Cyber Security Analyst

This job has now expired please search on the home page to find live IT Jobs.

MAIN PURPOSE OF JOB: You will support the Cyber Security Manager by providing Security Leadership whilst working with stakeholders across various IT functions and 3rd party vendors to improve our security posture. In addition, you will play a key role in evaluating threats to the environment and broader threat landscape while showing initiative to develop new security measures to protect SThree and its data. Key Points: * To provide Cyber Security guidance to the business and technical communities at SThree, as well as the support and operation of security capabilities covering people, processes and technology.* Performs security risk and business impact analysis for SThree's information systems.* To identify and manage risks arising from potential or proposed solutions while working collaboratively with technical teams and architecture to design alternate controls or countermeasures that align with SThree's security policies, standards and industry best practices to mitigate identified risks.* Investigate potential cyber security incidents, suspected attacks and broader security incident management. ROLE REQUIREMENTS: Please note your job and role title may be changed subject to operational requirements. Key Responsibilities- Assurance and Due Diligence : Conducts security control reviews and security assessments of information and infrastructure components. Investigates and assess risks and recommend remedial action. Vulnerability and Risk Management: Conduct risk, vulnerability and business impact assessments and analyses across SThree's information systems. Legal and Regulatory Compliance: Contribute to compliance reviews while assessing compliance with legal and regulatory frameworks and requirements. Network Security: Assess the implications of improper use and breaches of privileges or corporate policy. Recommends appropriate action. Security expertise: Explains the purpose and provides advice and guidance on the application and operation of elementary physical, procedural and technical security controls (for example, the key controls defined in IS27002). Communicates information assurance risks and requirements effectively to users of systems and networks. Threats and breaches: Investigates suspected attacks and undertakes the resolution of security incidents by established procedures, including incident management procedures. Reports on findings and lessons learnt/improvement actions. Security architecture and the security program: Works with architecture, digital project management and the information security manager to deliver elements of the security roadmap and system architectures. PERSON SPECIFICATION- Knowledge & Experience, Key Competencies & Qualifications relevant to the Role Skills, Knowledge & Experience: * Familiarity with least privilege and zero trust principles.* Knowledge of common threats and vulnerabilities that impact hardware, software and relevant strategies, controls, and activities to prevent or mitigate.* Ability to articulate security deficiencies as risks, state their impact, and identify compensating controls.* Experience in authoring or reviewing cyber security policies, standards and procedures.* Experience or demonstrable understanding of cyber security risks within supply chains and associated assessment approaches to identifying and managing said risks.* Experience in undertaking cyber security risk assessments at a system and/or enterprise level and managing formal risk remediation activities.* Demonstrable strong technical experience combined with good delivery planning and communication skills.* Knowledge of data privacy standards and legislation, including but not limited to DPA 2018 and GDPR.* Network security and threat mitigation, including physical, electronic, firewalling, encryption, access control and authorisation; protecting data at rest and in transit; defending against viruses and malware; the impact of Big Data; and integrating robust security controls into enterprise services and policies. Non-Essential Skills, Knowledge & Experience: * Experience in operating independently, delivering cyber security projects such as assessment, gap analysis, architecture design and or implementation of any of the following:o ISO27001o PCI DSSo NCSC CAFo CISo OWASP SAMMo NIST CSF Qualifications: * College diploma or university degree and/or three years equivalent work experience. One or more of the following certifications: o Certified Ethical Hacker (CEH)o CISSP Certified Information Systems Security Professionalo ISSMP - Information Systems Security Management Professionalo Certified Information Security Manager (CISM)o Certified in Risk and Information System Controls (CRISC)o Certified ISO27001 Practitionero Certification of the Business Continuity Institute (CBCI)o Advanced Security Practitioner - CASPo CompTIA Security+o CompTIA Networking+ Apply with an updated CV.SThree are committed to ensuring equal opportunities, fairness of treatment, dignity, work-life balance and the elimination of all forms of discrimination in the workplace for all staff and job applicants.