IT Security Analyst

Industry: Professional Services

Job Title: IT Security Analyst

Location: 2 Tower Works, Globe Road, Leeds, LS11 9QG

Shaping the overall Security focus of this large Professional Services firm will see the successful applicant open many more career opportunities throughout the organisation and work with autonomy that rarely exists in the market. The role is responsible for ensuring an appropriate focus is maintained on confidentiality, integrity and availability in the IT Security, Disaster Recovery and Business Continuity programs with a view to protecting the firm from risks inherent in operating a modern IT environment.

• Implement, monitor and develop security controls to safeguard information assets.
• Co-ordinate with Management and other IT personnel to identify and plan security controls in all aspects of data, applications, hardware, telecommunications and computer installations.
• To continually improve the quality of the IT service delivered through proactivity and good communication.

• Monitor and coordinate with other team members to ensure that all security patches and anti-virus software is maintained to current levels on a timely basis.
• Actively contribute to educating and raising awareness across the firm in relation to information security and cyber threats.
• Assist with the investigation of information security incidents.
• Maintain awareness of the threat landscape and take steps to minimise the impact this has on the IT environment.
• Suggest and manage the implementation of controls to reduce the risks to the IT environment.
• Coordinate the IT security testing cycle including the Penetration Testing, Cyber Essentials Plus and Phishing Susceptibility Testing.
• Contribute to the completion of security questionnaires in accordance with requirements.
• Create remediation plans and coordinate appropriate resources to close issues raised during security testing and audits.
• Ensure all security updates detailed below have been applied and verified by the appropriate delivery team within the required timescales:

1. a) all security software (e.g. operating systems and applications).
2. b) all security hardware (e.g. firewalls, etc).
3. c) all server applications (e.g. Exchange, SQL etc).
4. d) all network devices such as switches and routers.
5. e) ensure daily backups for storage and servers are taken and verified.

• Assist the Head of IT with the management of the IT Risk Register.
• Identify technical vulnerabilities and manage the remediation process.

• Ensure confidentiality, integrity and availability of IT systems during a business interruption event.

• Working alongside the Information Security Manager, provide advice and guidance pertaining to the IT security and information security risk aspects of projects.
• Identify security initiatives and work with the Information Security Manager to ensure that projects to mitigate security risks are defined and deployed.

• Contribute and update documentation relating to the confidentiality, integrity and availability of the IT environment.

• Educated to a degree level.
• Qualification in CompTIA Security+ or equivalent.

• IT - minimum 5 years – experienced probably gained through working in an infrastructure, system administration or security role.
• Working with security standards such as ISO 27001, PCI-DSS, Cyber Essentials Plus.
• Encryption Key Management.
• Writing technical documentation.
• Drafting policy documents.
• Presenting to Teams and Senior Management.
• Experience of creating, adapting and following Best Practice procedures (such as ITIL) would be advantageous.

• 9:00 am until 5:30 pm.