Job Specifications
Our client are leading the way in energy delivery and are looking for an experienced Information Security Assurance Analyst to join their fantastic team.
Information Security Assurance Analyst
Perform a threat modelling exercise of all projects and provide mitigating cyber security requirements to help ensure the secure delivery of compliant systems, applications and business processes
Review both high/low level architecture definition documents for compliance against security policies, standards and regulatory requirements, defining Cyber non-functional requirements
Attend Technical Design Authority (TDA meeting to provide security signoffs
Work within the Security Assurance team consisting of security assurance analyst / consultants providing thought leadership across several assurance functions, and helping smooth engagements with project delivery teams
Perform cyber security risk assessments, compliance checks, audits and reviews to ensure that appropriate security controls are in place and highlight any deficiencies and gaps for management consideration.
Provide support in scoping and overseeing pen tests and re-tests. Review recommendations and collaborate with the relevant teams to support remediation efforts.
Provide cyber security assurance activities by ensuring implemented solutions are a replica of agreed and approved architecture definition documents, helping to facilitate penetration testing, whilst providing security advice and guidance.
Support to management, BAU and projects to comply with legal and regulatory requirements
Where required, propose solutions and coordinate delivery of mitigating actions to ensure risk levels are aligned with risk appetite.
Perform compliance checks to ensure Cyber Security controls are operating as designed.
Ensure security assurance processes and procedures are followed and evidence retained for regulatory and audit purposes
Support continued service improvement activities
Provide relevant updates to monthly CNI and governance forums
Provide relevant input to security reports to execs, shareholder and the board
Support regulatory reporting
Support regulatory inspections, internal and external audits and remediation of findings
Ensure identified issues and risks resulting from security assurance activities are appropriately managed, providing visibility to senior leaders of high-risk areas
Support the CISO and wider cyber management team
Build and maintain relationships with key stakeholders, including the PMO and delivery teams, IT Operations and product groups, Architecture and third-party security providers.
WHAT YOU’LL BRING
The individual should be educated to degree level in a relevant discipline. Must be CISM/CISSP/CCSP/TOGAF/CRISC/AWS Solution Architect or equivalent certified or willing to undergo certification on the job.
Must have Security Clearance or be eligible for security cleared
Must have experience in Cloud (IaaS, Paas, SaaS)
Must have proven expertise in three of the following security areas: identity and access management, network security, end user security, threat modelling, Security Risk and Compliance, penetration testing,
Must have at least 3 years’ cyber security experience
Good understanding and practical experience of Cyber Security Frameworks and standards such as NCSC CAF, NIST Framework, ISO 27001, ISO27005, IEC62443 etc.
Good understanding of Cyber Assurance Framework and experience with working with Regulators and providing compliance updates
Skills that will help you in the role:
Knowledge and experience on IT Auditing/Control testing, IT Information Security and IT generic computing controls
Knowledge of technology risk and controls including relevant tools and techniques
Knowledge of key areas in technology risk, including operations, change, security, resilience at both application and infrastructure layers
The suitable candidate must be a highly motivated individual.
A proven track record as a cyber security subject matter expertise in this or other organisations is a prerequisite requirement.
The role will require a significant attention to detail and ability to work with both a strategic, Director level as well as working with subject matter experts on detailed design issues and application, integration and data modelling.
The successful candidate will be required to be an excellent communicator and not averse to dealing with conflict management and decision making on a regular basis.
Desirable experience in Vulnerability Assessment and Management, Cloud Security Architecture, Application Security, Security Operations Centre and Investigations, Incident Management and Security Engineering