of Information Security as required.
• Undertake any other duties commensurate with the role as advised by the Head of Information Security or Technical Information Security Manager as required.

Equality, Diversity, and Inclusion Statement

One of our strategic ambitions, articulated in our current strategic framework, is to advance equality, diversity, and inclusion (EDI). This includes achieving greater diversity within our workforce and creating an inclusive working environment service-wide. We will create a culture that is collaborative and innovative and that adapts to the changing needs of our clients. EDI will be fundamental to this culture. In this role, you can expect to contribute to our thinking and be challenging on how Salford can transform the way it addresses equity disparities, embraces diversity, and becomes more inclusive.

The University of Salford is committed to an inclusive approach to equality and diversity. We make every effort to form shortlisting and interview panels that are diverse in terms of gender, age, ethnicity, nationality, and socio–economic background.