Senior Information Security Analyst

Job Description

Senior Information Security Analyst

Our Client is a leading global company specialising in pharma products.

They are looking to recruit a Senior Information Security Analyst with at least 5 to 7 years expertise in Technology Security.

Responsibilities:

1. Collaborate with IT teams for input and operational requirements to design and implement the company's overall cybersecurity strategy.
2. Identify and address security gaps discovered through ongoing monitoring of all information security controls and implement enhancements to security controls.
3. Manage access to elevated privileges accounts and audit activities to meet business and regulatory requirements.
4. Evaluate and/or implement cybersecurity solutions and controls to maintain confidentiality, integrity, and availability.
5. Actively participate in proofs-of-concept for new security technologies by developing selection criteria to identify appropriate security solutions to support strategic, operational needs, and security requirements.
6. Participate in the development and testing of the security incident response plan, act as the incident response leader.
7. Develop security, risk, and compliance reports and alerts.
8. Participate in the yearly review of policies and procedures to support information security, risk, and security compliance activities.
9. Participate in developing, testing, and implementation of disaster recovery procedures for the cybersecurity technology in place.
10. Manage cybersecurity projects to ensure that the delivery is on-time, within budget, and adopted to meet the company's information protection requirements.
11. Perform or coordinate internal security assessments, penetration tests, vulnerability scans, and assess organization cybersecurity maturity.
12. Comply with frameworks and regulations such as COBIT, NIST (800-53, cybersecurity), ISO, ITIL, PCI, GLBA, GDPR, HIPAA, and other data privacy and security standards and regulations.
13. Provide internal customer support via assigned tickets for security-related issues, while ensuring assignments are resolved within assigned SLA's.
14. Evaluate and implement CIS critical security controls where necessary.
15. Provide input into cybersecurity strategic roadmap and annual budget.
16. Adhere to applicable change management policy and procedure.

Qualifications:

1. Bachelor's degree required; advanced degree highly desirable.
2. Significant analytical skills from academic training in Cybersecurity, Information Systems, Computer Science, or similar discipline.
3. A minimum of 5-years experience in Information Security.
4. Proficiency in security framework models such as NIST, implementing and auditing security measures, security response, and incident management.
5. Working knowledge of Cisco network switches, routers, firewalls and VPN, network security, DLP, antivirus/antimalware, IDS/IPS, SIEM, SMTP, Email security, AD, Group Policy, DNS, DHCP, and VLANs.
6. Experience with identity access management solutions, such as SAML/OATH.
7. Experience with HIDS and NIDS.
8. Relevant information security or cybersecurity certifications are ideal.
9. Ability to analyze and recommend changes to the security landscape.
10. Participates in change management meetings and provides expert input to ensure security is maintained.
11. Knowledgeable in security best practices such as encryption, hashing, vulnerability scans, event log monitoring, intrusion detection and prevention, eDiscovery, and content filtering.
12. Ability to manage and improve upon vulnerability management program.
13. Ability to propose solutions for closing identified vulnerabilities in the infrastructure.

Desired Qualifications:

1. Certified Information System Security Professional (CISSP), NIST Cybersecurity Framework (NCSF), Certified Cloud Security Professional (CCSP) and/or Certified Ethical Hacker (CEH).
2. Knowledge and experience with Microsoft Office and Visio.
3. Knowledge of WAN technologies including MPLS, SD WAN.
4. Knowledge of cloud providers security (AWS, GCP or Azure).
5. Prior experience managing Cisco ELA products including DNA, Firepower, ISE Management console, Umbrella, Cisco AMP for endpoints, Stealth watch, as well as Splunk, SolarWinds, Varonis and Darktrace.
6. Prior experience with Azure Rights management and Information protection highly desirable.
7. Project management skills are highly desirable.
8. Previous experience in a HIPAA/FDA regulated environment.

Competencies:

1. Motivation/Initiative: Motivated and curious, willing to ask questions, research issues, and take on challenging projects/assignments.
2. Administrative Skills: Ability to organize and follow-through on multiple tasks accurately and efficiently.
3. Interpersonal Style: Develops/maintains effective working relationships; listens attentively; communicates ideas clearly.
4. Self-Management: Adapts readily to changes in routine; works effectively in stressful situations.
5. Thinking Skills: Diagnoses problems efficiently; gathers sufficient input before making decisions.
6. Customer Orientation: Sensitive & responsive to internal customer needs; maintains a positive attitude.

This is a UK based role at the Central London offices of the Client, although for the foreseeable future you will be based at home and work remotely.

The salary for this role will be in the range £70K - £85K.

Please do send your CV to us in Word format along with your salary and availability.