We are looking for a Security Analyst for an initial 3-6 month contract. This role will fall Inside IR35.
You will be focused on driving improvements to the security posture against common best practices and standards, specifically ISO27001, GDPR, and the NIST cyber security framework. You will help to nurture a security culture and continuous improvement ethic amongst colleagues, whilst providing hands on guidance for teams enabling them to improve.
This role will suit someone with information security experience who has previously worked within ISO 27001/2 information security management system (ISMS) looking to further develop a career in information security.
Tasks and Responsibilities
- Accountable for supporting the ongoing development and management of the suite of information security policies and standards.
- You'll be able to work with a multitude of stakeholders spread across the world to provide advice and support in improving security and promoting awareness.
- Support the client hands on in achieving security accreditations such as ISO27001, Cyber Essentials and PCI-DSS.
- You'll have proven experience in monitoring risk and treatment within the ISO 27001 standard, and providing regular status reports.
- You'll be comfortable conducting control checks against policies and standards of both technology environments and business processes.
- You will be collaborating with our business units, internal audit, general counsel and leadership to develop and maintain to support assessment of risk and controls across our information systems.
- Skilled in writing a range of documentation, relevant for the business, ranging from processes and procedures to reports, standards and frameworks.
- Plan and create security awareness training materials to enhance corporate and personal security postures.
- Support the business in the provision of third party assurance reviews.
Collaboration and Effective Communication
- You will be calm and collected in high pressure situations, able to navigate through technology and security problems to find a root cause or balanced outcome.
- Communicate regularly with the Service Delivery managers and Service Delivery team members.
- Ensure that the IT Security documentation is maintained and updated regularly as required.
Experience of working in a diverse Global Company;
- Have a level of technical understanding and skills; able to walk through network and system to identify risks and able to understand the risk impact to the business.
- Experience in an information security risk management capacity; specifically, with hands on knowledge of risk identification, recording, tracking, response and reporting.
- Knowledge of Azure and Microsoft Security and technology services.
- Knowledge of applying CIS benchmark policies in Azure & O365.
- Experience with Security frameworks, ISO 27001, Cyber Essentials, NIST, PCI.
- Experience with O365 security & compliance platforms.
- Experience of investigating security issues/incidents.
Qualifications and Specialist Skills - Desirable
- ISO27001 Foundation, GDPR Foundation
- IT Management Certification (ITIL or similar)
- Project Management Certification (PRINCE or similar)
- Good communication skills and ability to articulate subjects clearly;
- Proven analytical and problem-solving skills;
- Strong documentation skills;
- Organized, methodical and self-motivated;
- Keeping abreast of industry trends and security technologies.