Group IT Security Operations Analyst

Job Description

Join us on the Journey... National Express Group is a leading public transport operator with bus, coach and rail services in the UK, Continental Europe, North Africa, North America and the Middle East. Passengers made 939 million journeys on our services in 2019.We have an exciting opportunity for a Group IT Security Operations Analyst, who will play a key role in the operation of IT security for National Express Group PLC. This is a hands-on role that is paramount to maintain IT security processes operating to therequired standard at a Group level and liaising with multiple stakeholders and divisional teams across North America, Europe, North Africa and Bahrain. The Group IT Security Operations Analyst will assist with the operation of key security processes.What youll do:Assist the Group IT Security Operations Manager to improve security governance, policies and procedures in collaboration with the Group divisionsAssist the Group IT Security Operations Manager to provide assurance over the security transformation programmePrepare and execute phishing simulation campaigns across Group DivisionsAssist Group Divisions in developing a cyber security awareness syllabus and selecting content to deliver the syllabusPrepare operational documents concerning IT security, such as procedures and technical guidelinesConduct annual cyber security due-diligence in preparation for the Groups annual cyber insurance renewal processAssess the compliance level of the Group divisions against defined standards and security frameworksSupport activities concerning IT security assessment of prospective acquisitions of companies to determine any gaps that require mitigation and communicate risks to the appropriate stakeholdersSupport the Group IT Security Operations Manager to define standard requirements for projects and initiatives aligned to recognised good practice to support the Group divisions operationsMaintain the Group asset registers for Internet facing systems, software and/or technology deployedEvaluate IT security advisories and determine actions to communicate them to the Group divisionsAssist with the response to IT security incidents, suspicious activity or alerts reported by the Group divisions to prevent further adverse impact to users, processes, systems or data in other Group divisionsAssist the Group IT Security Operations Manager to coordinate IT security initiatives and efforts across the Group for successful completionAssist Group divisions on compliance requirements for relevant frameworks (such as ISO27001 and PCI DSS) from the operational point of viewAssist Group divisions on third party security assessments to establish their IT security position in the context of the Group standardsSupport the Group IT Security Operations Manager answering Divisional ad-hoc enquiries, troubleshooting issues and general support concerning IT securityCoordinate Group IT security meetings held on a periodic basisLiaise with the divisional security representatives to exchange knowledge and promote Group wide initiativesAssist the Group IT Security Operations Manager to appraise Group IT security risks and to manage the Group security risk registerPrepare operational Group security KPIs on a periodic basis with support of the Divisional IT Security representatives from each divisionPrepare summaries, updates and reports with the relevant periodicity required according to relevant Group IT security processCommunicate proactively and effectively with all stakeholders, internal teams, suppliers and any other involved party in the IT security processesWhat youll have:Experience in corporate IT security from a FTSE100/250 organisation (minimum of 3 years) preferably with an audit background (Big 4 or similar).A recognised certification in IT security (CISA, CompTIA Security+ or equivalent)Understanding of CIS controls, NIST Cyber Security Framework, ISO27001, PCI DSS and GDPRAbility to analyse from a technical point of view an IT solution to identify appropriate IT security controlsAbility to identify potential weaknesses on a given IT solution (e.g. through threat modelling and/or risk assessment)Ability to assess IT security requirements for an IT solution in a written format for consumption of other stakeholders of the development or deployment processAbility to assess IT security incidents, IT security advisories and IT security issues collating technical and functional information to define mitigating actionsAbility to assess third parties (e.g. suppliers, prospective acquisitions) to define their IT security position, gaps and recommendationsAbility to communicate technical findings or vulnerabilities in plain language to varied audiences across the organisationAbility to create, review or amend corporate documents related to IT security including but not limited to policies, procedures and standardsAbility to support conversations with a broad set of stakeholders, including but not limited to third party suppliers, technical teams and functional teamsAbility to gather operational information to produce KPIs and/or balanced scorecardsGeneral IT technical knowledge including but not limited to networks, operating systems, databases, application servers, web servers, cloud security (e.g. multi-tenancy, public/private implementations, SaaS, PaaS, IaaS), end-point security (e.g. hardening,anti-malware, EDR), web application security (e.g. OWASP) and network security (e.g. IDS/IPS, SIEM, DDOS mitigation and WAF)Experience maintaining operational registers and information at enterprise level (such as asset registers)Experience in supporting third parties on technical and functional mattersExperience in identifying and managing IT security risksExperience in working with suppliers and partners responsible for areas of deliverySelf-sufficient and dynamic individual who is able to hit the ground runningA passion to get involved with IT security challenges and broaden skills and abilitiesExcellent English verbal and written communication skills, and Spanish as desirableWhat we offer:A core salary aligned with your professional experienceCompany pension schemeParticipation