QUALIFICATIONS, SKILLS AND EXPERIENCE

• Academic background in Information Security, Engineering or Computer science
• An in depth understanding of ISO27001/2
• Previous experience working in a similar role.
• Experience of working with a wide range of security tools and systems.
• Awareness of ITIL and IT change procedures.
• Experience of Microsoft 365 Defender/Purview and Azure security functionality/SIEM tools.
• Strong analytical and problem-solving skills.
• Team player with proven ability to self-manage in a pressured environment and whilst dealing with competing priorities
• Knowledge of network systems and security protocols.
• Security certification. E.g. CompTIA Security +, CISA, CRISC

ROLE OVERVIEW

The Information Security Analyst will have a primary focus on Governance, Risk and Compliance. The role holder will be responsible for supporting the organisation’s compliance with regulatory, industry and Internal policy security and compliance requirements and supporting our internal security governance frameworks. This role involves conducting risk & control assessments, audits, developing security policies, and collaborating with various departments to maintain a robust and resilient security posture. Other elements of the role involve supporting security incident and investigations.

PRINCIPAL ACCOUNTABILITIES

• Monitor compliance with security standards and information security policies, providing advice and guidance across the organisation.
• Identify and address security gaps discovered through ongoing monitoring of all information security controls and propose enhancements to security controls.
• Assist in assessing and managing risks associated with third-party vendors and service providers. Support evaluation of vendor controls and adherence to contractual obligations.
• Participate in the organisation of vulnerability assessments, penetration tests, and the preparation and training for security audits/compliance assessments (to include Cyber Essentials Plus, ISO27001 & PCI DSS) under the direction of the Head of Security.
• Supporting remediation of findings from identified risks or audits.
• Support the management and review of information security policies, processes & procedures in-line with company standards and best practice.
• Provide support to ensure company staff follow established Information Security Policies and Governance Procedures.
• Administer the security awareness program promoting applicable security principles, policies and procedures.
• Collate key security metrics to produce monthly management reports.
• Contribute to project activities as required to ensure GRC requirements are understood and addressed.
• Assist in identifying, assessing, and prioritising risks across the organisation. Conduct risk assessments to evaluate the likelihood and potential impact of risks on business operations and objective.
• Support management of the information security risk register and assist with internal and external audits relating to information security.
• Improve and develop the use of the security and compliance toolset to drive insight into security compliance risks and issues.
• Provide support in security incident response activities, including investigating IT security incidents, breaches, and disruptions.