Our client are leading the way in energy delivery and are looking for an experienced Information Security Assurance Analyst to join their fantastic team.
Information Security Assurance Analyst
* Perform a threat modelling exercise of all projects and provide mitigating cyber security requirements to help ensure the secure delivery of compliant systems, applications and business processes
* Review both high/low level architecture definition documents for compliance against security policies, standards and regulatory requirements, defining Cyber non-functional requirements
* Attend Technical Design Authority (TDA meeting to provide security signoffs
* Work within the Security Assurance team consisting of security assurance analyst / consultants providing thought leadership across several assurance functions, and helping smooth engagements with project delivery teams
* Perform cyber security risk assessments, compliance checks, audits and reviews to ensure that appropriate security controls are in place and highlight any deficiencies and gaps for management consideration.
* Provide support in scoping and overseeing pen tests and re-tests. Review recommendations and collaborate with the relevant teams to support remediation efforts.
* Provide cyber security assurance activities by ensuring implemented solutions are a replica of agreed and approved architecture definition documents, helping to facilitate penetration testing, whilst providing security advice and guidance.
* Support to management, BAU and projects to comply with legal and regulatory requirements
* Where required, propose solutions and coordinate delivery of mitigating actions to ensure risk levels are aligned with risk appetite.
* Perform compliance checks to ensure Cyber Security controls are operating as designed.
* Ensure security assurance processes and procedures are followed and evidence retained for regulatory and audit purposes
* Provide relevant updates to monthly CNI and governance forums
* Provide relevant input to security reports to execs, shareholder and the board
* Support regulatory reporting
* Support regulatory inspections, internal and external audits and remediation of findings
* Ensure identified issues and risks resulting from security assurance activities are appropriately managed, providing visibility to senior leaders of high-risk areas
* Support the CISO and wider cyber management team
* Build and maintain relationships with key stakeholders, including the PMO and delivery teams, IT Operations and product groups, Architecture and third-party security providers.
WHAT YOU’LL BRING
* The individual should be educated to degree level in a relevant discipline. Must be CISM/CISSP/CCSP/TOGAF/CRISC/AWS Solution Architect or equivalent certified or willing to undergo certification on the job.
* Must have Security Clearance or be eligible for security cleared
* Must have experience in Cloud (IaaS, Paas, SaaS)
* Must have proven expertise in three of the following security areas: identity and access management, network security, end user security, threat modelling, Security Risk and Compliance, penetration testing,
* Must have at least 3 years’ cyber security experience
* Good understanding and practical experience of Cyber Security Frameworks and standards such as NCSC CAF, NIST Framework, ISO 27001, ISO27005, IEC62443 etc.
* Good understanding of Cyber Assurance Framework and experience with working with Regulators and providing compliance updates
Skills that will help you in the role:
* Knowledge and experience on IT Auditing/Control testing, IT Information Security and IT generic computing controls
* Knowledge of technology risk and controls including relevant tools and techniques
* Knowledge of key areas in technology risk, including operations, change, security, resilience at both application and infrastructure layers
* The suitable candidate must be a highly motivated individual.
* A proven track record as a cyber security subject matter expertise in this or other organisations is a prerequisite requirement.
* The role will require a significant attention to detail and ability to work with both a strategic, Director level as well as working with subject matter experts on detailed design issues and application, integration and data modelling.
* The successful candidate will be required to be an excellent communicator and not averse to dealing with conflict management and decision making on a regular basis.
* Desirable experience in Vulnerability Assessment and Management, Cloud Security Architecture, Application Security, Security Operations Centre and Investigations, Incident Management and Security Engineering
#J-18808-Ljbffr