Senior Information Security Analyst
Recruiter
Listed on
Location
Type
This job has now expired please search on the home page to find live IT Jobs.
My Client based in London requires a Senior Information Security Analyst
Job Purpose
The Senior Information Security Analyst works closely with project teams, including architects, technical and business owners to ensure that business projects are delivered securely, protecting customer and employee data and ensuring compliance with the Information Security policies and standards.
In addition, the analyst works as the PCI SME, working with our QSA, the business and technical teams
A strong assurance and technical background coupled with an in-depth knowledge of security systems and relevant regulations and legislation to assist in maintaining the confidentiality, integrity and availability of the company's products and systems.
As a member of the Information Security team, the Senior Information Security Analyst will work in a team of experienced and supportive information security & data privacy analysts and Business Security Manager by assisting in escalations for problems and supporting them through to resolution.
They will be expected to perform and deliver consistently to time and quality targets in a continuously changing, complex environment.
The Senior Information Security Analyst will identify, analyse and evaluate information risks and check compliance of project deliverables with: applicable regulations, standards, policies and guidance on information risk management.
To maintain and improve appropriate and proportionate documentation to inform risk management decisions, ensuring these are expressed in terms meaningful to the business.
Accountability
Provide end to end engagement on a wide range of business projects ensuring that security is built in by design, they deliver securely and customer and employee data is protected
Attend project meetings and represent Information Security, providing advice as required
Review architectural and design documents
Assess and mitigate system security threats/risks and recommend controls throughout the project life cycles
Articulate risk in technical and non-technical terminology so that it can be interpreted by Information Technology and business individuals
Define Information Security requirements for each project and ensure that they are fulfilled prior to going into service; ? Scope, arrange and support penetration testing and vulnerability testing and track remediation to a close; on time and on budget
Carry out PCI impact assessments on projects where appropriate
Work closely with the wider architecture and development teams to ensure security is built into products as per security requirements
Support assessments of the security controls in place across third party suppliers against JLP information security policies and standards. Ensure that suppliers operate in a way that does not introduce additional or unnecessary risk to the business
Agreement on acceptable risk treatment options for projects and changes articulation of Info-sec risks to the project via formal risk reports, communicating risks to relevant stakeholders and updating the risk register
Scoping of infrastructure and application penetration tests and sharing and communicating the outcome of the pen-test, discussing remedial actions and their ownership with stakeholders and tracking remediation
Helping conduct triage of vulnerability reports
Nature and Scope
Provide task guidance to colleagues / team
Exercise substantial personal responsibility and autonomy
Plan and deliver own work (including sequencing) to set targets and timelines
Consistently identify problems early and resolve them
Perform a broad range of complex activities, in a variety of contexts/environments
Demonstrate ability to prioritise successfully and manage simultaneous demands
Demonstrate flexibility and resilience in day to day work
Operate effectively in the face of challenges / sensitivities of the organisation
Advise others in how to apply business process and policy
Demonstrate understanding of issues in own operational / project environment
Consistently identify, assess and manage risk
Essential
Qualifications
BA/BS degree, or equivalent experience, security qualifications and accreditation appropriate to the region.
Experience
Strong End to End Information Security Project Assurance experience
Strong risk management knowledge and experience
Experience of Information security and compliance standards e.g. PCI DSS, ISO 27001, SABSA, COBIT, DPA/GDPR etc
Wide ranging knowledge of Information Security and IT Security frameworks, standards and application of best practice
Keeping up to date with industry trends, new threats and changes in the security landscape
Desirable
Qualifications
Professional IT Accreditations (CISM, CCSA, CCSE, JNCIA, CCNA, CISSP, CCIE Security)
Experience
Experience with security practices such as security incident response and risk management.
Experience with a broad range of security technologies, including NextGen Firewalls, DLP, NAC, IDS/ IPS, IdAM, Certificate Management, SIEM, Endpoint Protection, Anti-malware, vulnerability management.