Cyber Security Analyst

Job Description

Purpose & Key Responsibilities of the Role:Working with the Head of Cyber Defense and Operations this role will develop the analysis and processes using security tools to help monitor and improve Cyber Security across all segments, providing assurance that digital systems are safe and secure.To assist in prevention or detection of threats, responding to security incidents, developing countermeasures and overseeing their implementation often working with other teams i.e. Sec Ops/ SOC.Act as an internal escalation point for SOC.Support development and guidance of junior/gap year staff.

• As part of daily (BAU) operations, proactively protect the business, its customers and their information from internal and external threats, whilst embedding technical security best practice, security design & architecture, secure development disciplinesand technical security controls more deeply into the technical environments across the Group in order to improve the groups security posture and reduce cyber risk exposure.

• To provide technical security advice and support in the event of cyber events and incidents.

• To provide appropriate input to the business in delivering technical security improvements to the processes, controls and technologies.

• Support the Head of Cyber Defence and Operations in relation to Cyber initiatives and programmes, along with provision of adequate reporting, metrics and analysis to help senior management and risk owners make informed business decisions.

Qualifications & Experience:Candidate is expected to be at degree level and/or have equivalent professional industry experience

• Security Knowledge
• Information security, Data protection and Privacy, Information risk management, associated security standards e.g. 27001, NIST, Cyber essentials, Cloud security etc.
• Broad knowledge of current / up to date technologies in the cyber security field.
• Ability to learn new technologies and without training quickly to provide suitable effective input or support.
• Understand complex technical scenarios and provide clear guidance to manage potential risks.
• Fast reaction / first level response to incidents.

• Specialised Knowledge
• Security Information and Event Monitoring solutions.
• Cloud Security (Azure).
• Microsoft Technologies.
• Threat Intelligence Platforms.
• Application and Network Penetration Testing Methodologies.
• Red Team tools and testing.
• Data Loss Prevention technologies.
• Mobile technologies.
• Networking and Firewall technologies.
• Endpoint Security controls.
• Intrusion Detection Solutions (IDS/IPS).
• Web Proxies.
• Malware/antivirus systems.
• Windows desktop and server environments UNIX, Linux.
• Strong knowledge of networks, application and system vulnerabilities.
• Relevant Cyber industry standards and risk and control frameworks i.e. NIST, ISO etc.

• Skills
• Microsoft office to an intermediate level as a minimumideally advanced.

• Professional Certifications
• Professional Security Qualification e.g. Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) or Certified Ethical Hacker (CEH) or CCSP (Certified Cloud Security Professional).
• Other technical qualifications in best of breed security products.

• Desirable (can be evidenced by industry experience without formal qualification)
• ITIL.
• ISO27001.

• Experience
• Minimum of 2+ years of IT Security experience.
• CEH/CISM/CISSP/CCSP or other relevant qualification highly desirable.
• Working in regulated environments such as financial services.
• Experience of information security and data protection practice in financial services
• Honours Degree in Cyber Security, Computer Science and Engineering preferable.
• Excellent knowledge of IT and information security policies and practices
• Senior stakeholder management skills and communication skills up to C-Level.
• Incident management, investigations and response.
• Experience of working in environments involving multiple partners, disparate multi-disciplined teams, and multiple streams of project activity.
• SME knowledge of various best of breed security products and technologies.

Person Specification: Essential:

• A demonstrable passion for Cyber Security.
• A detailed understanding of network infrastructure, system and application architecture and associated security controls within highly complex environments.
• Strong risk management understanding and capabilities.
• Ability to work under pressurewith effective time management skills and demonstration of high level of autonomy.
• Adaptability, ability to embrace and respond positively to change.
• Analytical and investigative skills, logical reasoning and problem-solving skillsindividually and collaboratively.
• Integrity and assertiveness when dealing with complex / business critical issues.
• Strong organisational skills and attention to detail/quality to all levels of management and delivery.
• Strong written and oral communication skills and accuracy.
• Initiative, proactivity, enquiring approach, resourcefulness.
• Ability to probe and question for accurate information.
• Ability to formulate pragmatic solutions to issues that balance business needs with risk and practicality.
• Ability to engage and influence senior stakeholders.

Desirable

• Experience of dealing with the ICO or similar regulatory body.

#LI-SB1