Information Security Analyst

Job Description

Overview:This role holder will be responsible for supporting the Information Security Manager in the day-to-day aspects of information security within the business. This involves operating security procedures, monitoring security and security compliance, as well ascontributing to the planning, implementation, and operation of security arrangements.Key Role Responsibilities* Work with the Information Security manager, staff, and suppliers to operate the information security management system (ISMS) including: * Operating security maintenance and assessment procedures.* Assessing compliance with security policies and standards.* Management reporting of information security performance, issues, and activities.* Managing & maintaining information security arrangement on an ongoing basis to ensure these meet evolving requirements.* Work with the IT operations team and technology partners as required to establish, implement, and operate appropriate security controls across the technology architecture.* Promote security awareness e.g., through security awareness, training, and regular communications with staff.* Work with the Information Security Manager, IT Operations team, and MSPs to investigate suspected and actual security incidents in accordance with incident management procedures.* Keep up to date with security trends, threats, and control measures and recommend appropriate updates to infrastructure.* Evaluate the security elements of any proposed new IT application/system. Recommend and implement appropriate security configuration and controls.* Security assessment and due diligence of third-party systems, services, and suppliers as part of the supplier selection process and on an ongoing basis.Technical/ExperienceRequired:* Experience assessing security controls and arrangements (e.g., system access reviews, assessing penetration test reports).* Experience reporting information security performance and events.* Understanding of common security issues and their impacts* Experience in the Identification and articulation of Information security risk and relevant mitigating controls including vulnerability and threat intelligence knowledge.Preferred:* Worked in a financial services (FCA and/or PRA-regulated) business.* Working knowledge of industry-standard frameworks such as GDPR, ISO27001, and NIST.* Knowledge of enterprise security design.* Experience with MS Azure, multi-cloud architectures, and Windows.* Strong technical understanding/background, including Cloud, Data Analytics, Security Technologies, and Application Security.Personal* Strong analytical and problem-solving skills.* Strong communication skills, including the ability to communicate technical concepts to non-technical audiences.* Strong written and report-writing skills.* Excellent planning and organization skills to determine an effective course of action and deliver to deadlines.* Ability to work well within a team.* Ability to link technical concepts/risks to business risk/requirements.* Self-starter who can work with autonomy and under pressure.* Able to work in an ever-changing environment.* Positive attitude towards learning and development demonstrated by a record of continuing professional development.