Junior Security Analyst

JOB SUMMARY

Developing and implementing an information security management program (including initiatives as part of the cyber security strategy) to ensure that information assets are adequately protected from both internal and external threats.

KEY RESPONSABILITIES

      Supporting the Group Information Security Officer (GISO) in the planning and delivery of Cyber Security solutions in line with the Cyber Security Strategy;

      Maintaining the group certification such as ISO 27001, ISO 27701, GDPR, ISAE3402 etc.

      Working with internal and external technical partners to deliver integrated solutions and drawing out recommendations from their technical findings;

      Proactively monitoring and driving the performance of internal/third party providers and solutions, and escalating issues to the GISO as required;

      Recording the meeting minutes and action points arising from regular supplier meetings, and monitoring the completion of those actions;

      Sourcing or preparing regular management information and reports for review with the GISO to proactively identify and address risks and issues;

      Testing and evaluating new solutions, and identifying recommendations to inform management decisions on potential wider deployment;

      Rolling and monitoring of Cyber Security & Data Protection eLearning and Phishing Simulation;

      Delivery of regular Information Security Awareness Training;

      Gathering feedback from end users (employees and leadership) to understand the changing internal and external threat landscape and vulnerabilities.

      Monitoring the group IT environment and networks for security issues;

      Investigating Cyber Security incidents and providing flexible and responsive crisis management support as required;

      Working with internal stakeholders and third-party providers to discover and remediate network vulnerabilities;

      Completing and inputting time in the time billing system on a daily basis;

      Completing any other duties as may be required from time to time in accordance with the requirements of the role, team and evolving nature of the function;

      In all aspects of your role, display and adhere to our vision and values of Client Focus, Excellence in Execution, Integrity, Innovation, Value, Development and Leadership.

KEY COMPETENCIES & SKILLS

Qualifications

      Undergraduate degree, postgraduate degree or recognised certification in a field related to Cyber Security / Information Security or Computer Science.

      The role holder should have achieved or be working towards a recognised professional qualification in Cyber Security / Information Security. Examples include Security+, SSCP, CEH or similar preferred or willingness to work towards same or equivalent. Ultimately working towards CISSP, CISA, CISM, CRISC, and/or GIAC/SANS qualifications or similar industry qualifications/certifications.

Essential

      2 years’+ experience in Cyber Security

      Understanding of the main Cyber Security / Information Security solutions including firewalls, proxies, SIEM/SOC, antivirus, and IPS/IDS concepts.

      Ability to identify and mitigate network vulnerabilities and provide recommendations.

      Experience in installing security software and software updates, and documenting security issues.

      Contemporary knowledge of Cyber Security / Information Security trends, news and standards and leading practices.

      Sound knowledge of IT and network infrastructure.

      Ability to see security from the attacker’s perspective.

      A sound understanding of business operations and priorities, and the impact of Cyber Security on them.

      Excellent written and oral communication skills.

Desired

      Demonstratable experience of Cyber Security Risk Management.

      Experience in the implementation and maintaining of ISO 27001 certification.

      Report writing.

      Policy and Procedure management.

      Working knowledge of Data Protection principals.

      Experience with IT systems, networking, vulnerability assessment and penetration testing and techniques.

      Experience in implementing and aligning operations to industry standards (NIST CSF and ISO 27001)

KEY BUSINESS PARTNERS

      All Business leaders and management of Oak Group

      Operations teams

      Service providers