Senior Security Response Analyst

Job Description

The Senior Security Response Analyst will be expected to contribute to all aspects of Security Response; ensuring that information security incidents, breaches and other events are investigated and responded to promptly and effectively and in line with thedefined response plans and regulatory and customer obligations.The role will require excellent analytical and investigative skills along with a good working knowledge of Information Security practices.KEY ACCOUNTABILITIESThe Senior Security Response Analysts will be expected to make positive and effective contributions within the following security practices and activities:Security Incident ResponseTriage security incidents.Conduct security incident investigations.Produce internal and customer facing security incident reports.Conduct security incident reviews.Assist the organisation in establishing root causes to incidents and applying permanent fixes.Develop and maintain security incident runbooks.Develop and maintain the Security Incident Response Plan(s).Conduct Security Incident Response Plan testing and manage incident simulations.Assist the technical teams in forensic analysis.Major incident response coordination and management.Achievement of defined performance targets and KPIs.Continual improvement of all security response related policies, processes, and services.Security Risk Management.Contribute to the development and ongoing maintenance of the Organisations security risk register.Identify, analyse, and evaluate strategic risks.Management of security controls, policies, standards, and guidesDesign, develop and document security controls, policy documents, standards, and guides.Design control maturity tests and conduct control maturity assessments.Threat and Vulnerability ManagementAnalyse and process threat intelligence.Support technical teams in the analysis of detected vulnerabilities.Security awareness trainingProducing awareness material.Supporting phishing campaigns.Commercial engagementsContributing to client-facing commercial engagements in relation to the various aspects of our information security posture.Providing consultancy to internal stake holders and assistance in responding to customer questionnaires and general queries relating to Information Security.Contributing to customer audits.Creating and maintaining knowledge articles and other collateral relevant to Zellis security.Issues ManagementManaging security related issues, ensuring that issues are reviewed, assigned, monitored, and progressed appropriately.Reporting.Contribute to the production and reporting of security metrics.Develop and maintain dashboards.KNOWLEDGE, SKILLS AND EXPERIENCEBusiness KnowledgeThorough understanding of the Zellis ISMS and control framework.Good understanding of Zellis products, services and system architecture.Awareness of Zellis 3rd parties (customers, suppliers, and partners)Good working knowledge of the procedures and tools used within the security practice.Essential Functional / Technical SkillsRecognised qualification in relevant technical discipline; or the equivalent combination of education; professional training and minimum 3 years work experience in a similar role.Understands current and emerging Security practices and standards; including ISO27001:2013/2022, CSA, Cyber Essentials, and NIST principles.Understanding of emerging technologies and general network and infrastructure knowledge.Cyber-security knowledge across multiple practices, including Threat Management and Security Operations.Personal Attributes / CompetenciesMust have excellent communication skills and be a team player.Must be able to take ownership of issues, be pro-active and be accountable.Must have the ability to be creative, be able to consider the state of the art, the costs of implementation and the nature, scope, context, and purposes of processing, balanced against the varying likelihood and severity of risk.Must be effective and be able to demonstrate the ability to make it count, ensuring that actions create positive outcomes.Key Financial MeasuresFinancial impact of Security Issues and IncidentsKey Projects / Activities Managed (Identify impact, effort, cost, time invested)Own all security response activities.Develop incident response plan and play books.Must complete annual compliance training with a pass level of 95% or better.DECISION MAKING AUTHORITYCan work alone and make simple workflow decisions.Prioritisation of workZellis:Zellis is the leading provider of payroll and HR solutions for the UK & Ireland. Together with Benefex and Moorepay we form the Zellis Group, serving a vast array of companies across every vertical and industry. Our purpose is to make people feel appreciatedfor the work they do - through precision, choice, and magic.We have over 50 years of heritage and industry experience - and we’ve been ahead of the curve throughout. More than half a century ago, we were founded as Peterborough Data Processing. Quite a lot has changed since then - not least our name. We were acquiredby Northgate, becoming NorthgateArinso in 2007 and NGA Human Resources UK and Ireland in 2014, where we were joined by Moorepay. In 2018, the UK and Ireland division was sold to Bain Capital and now we operate as a standalone company, Zellis. After acquiringBenefex, we’re now even better equipped to serve the complex needs of our customers.Our vision is to be the clear leader in pay, reward, analytics, and people experiences. We’re proud of our culture and we work hard to create an environment where people want to join, belong to, and be part of a progressive organisation. Our values, whichwere defined with input from all of our 2,000 colleagues, are not empty words on a poster: