The IT Security Analyst will undertake daily operational activities particularly around vulnerability management, incident response assistance, IT change approvals and participating in development projects and initiatives, ensuring they meet acceptable and compliant security standards and information and cyber security risk is appropriately managed. The Information Security Analyst will impact on all the key domains of information security, with a particular emphasis on Payment Cardholder Industry Data Security Standard (PCI DSS) and Personally Identifiable Information (PII).
For this they are offering a number of benefits for the ideal IT Security Analyst
Competitive salary: £55,000 – £58,000
* Pension Plan
* Employee Referral Scheme
* Life Assurance: 3 x your salary
* Employee Assistance Programme (EAP):
* Health cash plan:
* Private Medical Insurance
* Private Health Insurance
* Additional Holiday through Salary Sacrifice: Where it is operationally possible you will have the opportunity to request up to 10 days additional leave –
* The Travel Bar: This scheme is all about opportunities to make your money go further – you can save up to £1,000 per year on your everyday and exceptional shopping and services.
* Childcare Vouchers
* Cycle to Work
* Season Ticket Loan
* Long Service Recognition: It may seem like a long way ahead, but we believe that it is important to thank everyone for their contribution to the success of our business. Please contact your local HR team for more information.
* Payroll Giving
* Discounted travel opportunities
Main responsibilities of the Security Analyst
- Developing and maintaining the in-house vulnerability management capability, implementing vulnerability scanning, reporting on risk exposure and provide risk prioritized remediation advisories and tracking progress.
- Assist in the development of the Information Security Management System (ISMS).
- Coordinate penetration tests with penetration testing partners, IT and Development teams, acting as key point of contact for all security activities and advisories in relation to remediation and mitigation.
- Implementing security controls in compliance with legislation and regulatory frameworks (eg DPA, PCI-DSS, HIPPA) and the Group Information Security Policies.
- Implementing security methodologies and industry standards (eg ISO27001, NIST, SANS)
- Identifying and prioritising IT and security compliance risks and recommend appropriate mitigating controls.
- Conduct risk assessments of changes, projects, programmes, services.
- Provide recommendations to manage information security risk which will include aligning projects to policies & standards.
- Assist with developing and reviewing corrective action plans to address the root cause and prevent reoccurrences of compliance issues.
- Undertake security gap analysis internally, of third parties and other partners.
- Providing IT Security and compliance awareness.
What the IT Security Analyst needs:
- Exposure to multi-tier, web based and cloud based IT architectures
- Knowledge of security technologies (eg AV, SIEM, IAM, IPS, F/W, SSO, DLP)
- Knowledge of security assessment frameworks (eg threat modelling, controls assessment, risk assessment)
- Experience in provide initial investigations of security incidents, escalating issues where necessary
- Experience with security information management tools
- Experience within security assessment tools particularly vulnerability scanning tools, SIEM, DLP and NAC.
- Minimum 2 years’ experience in an active IT security role
- Working knowledge and experience of the ITIL framework
- Experience in developing, managing and improving operational risk and compliance processes
- Excellent communicator, both written and spoken
- Ability to deal with ambiguity and rapid change
- Ability to manage conflicting priorities, multitask and meet tight deadlines
- Ability to work under pressure
- Team oriented
- Experience working within a team environment delivering projects for production systems
Knowledge of PCI DSS and PII (GDPR) requirements a benefit.