Looking for an experienced Information Security Analyst to work alongside the General Manager Information Security & Governance to deliver the Group IT Security Framework.
As a subject matter expert, you will be support business functions by demonstrating a deep understanding of Security domains including: -
- Vulnerability Management
- Malware Protection
- Third Party Security
- Authentication Mechanisms
- Cybersecurity Management & Governance
- Security Incidents Management
- Business Continuity / Crisis Management
- Cybersecurity Integration into projects / applications
- Asset management
- DDoS Protection
- Logging and detection
- Identity and Access Management (including Privileged Account Management)
- Network Security
- Knowledge of CIS20 and topics contained, or equivalent, will be an advantage.
- Implementing, and monitoring adherence to, the Group security framework.
- Assisting with the creation and delivery of the Cyber Security Program, ensuring the Cyber program is in line with the objectives of IT & Cyber risks mitigation.
- Identifying, analysing, and formalising cyber security risks. Including reporting to relevant stakeholders.
- Identify / advise on exhaustive action plans to respond to cyber security risks, ensuring the follow-up of progress, and updating regularly the status of each cyber security risks in corresponding logs.
- Working with a team of subject matter experts across the entire security and IT landscape, you will advise on and deliver projects to meet and improve on global security compliance within the organisation.
- Conducting internal and external security assurance reviews against standards-based compliance requirements referring to the Global Security and Governance frameworks.
- Conducting vulnerability scans, and coordinating remediation efforts
- Infrastructure monitoring.
- Security incident analysis and management.
- Managing security recommendations
- Perform IT security maturity evaluations.
- Provide input to Regional and Corporate Security teams.
- Organize and manage the various IT Security committees
- Preparing and managing IT Security documentation (procedures, reports, analysis)
- Conducting or Participation in both internal and external audits / assessment.
- Managing and improving IT and Business Continuity plan.
- Preparing and conducting security training / awareness campaigns.
- Assisting and advising the wider business on topics related to security
Required Skills and Work Experience - Essential
- Prioritisation and time management skills.
- Effective communication and documentation skills
- Experience with internal / external Security and Governance audits.
- Experience with the latest information security threats & vulnerabilities and appropriate counter measures,
- Experience with attack monitoring and Intrusion Prevention (IDS/IPS), SIEM, Anti-Virus, WAF, Firewalls, Identity and Access Management (IAM), patch management, and encryption,
- Experience with, and in-depth understanding of security vulnerability tools, techniques, and standards used to conduct penetration testing
- An understanding of best practices for Incident handling, security investigation processes and techniques.
- Exceptional interpersonal, stakeholder engagement and influencing skills
- An understanding of designing and implementing security management systems
- Knowledge of regulations and frameworks related to IT Security and Personal Data Protection will be an asset
- Experience in IT Security, Audit or Risk Management will be an asset
- A background of working on security awareness campaigns
Required Qualifications - Essential
- Security related degree or relevant industry qualifications such as: CISSP, CISA, CISM, CEH and OSCP, CIS20, or equivalent
- Minimum 3 years experience working in an equivalent security related role.
- An understanding of CIS20 / NIST.
- Risk Management experience.