Senior Information Security Analyst

Description

Key responsibilities of the role include: 

• Security and compliance monitoring, threat analysis and incident management for the company’s information and physical assets. 

• Supporting the operation and continuous improvement of the organisations Information Security Management System. 

• Ensuring appropriate security controls and monitoring are in place across the organisation in line with ISO 27001:2022, CIS Control and OWASP frameworks. 

• Working closely with our development teams to implement appropriate controls integrated within DevOps processes and CI/CD pipelines across our application environments. 

• Supporting our clients in their risk assessment and due diligence activities as they evaluate the security controls for our products. 

• Supporting our own internal risk assessments activities as we engage and review vendors and suppliers. 

• Leading our vulnerability management program, collaborating with key application and infrastructure stakeholders. 

• Supporting the remediation of penetration test, client audit and incident activities. 

• Supporting our internal audit program. 

• Collating, analysing and publishing key information security performance metrics to support the continuous improvement of the Information Security Management System. 

• Documentation in the form of information security policies and process authoring and review. 

• Management and delivery of the employee education and awareness program. 

Requirements

• Degree (2:1 or above) 
• In depth understanding of the ISO27001 framework and ISO27002 control set. 
• Good knowledge of secure coding practices and the OWASP principles 
• Good understanding of the software development process, ALM procedures and change control 
• Good knowledge of security controls including technical solutions such as IDS, IAM, Encryption, Least privilege, Asset management solutions 
• Understanding of related best practice standards such as SSAE16, PCI-DSS, ISO9001, Business Continuity 
• Current security professional certification is desirable. One or more of the following SSCP, CCSP, CISSP, IISP membership. Or similar certifications 

Experience 

• At least 2 years’ experience in a relevant information security role 
• Experience of the software development lifecycle in particular Agile techniques 
• Experience of working with DevOps and CI/CD practices is desirable 
• Experience of data analytics either in solution delivery or use of analytics in an information security setting 
• Experience of formal risk and impact assessment 
• Monitoring against policies and production of Reports on Compliance (ROC) 
• Design and delivery of security awareness training programs 
• Experience of incident management procedures and working knowledge of SIEM solutions 
• Any experience with cloud based products such as Amazon Web Services or Microsoft Azure would be desirable but not essential 

Other skills 

• Excellent written and verbal communication 
• A proven self-starter 
• Innovative & creative in finding solutions 
• Able to pick up ideas quickly & with a desire to learn 
• Good communicator

Benefits

• Hybrid working - 1 days a week in the London office 
• Wellbeing: Sanctus Coaching, Virtual fitness sessions, Wellbeing webinars, Annual Wellbeing day 
• Subsidised Gym Membership 
• Private Medical Insurance (including Dental and Vision) and Life Assurance 
• 25 days holiday (increasing to 30 days at a rate of 1 extra day per year) 
• Summer Fridays (half-day Fridays for the months of July and August) 
• Employer pension contribution of 5% of your gross salary, if you contribute a minimum of 3% 
• Season ticket Loan 
• Cycle to Work Scheme 
• Annual Discretionary Bonus 
• Eligible for Transaction Bonus