Job Description

An Information Security Analyst is responsible for protecting the information assets of the business, and for maintaining and monitoring security standards. A key aspect of this involves identifying security and compliance risks, and helping the business control the cost of risk mitigation. The Information Security Analyst creates and maintains policies and processes as required by the goals of the business, for purposes including protecting the business and compliance with security standards, contractual obligations, regulations, or legislation.

KEY DUTIES TO BE PERFORMED

· Oversees application penetration tests and network vulnerability scans to identify security vulnerabilities.

· Advise the business on security best practice and collaborates to improve processes and systems.

· Manages the relationship with external service auditors and assist with the collection of evidence and data to secure organizational credentials or certifications.

· Directly configure or monitor cloud service and on premise security measures to protect against or detect security threats.

· Analyze business goals to identify applicable security, regulatory, and legal requirements.

· Draft and periodically review policies and process documentation aligning business goals with identified requirements ensuring that this information is relayed through the company via an appropriate training program and available via intranet documentation.

· Stay up-to-date on changes in security standards, regulations, or legislation.

· Review business systems and processes to identify risks and gaps with compliance requirements.

· Directly conduct, or manage via third parties, penetration tests and vulnerability scans to identify security vulnerabilities in networks, systems infrastructure, and applications.

· Advise business units on plans to mitigate or eliminate identified vulnerabilities, risks, or gaps.

· Stay informed on the latest security threats and advise management on the appropriate response.

· Directly configure or advise on the configuration of information security tools such as firewalls, proxies, SIEM, antivirus, IDS/IPS, and EDR. This includes maintenance of relationships with cloud security vendors which may directly manage these tools.

· Monitor and analyze data produced by security tools and cloud security vendors. Ensure that this analysis connects these data sources to vulnerability management and incident response processes.

· Analyze data collected from a suspected security breach and consult on the containment and elimination. Assess the damage caused by a breach and advise the business on remediation.

A competitive salary is offered together with a comprehensive benefits package, including life assurance, long term sickness cover and private medical insurance. All offices have free on-site parking.

Required Knowledge, Skills, and Abilities

· 2+ years of experience in an information systems field including software development or systems administration · Experience applying secure software coding standards or configuring secure systems within the context of professional information security, development, or systems administration · Familiarity with the application of security or trust service standards such as OWASP, ISO 27K, PCI, ISAE 3402, or SOC2. · Independent project management