Information Security Analyst - Isle of Man

Our client seeks an Information Security Analyst.

Role Profile:
To provide governance and control of IT security; to define the security controls needed in order to ensure that information remains secure; to ensure that the effectiveness of the controls, and agreed performance indicators, are monitored (and clearly evidenced); and to ensure that any security breaches are quickly identified and rectified.
- You will need to understand the potential for security gaps in controls.
- Be ever vigilant and reactive should the need arise, but be proactive in gathering information that will help them to identify potential threats.
- To cultivate a range of sources and be able to quickly identify those that could represent a real threat to the organisation.
- When security incidents arise they need to ensure that solutions are quickly applied and effective, carefully following up on any longer term gaps.
- Ongoing checking of controls needs to be rigorous and accurate; the job holder needs to be firm on any weaknesses that may bring them into conflicts with their colleagues.
- Excellent ability to grasp and understand technical details such as technical configurations.

Key Responsibilities:
Policy & Standards
- Developing and maintaining organisational security policies, standards and processes using recognised standards (such as the ISO 27000 family) where appropriate
- Providing advice on the interpretation of policy
- Undertaking a gap analysis against relevant external policies, standards and guidelines, and initiating remedial action where appropriate

Information Security Strategy:
- Balancing cost against security risk for the business
- Interpreting external requirements and standards in terms relevant to an organisation
- Balancing technical, physical, personnel and procedural controls to address information risks in the most effective way

Legal & Regulatory Environment:
- Familiar with legal and regulatory requirements that could affect organisation security policies, and where to turn for specific detail as needed
- Relating the legal and regulatory environment within which the business operates to the risk management and security strategy tasks
- Ensuring security policies comply with all personal data protection laws and regulations relevant to the business
- Ensuring security policies support compliance with corporate governance practices

Secure Operations Management:
- Establishing processes for maintaining the security of information throughout its existence
- Establishes and maintains Security Operating Procedures (SyOPs) in accordance with security policies, standards and procedures
- Coordinating penetration testing on information processes against relevant policies
- Assessing and responding to new technical, physical, personnel or procedural vulnerabilities
- Managing implementation of information security programmes, and coordinating security activities across the organisation
- Monitoring processes for violations of relevant security policies (e.g. acceptable use, security, etc.)

Vulnerability Assessment:
- Analysing internal problem reports for signs of anomalous security issues
- Monitoring, collating and filtering external vulnerability reports for organisational relevance, ensuring that relevant vulnerabilities are rectified through formal change processes
- Engaging with the Change Management process to ensure that vulnerabilities are mediated
- Ensuring that disclosure processes are put in place to restrict the knowledge of new vulnerabilities until appropriate remediation or mitigation is available
- Producing warning material in a manner that is both timely and intelligible to the target audience(s)

Incident Management:
- Engaging with the overall organisation Incident Management process to ensure that security incidents are handled appropriately
- Defining and implementing processes and procedures for detecting breaches of security policy
- Defining and implementing processes for carrying out investigations into breaches of security policy
- Establishing and maintaining a Computer Security Emergency Response Team or similar to deal with breaches of security policy
- Co-ordinating the response to a breach of security policy
- Providing a full security response where third parties, managed service providers, etc. are involved

Key Skills and Experience:
- Degree level education.
- Ensures that work is accurate and well presented, that customer care is given priority above all else and that in both areas effort is made to exceed the minimum standard required. Shows concern for detail no matter how small.