IT Security Analyst
- Recruiter
- RES
- Location
- Hertfordshire
- Salary
- Negotiable
- Posted
- 28 Nov 2018
- Closes
- 18 Dec 2018
- Sectors
- Accountancy
- Contract Type
- Permanent
- Hours
- Full Time
The role will sit in the IT department and is a direct report to the Global IT Security Manager (ITSM) who is based in the UK at King's Langley, to assist with ITSM's responsibility for assessing information, cyber and technology driven risks and drive the remediation of identified vulnerabilities across RES Group environments. The analyst role will be varied and broad as it needs to cover both operational security related tasks associated with day to day security incidents and management of the security queue as well as assisting with development of the security roadmap to raise the level of security maturity that the company is operating at over time.
Assess information risk and facilitate remediation of identified vulnerabilities within the RES Group network, systems and applications. Reports on findings and recommendations for corrective action. Proactively perform assessments using security tools and methodologies. Perform assessments of the security/risk posture within the IT network, systems and software applications, in addition to assessments of vendor access requirements. Identify opportunities to reduce risk and document remediation options regarding acceptance or mitigation of risk scenarios. Provide regular project status reports, including outstanding issues.
There is potential to split the role into two part-time roles if an exceptional candidate looking for a part time role applied; RES is passionate in the development of its staff to reach their potential and believes in the benefits of having a diversified workforce;
Key Accountabilities
- Management of the IT security queue outstanding tickets
- Address security related questions directly from internal staff and stakeholders.
- Develop and implement policies, procedures and standards that meet existing and new regulatory requirements.
- Facilitate security/risk and threat awareness training for the RES Group.
- Deliver security projects as allocated relating to Access Control, Security Infrastructure & compliance risks;
- Assist infrastructure, architecture and business systems with requirements, analysing needs from a security perspective. Ensure good design practice and implementation to meet security assurance requirements.
- Contribute to change management board on technical and process changes impacting security risk.
- Supervision of all endpoint security software.
- Promote awareness of applicable standards, upstream risks and industry best practices; GDPR, etc. Supporting RES Group subsidiary businesses in ten countries including in Australia and in USA
Knowledge
This role is a hands-on role, as you will be the primary security analyst resource to support the ITSM. The IT security analyst role will suit someone with broad experience and knowledge across multiple security domains better than someone with deeper knowledge that is restricted to a narrower set of topics and will suit someone who is used to working in less regulated environments or with experience of working in a smaller team set-up;
As much of the externally driven threats to the organisation arrive via E-mail borne attacks such as phishing and BEC you will require knowledge and experience of dealing with users reporting suspicious emails and be capable of helping to shape and deliver a security awareness programme aimed at making users better aware of these threats;
You will require knowledge of some of the litany of security standards that have been published and be aware of privacy and assurance regulations such as GDPR.
Knowledge of ICS & SCADA specific security issues associated with Operational Technology networks would be a bonus as would be any previous experience of handling a data breach or ransomware incident.
Skills
• You must be a self-starter with initiative and a strong work ethic
• Proven ability to engage, build strong relationships, influence and partner with stakeholders across functions and geographies.
• Credible and capable; able to quickly build the confidence of colleagues and be seen as a team player.
• Determined, with a drive to deliver outstanding results.
• Passionate about security and how the enterprise can be protected
• A dynamic individual, with strong, proven delivery skills. Happy to take accountability.
• Excellent verbal and written communication skills and able to communicate with both technical and non-technical staff alike bearing in mind the audience for a given message and how best to convey it; • Not afraid to challenge and/or escalate as appropriate
• This role requires regular and timely delivery and performance to meet workload demands
Qualifications
Essential
• Degree from an accredited university or a technical qualification or certification, with appropriate work experience.
• As a minimum this role will require an up to date security qualification if the degree is not in computing and information security.
Assess information risk and facilitate remediation of identified vulnerabilities within the RES Group network, systems and applications. Reports on findings and recommendations for corrective action. Proactively perform assessments using security tools and methodologies. Perform assessments of the security/risk posture within the IT network, systems and software applications, in addition to assessments of vendor access requirements. Identify opportunities to reduce risk and document remediation options regarding acceptance or mitigation of risk scenarios. Provide regular project status reports, including outstanding issues.
There is potential to split the role into two part-time roles if an exceptional candidate looking for a part time role applied; RES is passionate in the development of its staff to reach their potential and believes in the benefits of having a diversified workforce;
Key Accountabilities
- Management of the IT security queue outstanding tickets
- Address security related questions directly from internal staff and stakeholders.
- Develop and implement policies, procedures and standards that meet existing and new regulatory requirements.
- Facilitate security/risk and threat awareness training for the RES Group.
- Deliver security projects as allocated relating to Access Control, Security Infrastructure & compliance risks;
- Assist infrastructure, architecture and business systems with requirements, analysing needs from a security perspective. Ensure good design practice and implementation to meet security assurance requirements.
- Contribute to change management board on technical and process changes impacting security risk.
- Supervision of all endpoint security software.
- Promote awareness of applicable standards, upstream risks and industry best practices; GDPR, etc. Supporting RES Group subsidiary businesses in ten countries including in Australia and in USA
Knowledge
This role is a hands-on role, as you will be the primary security analyst resource to support the ITSM. The IT security analyst role will suit someone with broad experience and knowledge across multiple security domains better than someone with deeper knowledge that is restricted to a narrower set of topics and will suit someone who is used to working in less regulated environments or with experience of working in a smaller team set-up;
As much of the externally driven threats to the organisation arrive via E-mail borne attacks such as phishing and BEC you will require knowledge and experience of dealing with users reporting suspicious emails and be capable of helping to shape and deliver a security awareness programme aimed at making users better aware of these threats;
You will require knowledge of some of the litany of security standards that have been published and be aware of privacy and assurance regulations such as GDPR.
Knowledge of ICS & SCADA specific security issues associated with Operational Technology networks would be a bonus as would be any previous experience of handling a data breach or ransomware incident.
Skills
• You must be a self-starter with initiative and a strong work ethic
• Proven ability to engage, build strong relationships, influence and partner with stakeholders across functions and geographies.
• Credible and capable; able to quickly build the confidence of colleagues and be seen as a team player.
• Determined, with a drive to deliver outstanding results.
• Passionate about security and how the enterprise can be protected
• A dynamic individual, with strong, proven delivery skills. Happy to take accountability.
• Excellent verbal and written communication skills and able to communicate with both technical and non-technical staff alike bearing in mind the audience for a given message and how best to convey it; • Not afraid to challenge and/or escalate as appropriate
• This role requires regular and timely delivery and performance to meet workload demands
Qualifications
Essential
• Degree from an accredited university or a technical qualification or certification, with appropriate work experience.
• As a minimum this role will require an up to date security qualification if the degree is not in computing and information security.