Information Security Analyst

Job Description

ROLE PROFILEJOB TITLE: Information Security AnalystREPORTS TO: CISODEPARTMENT: Information SecurityCOMPANY: Telrock Systems LimitedINTRODUCTION:With offices in London UK and Atlanta USA, Telrock is a rapidly growing, successful international technologycompany providing modern SaaS-based, PCI DSS compliant digital engagement and debt collection software solutions to banks, financial services companies and other organisations in the EMEA and North America regions. The company delivers its solutions on privateCloud owned IT technology, with infrastructure hosted at leading third-party hosting providers. The company wishes to strengthen its CISO office team through the appointment of an experienced Information Security Analyst to continue development and oversightof its evolving information and operational security risk management posture. The position will report to the UK based CISO.ROLE PURPOSE: The role holder will work directly with IT operations, DevSecOps, Development, Service Delivery, and external stakeholderfunctions to ensure that business information is protected in-line with the corporate information and cyber security programme and to meet a key business objective of maintaining compliance and regulatory standards. The role holder will assist in the developmentof security processes and management of information security on a day-to-day basis, by ensuring people, processes and technology comply with the corporate information security, monitoring and review of IT security controls and providing recommendations forimprovements.ROLE RESPONSIBILITIESKeyAccountabilitiesKey Activities / Decision AreasThreat and Vulnerability Management Carry out regular monitoring of the following IT security controls, ensuring threats to business information are identified, logged, remediatedand escalated in a timely manner: Vulnerability monitoring Security Information & Event Management IT system secure configuration reviews Intrusion detection/prevention systems Anti-malware protection Data Loss Prevention Web Application Firewall E-mail andWeb content control File Integrity Monitoring Cloud operations Research and advise on emerging threat actors/sources, zero-day exploits, vulnerabilities, malware, APTs and data exfiltration methodsSIEM and Incident Response Ensuring security event logs aremonitored and triaged Participate in incident response, ensuring timely response actions and appropriate escalationTechnical Vulnerability Management Responsible for all aspects of technical vulnerability scanning, reporting and remediation advisory to ITsystem custodians Responsible for the engagement, delivery and management of all vulnerability exploitation testingSupply Chain Management Conducting supplier InfoSec due diligence and periodic risk reviewsSecurity Education & Awareness Training Mature stakeholderInfoSec culture through delivery and reporting of cyber security awareness training and user security assessmentsRisk Management Deliver information security risk assessments and manage IT policy exceptionsSecure SDLC Advise on secure coding and DevSecOpsmethodology & practiceRegulation & Compliance Maintain InfoSec regulation and compliance standards e.g. PCI DSS, SOC2PERSON SPECIFICATIONSkills, Qualifications and Experience relevant to the RoleKey Performance CriteriaKnowledge and Experience: Applicantswill have a technical background with at least 5 years exposure to IT administration, IT operations, and IT security and at least 2 years exposure to InfoSec/Cyber security Knowledge of current security threats and trends; exposure and/or appreciation of rootcauses of cyber-attack methodologies e.g. e-mail phishing, malware, data breaches, etc Fundamentals of data protection (e.g. GDPR) Working under an InfoSec policy framework (e.g. to IOS 27001 standards) Exposure to payment services technologies Experienceimplementing and/or maintaining formal best practice information security compliance or certification (e.g., PCI DSS and SOC2 type2)Competencies: Analytical skills and an ability to analyse technical information to identify patterns and trends Maintain a currentunderstanding of common vulnerabilities and appropriate remediation Documenting operational and security problems within IT service management systems Information risk management Workload prioritisation management Communicating and escalating at all stakeholderlevelsTechnical Skills: Hands-on skills with: Linux Network and web application firewalls Core networking VLANs/Segmentation Secure IT system build standards Vulnerability scanners e.g. Qualys Patch management Security event logging/SIEM Enterprise passwordmanagers Reverse proxy Virtualisation Identity access management RAVPN/IPSec VPNs Cryptography Digital certificate management MFA Scripting/RegEx Working knowledge of: Databases & stored procedures Web Servers APIs Application event logging Penetration testingtechniques DevSecOps - development pipeline security SDLC - OWASP Top 10/API Web application development Cloud technologies Load Balancing/HA Containerisation Single-Sign-on/SAML Host intrusion prevention File transfer mechanismsEducation, Qualifications &Accreditations: BSc/MSc in science, technology, engineering, or mathematics (STEM) Industry InfoSec qualifications e.g. CompTIA Security+; Cisco CCNA Security; CySA+; CCSP; CISSP Penetration testing qualifications e.g. Certified Ethical Hacker (CEH); GIACGPEN; CREST Accreditations e.g. ISO 27001 Lead Implementer, PCI QSALanguages: Fluent in EnglishPersonal Attributes: A passion for information/cyber security Highly motivated, self-driven, responsible, reliable and organised individual able to use own initiative,manage own time and workload and an excellent attention to detail Good oral/written communications Capable of developing a strong working relationship with peers to encourage good security practices Collaborative and team-oriented, flexible attitude, adheringto a high standard of ethical behaviour Maintains continual professional development (CPD)Location and Hours of Work UK Head OfficeTelrock Systems Ltd1st Floor, Verse Building18 Brunswick PlaceLondon N1 6DZCore hours: Monday to Friday, 09:00 - 17:00You maybe required to work at home or from any of the Companys offices. You may be required to work on shift patterns, out of hours or on an on-call basis to provide Information Security Incident Response cover.Please note that this job description does not formpart of your employment contract. The Company can modify your job duties or amend this job description at any time.Notices: Please include in your application the following notices:Please acknowledge that you understand that this is a full time London Officebased opportunity and no relocation package is available Confirm your eligibility to work i.e. Right to Work in the UKOnly applications with an attached resume will be reviewed*